SQL: fix handling of escaped chars in JDBC connection string #58429
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit fixes an issue emerging when the connection string URI contains escaped characters. The original URI is pre-parsed in order to re-assemble a new URI having the optional elements filled in with defaults. The new URI has been using however the unescaped query and fragment parts. So if these contained any escaped `&` or `=` (such as in the password option value), the unescaping would reveal them and make them later interfere with the options parsing. The commit changes that, so that the new URI be built from the unescaped "raw" parts of the original URI.
|
@elasticmachine update branch |
|
@elasticmachine run elasticsearch-ci/default-distro |
|
@elasticmachine update branch |
|
Pinging @elastic/es-ql (:Query Languages/SQL) |
elasticmachine
added
the
Team:QL (Deprecated)
matriv
approved these changes
Jun 24, 2020
| @@ -208,7 +215,8 @@ public boolean indexIncludeFrozen() { | |||
| } | |||
|
|
|||
| public static boolean canAccept(String url) { | |||
| return (StringUtils.hasText(url) && url.trim().startsWith(JdbcConfiguration.URL_PREFIX)); | |||
| return (StringUtils.hasText(url) && | |||
There was a problem hiding this comment.
minor: I would trim the url and use a local var to avoid trimming it potentially twice.
- prevent double trimming of the connection string; - improve docs
matriv
approved these changes
Jun 26, 2020
bpintea
added a commit
to bpintea/elasticsearch
that referenced
this pull request
Jul 2, 2020
…#58429) * Fix: preserve URI query and fragment char escaping This commit fixes an issue emerging when the connection string URI contains escaped characters. The original URI is pre-parsed in order to re-assemble a new URI having the optional elements filled in with defaults. The new URI has been using however the unescaped query and fragment parts. So if these contained any escaped `&` or `=` (such as in the password option value), the unescaping would reveal them and make them later interfere with the options parsing. The commit changes that, so that the new URI be built from the unescaped "raw" parts of the original URI. (cherry picked from commit 94eb5a0)
bpintea
added a commit
to bpintea/elasticsearch
that referenced
this pull request
Jul 2, 2020
…#58429) * Fix: preserve URI query and fragment char escaping This commit fixes an issue emerging when the connection string URI contains escaped characters. The original URI is pre-parsed in order to re-assemble a new URI having the optional elements filled in with defaults. The new URI has been using however the unescaped query and fragment parts. So if these contained any escaped `&` or `=` (such as in the password option value), the unescaping would reveal them and make them later interfere with the options parsing. The commit changes that, so that the new URI be built from the unescaped "raw" parts of the original URI. (cherry picked from commit 94eb5a0)
bpintea
added a commit
that referenced
this pull request
Jul 3, 2020
…58429) (#58977) SQL: fix handling of escaped chars in JDBC connection string (#58429) This commit fixes an issue emerging when the connection string URI contains escaped characters. The original URI is pre-parsed in order to re-assemble a new URI having the optional elements filled in with defaults. The new URI has been using however the unescaped query and fragment parts. So if these contained any escaped `&` or `=` (such as in the password option value), the unescaping would reveal them and make them later interfere with the options parsing. The commit changes that, so that the new URI be built from the unescaped "raw" parts of the original URI. (cherry picked from commit 94eb5a0)
bpintea
added a commit
that referenced
this pull request
Jul 3, 2020
…58429) (#58976) SQL: fix handling of escaped chars in JDBC connection string (#58429) This commit fixes an issue emerging when the connection string URI contains escaped characters. The original URI is pre-parsed in order to re-assemble a new URI having the optional elements filled in with defaults. The new URI has been using however the unescaped query and fragment parts. So if these contained any escaped `&` or `=` (such as in the password option value), the unescaping would reveal them and make them later interfere with the options parsing. The commit changes that, so that the new URI be built from the unescaped "raw" parts of the original URI. (cherry picked from commit 94eb5a0)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR fixes an issue emerging when the connection string URI
contains escaped characters.
The original URI is pre-parsed in order to re-assemble a new URI having
the optional elements filled in with defaults. The new URI has been
using however the unescaped query and fragment parts. So if these
contained any escaped
&or=(such as in the password option value),the unescaping would reveal them and make them later interfere with the
options parsing.
The PR changes that, so that the new URI be built from the unescaped
"raw" parts of the original URI.
Closes #57927