search

FirebirdSQL / NETProvider

Firebird ADO.NET Data Provider
https://www.firebirdsql.org/en/net-provider/
Other
160 stars 65 forks source link

Not possible to use quotes for password in ConnectionString #1017

Open Prochy opened 2 years ago

Prochy commented 2 years ago

If I have a connection string like: User=SYSDBA;Password="""'""''";Database=testDb;DataSource=localhost;Port=3051;Dialect=3;Charset=UTF8;Role=;Connection lifetime=15;Pooling=true;MinPoolSize=0;MaxPoolSize=500;Packet Size=8192;ServerType=0

I suppose it should work and the password should be parsed as "'"''. Obviously, there is problem in a regex parsing that part. If I'm right, the original regex (ConnectionString.cs line 283): const string KeyPairsRegex = "(([\\w\\s\\d]*)\\s*?=\\s*?\"([^\"]*)\"|([\\w\\s\\d]*)\\s*?=\\s*?'([^']*)'|([\\w\\s\\d]*)\\s*?=\\s*?([^\"';][^;]*))"; Should be changed to this: const string KeyPairsRegex = "(([\\w\\s\\d]*)\\s*?=\\s*?\"((?:[^\"]|\"\")*)\"|([\\w\\s\\d]*)\\s*?=\\s*?'([^']*)'|([\\w\\s\\d]*)\\s*?=\\s*?([^\"';][^;]*))"; And accordingly replace escaped quotes to single one:

var values = new string[]
 {
        (keyPair.Groups[2].Success ? keyPair.Groups[2].Value
         : keyPair.Groups[4].Success ? keyPair.Groups[4].Value
                  : keyPair.Groups[6].Success ? keyPair.Groups[6].Value
                   : string.Empty)
            .Trim().ToLowerInvariant(),
        (keyPair.Groups[3].Success ? keyPair.Groups[3].Value.Replace("\"\"","\"")
         : keyPair.Groups[5].Success ? keyPair.Groups[5].Value.Replace("''","'")
          : keyPair.Groups[7].Success ? keyPair.Groups[7].Value 
                   : string.Empty)
                    .Trim()
                        };

Also there is problem with spaces in the password. If I have connection string like: User=SYSDBA;Password=" ";Database=testDb;DataSource=localhost;Port=3051;Dialect=3;Charset=UTF8;Role=;Connection lifetime=15;Pooling=true;MinPoolSize=0;MaxPoolSize=500;Packet Size=8192;ServerType=0

The password is parsed as empty string which is wrong in my opinion.

cincuranet commented 2 years ago

Feel free to create PR and add some tests into this file and improve the regex.

I don't recall from top of my head why the trimming is there. Maybe for some trailing new lines or something like that. Given it has been like that for a long time, I would be careful simply removing it. Maybe just not trimming spaces, etc., but other non-printable characters should still be trimmed...

Prochy commented 2 years ago

@cincuranet I would say that if the value is encapsulated between "," or ',' it should be never trimmed no matter what inside between them is. So also others whitespaces than space shouldn't be trimmed. Even though it is not good idea put there something like \r\n. But also to be more conservative, it can trim only spaces.

So it means: key=" fsd\r\n"; will be parsed like " fsd\r\n" (ofc without quotes)

key=fsd\r\n; will be parsed like "fsd"

If I have time, I will create PR during weekend.

cincuranet commented 2 years ago

LGTM