pgdriver.WithDSN panic when password contains a '#' and at least one letter before '#'

Question

pgdriver.WithDSN panic when password contains a '#' and at least one letter before '#'

zhuyanxi opened this issue 7 months ago · comments

My PostgreSQL's password has a character '#'
(my dsn sample: postgres://postgres:1A#34@localhost:5432/postgres?sslmode=disable)

And I see pgdriver.WithDSN calls url.Parse() which will cause this error: parse "postgres://postgres:1A": invalid port ":1A" after host

The panic stack is:

panic: parse "postgres://postgres:1A": invalid port ":1A" after host

goroutine 1 [running]:
github.com/uptrace/bun/driver/pgdriver.WithDSN.func1(0xc0001ad040)
	C:/Users/yxzhu/go/pkg/mod/github.com/uptrace/bun/driver/pgdriver@v1.1.16/config.go:191 +0x1d2
github.com/uptrace/bun/driver/pgdriver.NewConnector({0xc00051dc28, 0x1, 0x1})
	C:/Users/yxzhu/go/pkg/mod/github.com/uptrace/bun/driver/pgdriver@v1.1.16/driver.go:76 +0xf1

dyma solovei · Answer 1 · Wed Nov 29 2023 21:39:30 GMT+0800 (China Standard Time)

As per documentation, the DSN should be a valid URL:

The connection URI needs to be encoded with percent-encoding if it includes symbols with special meaning in any of its parts. Here is an example where the equal sign (=) is replaced with %3D and the space character with %20:

There are many guides online for URL-encoding a string in Golang and this simple change should fix your issue:

password := "invalid#pwd"
pgdriver.WithDSN(fmt.Sprintf("postgres://postgres:%s@localhost:5432/postgres?sslmode=disable", url.QueryEscape(password)))

IMO, ensuring the validity of the URL should be the client code's responsibility.

zhuyanxi · Answer 2 · Thu Nov 30 2023 20:25:38 GMT+0800 (China Standard Time)

As per documentation, the DSN should be a valid URL:

The connection URI needs to be encoded with percent-encoding if it includes symbols with special meaning in any of its parts. Here is an example where the equal sign (=) is replaced with %3D and the space character with %20:

There are many guides online for URL-encoding a string in Golang and this simple change should fix your issue:
password := "invalid#pwd"
pgdriver.WithDSN(fmt.Sprintf("postgres://postgres:%s@localhost:5432/postgres?sslmode=disable", url.QueryEscape(password)))
IMO, ensuring the validity of the URL should be the client code's responsibility.

Oh, sorry, I made a stupid mistake. I forgot to escape the dsn string.
Everything is fine now, thank you so much. Wish you a good day.