sqlx icon indicating copy to clipboard operation
sqlx copied to clipboard
verified publisher icon jmoiron

Do not return connection string in error on failure to parse user info

Open hak33m16 opened this issue 1 year ago • 0 comments

Currently, if the user info fails to get parsed correctly out of the URL, the entire contents is returned back. This is problematic because many people such as myself log these error messages, and rely on them for debugging. In this case, my database username and password were logged

I ran into this because I accidentally included a space before my password:

db, err := sqlx.Connect("postgres", conf.DBURL)
if err != nil {
    panic(fmt.Errorf("failed to initialize db connection: %w", err))
}

panic: failed to initialize db connection: parse "postgres://dummy_user: <redacted>@dummywebsite.com:12241/dummy_db": net/url: invalid userinfo

goroutine 1 [running]:
main.main()
 /workspace/main.go:43 +0xeee
exit status 2

I would have just expected a message saying invalid userinfo in which case I would have manually inspected the secret and noticed the issue

hak33m16 avatar Oct 28 '24 18:10 hak33m16