Do not use Sprintf for passwords into URLs

Signed-off-by: Matthew L Daniel <md@stoi.cc>

integration/tests/postgres/column-set-default/Dockerfile

@@ -1,7 +1,6 @@
 FROM postgres:10.7
 
 ENV POSTGRES_USER=schemahero
-ENV POSTGRES_PASSWORD=password
 ENV POSTGRES_DB=schemahero
 
 ## Insert fixtures

integration/tests/postgres/column-unset-default/Dockerfile

@@ -1,7 +1,6 @@
 FROM postgres:10.7
 
 ENV POSTGRES_USER=schemahero
-ENV POSTGRES_PASSWORD=password
 ENV POSTGRES_DB=schemahero
 
 ## Insert fixtures

integration/tests/postgres/common.mk

@@ -2,15 +2,17 @@ SHELL := /bin/bash
 DATABASE_IMAGE_NAME := schemahero/database
 DATABASE_CONTAINER_NAME := schemahero-database
 DRIVER := postgres
-URI := postgres://schemahero:password@127.0.0.1:15432/schemahero?sslmode=disable
+POSTGRES_PASSWORD_URI := %21%40%23%24%25%5E%26%2A%28%29%7B%7D%27%22%3B
+URI := postgres://schemahero:$(POSTGRES_PASSWORD_URI)@127.0.0.1:15432/schemahero?sslmode=disable
 
 .PHONY: run
 run:
 	# Fixtures
 	docker pull postgres:$(PG_VERSION)
 	docker build -t $(DATABASE_IMAGE_NAME) .
 	@-docker rm -f $(DATABASE_CONTAINER_NAME) > /dev/null 2>&1 ||:
-	docker run -p 15432:5432 --rm -d --name $(DATABASE_CONTAINER_NAME) $(DATABASE_IMAGE_NAME)
+	# the $ is doubled due to make :-(
+	docker run -p 15432:5432 --rm -d -e POSTGRES_PASSWORD='!@#$$%^&*(){}'\''";' -e POSTGRES_HOST_AUTH_METHOD=md5 --name $(DATABASE_CONTAINER_NAME) $(DATABASE_IMAGE_NAME)
 	while ! docker exec $(DATABASE_CONTAINER_NAME) pg_isready --quiet; do sleep 1; done
 	@sleep 1
 

integration/tests/postgres/create-table/Dockerfile

@@ -1,7 +1,6 @@
 FROM postgres:10.7
 
 ENV POSTGRES_USER=schemahero
-ENV POSTGRES_PASSWORD=password
 ENV POSTGRES_DB=schemahero
 
 ## Insert fixtures

integration/tests/postgres/foreign-key-action/Dockerfile

@@ -1,7 +1,6 @@
 FROM postgres:10.7
 
 ENV POSTGRES_USER=schemahero
-ENV POSTGRES_PASSWORD=password
 ENV POSTGRES_DB=schemahero
 
 ## Insert fixtures

integration/tests/postgres/foreign-key-alter/Dockerfile

@@ -1,7 +1,6 @@
 FROM postgres:10.7
 
 ENV POSTGRES_USER=schemahero
-ENV POSTGRES_PASSWORD=password
 ENV POSTGRES_DB=schemahero
 
 ## Insert fixtures

integration/tests/postgres/foreign-key-create/Dockerfile

@@ -1,7 +1,6 @@
 FROM postgres:10.7
 
 ENV POSTGRES_USER=schemahero
-ENV POSTGRES_PASSWORD=password
 ENV POSTGRES_DB=schemahero
 
 ## Insert fixtures

integration/tests/postgres/foreign-key-drop/Dockerfile

@@ -1,7 +1,6 @@
 FROM postgres:10.7
 
 ENV POSTGRES_USER=schemahero
-ENV POSTGRES_PASSWORD=password
 ENV POSTGRES_DB=schemahero
 
 ## Insert fixtures

integration/tests/postgres/index-create/Dockerfile

@@ -1,7 +1,6 @@
 FROM postgres:10.7
 
 ENV POSTGRES_USER=schemahero
-ENV POSTGRES_PASSWORD=password
 ENV POSTGRES_DB=schemahero
 
 ## Insert fixtures

integration/tests/postgres/not-null-with-default/Dockerfile

@@ -1,7 +1,6 @@
 FROM postgres:10.7
 
 ENV POSTGRES_USER=schemahero
-ENV POSTGRES_PASSWORD=password
 ENV POSTGRES_DB=schemahero
 
 ## Insert fixtures

integration/tests/postgres/not-null/Dockerfile

@@ -1,7 +1,6 @@
 FROM postgres:10.7
 
 ENV POSTGRES_USER=schemahero
-ENV POSTGRES_PASSWORD=password
 ENV POSTGRES_DB=schemahero
 
 ## Insert fixtures

integration/tests/postgres/primary-key-add/Dockerfile

@@ -1,7 +1,6 @@
 FROM postgres:10.7
 
 ENV POSTGRES_USER=schemahero
-ENV POSTGRES_PASSWORD=password
 ENV POSTGRES_DB=schemahero
 
 ## Insert fixtures

integration/tests/postgres/primary-key-drop/Dockerfile

@@ -1,7 +1,6 @@
 FROM postgres:10.7
 
 ENV POSTGRES_USER=schemahero
-ENV POSTGRES_PASSWORD=password
 ENV POSTGRES_DB=schemahero
 
 ## Insert fixtures

integration/tests/postgres/unique-constraint-add/Dockerfile

@@ -1,7 +1,6 @@
 FROM postgres:10.7
 
 ENV POSTGRES_USER=schemahero
-ENV POSTGRES_PASSWORD=password
 ENV POSTGRES_DB=schemahero
 
 ## Insert fixtures

integration/tests/postgres/unique-constraint-drop/Dockerfile

@@ -1,7 +1,6 @@
 FROM postgres:10.7
 
 ENV POSTGRES_USER=schemahero
-ENV POSTGRES_PASSWORD=password
 ENV POSTGRES_DB=schemahero
 
 ## Insert fixtures

pkg/apis/databases/v1alpha4/connection.go

@@ -19,6 +19,7 @@ package v1alpha4
 import (
 	"context"
 	"fmt"
+	"net/url"
 
 	"github.com/pkg/errors"
 	"github.com/schemahero/schemahero/pkg/config"
@@ -86,7 +87,8 @@ func (d Database) getConnectionFromParams(ctx context.Context) (string, string,
 			return "", "", errors.Wrap(err, "failed to read postgres dbname")
 		}
 
-		uri = fmt.Sprintf("postgres://%s:%s@%s:%s/%s", user, password, hostname, port, dbname)
+		authInfo := url.UserPassword(user, password).String()
+		uri = fmt.Sprintf("postgres://%s@%s:%s/%s", authInfo, hostname, port, dbname)
 		if !d.Spec.Connection.Postgres.SSLMode.IsEmpty() {
 			sslMode, err := d.getValueFromValueOrValueFrom(ctx, driver, d.Spec.Connection.Postgres.SSLMode)
 			if err != nil {
@@ -120,7 +122,8 @@ func (d Database) getConnectionFromParams(ctx context.Context) (string, string,
 			return "", "", errors.Wrap(err, "failed to read cockroachdb dbname")
 		}
 
-		uri = fmt.Sprintf("postgres://%s:%s@%s:%s/%s", user, password, hostname, port, dbname)
+		authInfo := url.UserPassword(user, password).String()
+		uri = fmt.Sprintf("postgres://%s@%s:%s/%s", authInfo, hostname, port, dbname)
 		if !d.Spec.Connection.CockroachDB.SSLMode.IsEmpty() {
 			sslMode, err := d.getValueFromValueOrValueFrom(ctx, driver, d.Spec.Connection.CockroachDB.SSLMode)
 			if err != nil {