`password` AMQP URI parameter is parsed incorrectly #8129

lukebakken · 2023-05-10T13:46:51Z

Describe the bug

In my testing, I found that the query parameter &password=xxx overrides the password in "amqps://user:pass@rabbitmq-host:5671", i.e. in this link it will use user:xxx to log into RabbitMQ instead of user:pass:

amqps://user:pass@rabbitmq-host:5671?cacertfile=/etc/rabbitmq/ssl/ca_certificate.pem&certfile=/etc/rabbitmq/ssl/client_certificate.pem&keyfile=/etc/rabbitmq/ssl/client_key.pem&verify=verify_peer&password=xxx

Reproduction steps

To see how this is parsed, start up RabbitMQ with RABBITMQ_ALLOW_INPUT=true and enter the following into the Erlang shell:

(rabbit@shostakovich)3> amqp_uri:parse(<<"amqps://user:pass@rabbitmq-host:5671?cacertfile=/etc/rabbitmq/ssl/ca_certificate.pem&certfile=/etc/rabbitmq/ssl/client_certificate.pem&keyfile=/etc/rabbitmq/ssl/client_key.pem&verify=verify_peer&password=xxx">>).

{ok,{amqp_params_network,<<"user">>,"xxx",<<"/">>,
                         "rabbitmq-host",5671,2047,0,10,60000,
                         [{server_name_indication,"rabbitmq-host"},
                          {password,"xxx"},
                          {verify,verify_peer},
                          {keyfile,"/etc/rabbitmq/ssl/client_key.pem"},
                          {certfile,"/etc/rabbitmq/ssl/client_certificate.pem"},
                          {cacertfile,"/etc/rabbitmq/ssl/ca_certificate.pem"}],
                         [#Fun<amqp_uri.9.95926583>,#Fun<amqp_uri.9.95926583>],
                         [],[]}}

Note that xxx is the AMQP login password as well, whoops.

Expected behavior

The AMQP password is not overridden.

Additional context

No response

The text was updated successfully, but these errors were encountered:

lukebakken · 2023-05-10T13:52:49Z

b3abf24

The query parameter `password` in an AMQP URI should only be used to set a certificate password, *not* the login password. The login password is set via the `amqp_authority` section as defined here - https://www.rabbitmq.com/uri-spec.html * Add test that demonstrates issue in #8129 * Modify code to fix test Modify amqp_uri so that test passes

Fixes #8129 The query parameter `password` in an AMQP URI should only be used to set a certificate password, *not* the login password. The login password is set via the `amqp_authority` section as defined here - https://www.rabbitmq.com/uri-spec.html * Add test that demonstrates issue in #8129 * Modify code to fix test Modify amqp_uri so that test passes

Fixes #8129 The query parameter `password` in an AMQP URI should only be used to set a certificate password, *not* the login password. The login password is set via the `amqp_authority` section as defined here - https://www.rabbitmq.com/uri-spec.html * Add test that demonstrates issue in #8129 * Modify code to fix test Modify amqp_uri so that test passes (cherry picked from commit 494d171)

Fixes #8129 The query parameter `password` in an AMQP URI should only be used to set a certificate password, *not* the login password. The login password is set via the `amqp_authority` section as defined here - https://www.rabbitmq.com/uri-spec.html * Add test that demonstrates issue in #8129 * Modify code to fix test Modify amqp_uri so that test passes (cherry picked from commit 494d171) (cherry picked from commit 90549cd)

Fixes #8129 The query parameter `password` in an AMQP URI should only be used to set a certificate password, *not* the login password. The login password is set via the `amqp_authority` section as defined here - https://www.rabbitmq.com/uri-spec.html * Add test that demonstrates issue in #8129 * Modify code to fix test Modify amqp_uri so that test passes (cherry picked from commit 494d171) (cherry picked from commit 90549cd) (cherry picked from commit 5eda3d2)

Fixes #8129 The query parameter `password` in an AMQP URI should only be used to set a certificate password, *not* the login password. The login password is set via the `amqp_authority` section as defined here - https://www.rabbitmq.com/uri-spec.html * Add test that demonstrates issue in #8129 * Modify code to fix test Modify amqp_uri so that test passes

lukebakken added the bug label May 10, 2023

lukebakken self-assigned this May 10, 2023

lukebakken mentioned this issue May 10, 2023

Document password query parameter rabbitmq/rabbitmq-website#1650

Open

lukebakken added a commit that referenced this issue May 10, 2023

Add test that demonstrates issue in #8129

6f649ce

lukebakken mentioned this issue May 10, 2023

Correctly use AMQP URI query parameter password #8130

Merged

michaelklishin added this to the 3.11.16 milestone May 10, 2023

lukebakken closed this as completed in #8130 May 10, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

`password` AMQP URI parameter is parsed incorrectly #8129

`password` AMQP URI parameter is parsed incorrectly #8129

lukebakken commented May 10, 2023

lukebakken commented May 10, 2023

password AMQP URI parameter is parsed incorrectly #8129

password AMQP URI parameter is parsed incorrectly #8129

Comments

lukebakken commented May 10, 2023

Describe the bug

Reproduction steps

Expected behavior

Additional context

lukebakken commented May 10, 2023

`password` AMQP URI parameter is parsed incorrectly #8129

`password` AMQP URI parameter is parsed incorrectly #8129