search

microsoft / go-sqlcmd

The new sqlcmd, CLI for SQL Server and Azure SQL (winget install sqlcmd / sqlcmd create mssql / sqlcmd open ads)
https://learn.microsoft.com/sql/tools/sqlcmd/go-sqlcmd-utility
MIT License
325 stars 57 forks source link

Triage needed; Some bugs and annoyances I found #329

Open bbergeron0 opened 1 year ago

bbergeron0 commented 1 year ago

Passing Passwords Insecurely

After typing 'export SQLCMDPASSWORD=...', the environment variable is visible to all child processes (any command and background process started by the shell). When creating a user (or with any operation needing a password), it would be wiser to read the password form STDIN.

Segfault

I have this segfault. I solved it by deleting sqlcmd's config file.

[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x81990d]

goroutine 1 [running]:
github.com/microsoft/go-sqlcmd/internal/config.GetCurrentContextInfo()
        /home/vsts/work/1/s/internal/config/context.go:105 +0x10d
main.initializeEnvVars()
        /home/vsts/work/1/s/cmd/modern/main.go:83 +0xcf
main.main()
        /home/vsts/work/1/s/cmd/modern/main.go:51 +0x20c

-?

? is a special character on Linux shells, so we're forced to put quotes around ('-?'). Conventions recommend using -h or --help.

XDG Directories

A lot of softwares dumps their cache/config/data/whatever in ~/.<appname>, polluting the user's home. XDG users directories are standard directories for well-known data type (configurations, appdata, cache...). For sqlcmd, on such path would be ~/.config/sqlcmd instead of ~/.sqlcmd. Right now, I have 21 applications managing their configuration the annoying way, and it would be delightful if sqlcmd did better than them.

Can't use empty passwords

MSSQL logins without passwords can exist, yet I can't add one through sqlcmd config add-user.

liner

Whenever I use sqlcmd in a shell script I get this error: liner: function not supported in this terminal

sqlcmd: v0.15.4 I apologize for the triage this issue may impose, or if I brought already mentioned issues.

stuartpa commented 1 year ago

@apoorvdeshmukh -> I'm guessing the first issue might be because the user for the current context doesn't have BasicAuth, so it's hitting a seg violation.

stuartpa commented 1 year ago

@bbergeron0 -> the -? is there for back-compt (it's been like that for decades). It works fine on my own WSL ubuntu distro. (no quotes required). -h is already taken. We do provide --help support which gives the modern CLI commands help.

stuartpa commented 1 year ago

@bbergeron0 -> we are staying close to popular CLIs like kubectl and az which do this by default. But you can override the default by providing the --sqlconfig flag and specify whatever directory that works for you.

stuartpa commented 1 year ago

@bbergeron0 -> We have #262 entered, to add support for passing password in via STDIN. Also, the environment variable can be cleared by typing export SQLCMDPASSWORD=

shueybubbles commented 1 year ago

For the liner issue in script - are you trying to run sqlcmd in interactive mode from a script? What command line arguments are you using there?

I'm amenable to putting the -P parameter back in, to be compatible with the ODBC command line. It should be up to the user to decide if having a plain text password on the command line meets their organization's security requirements.

bbergeron0 commented 1 year ago

Hi, I'm trying to do this (in a bash script): sqlcmd -U User -S db.local -d "$1" -Q "SELECT * FROM entities" | tee "$1/entities.txt"