Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(migrations): encode input to ensure valid postgres urls #6123

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

fix(migrations): encode input to ensure valid postgres urls #6123

wants to merge 7 commits into from
+35 −14

Conversation

Intellicode
Copy link

Background

When passwords (or other parameters) contain special characters (such as % in a password), it will result in invalid postgres url's

Description

The change encodes all injected input parameters, I can remove some if you think its unnecessary.

Checklist

  • Input validation
  • Output encoding
  • Authentication management
  • Session management
  • Access control
  • Cryptographic practices
  • Error handling and logging
  • Data protection
  • Communication security
  • System configuration
  • Database security
  • File management
  • Memory management
  • Testing

@n1ru4l n1ru4l self-requested a review December 16, 2024 10:31
n1ru4l
n1ru4l requested changes Dec 16, 2024
View reviewed changes
Copy link
Contributor

@n1ru4l n1ru4l left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @Intellicode, thank you for this contribution. There are currently multiple createConnectionString copies within our code base e.g.

packages/services/storage/src/db/utils.ts
packages/migrations/src/connection-string.ts

Could you adjust all of them to use the same function definition with your improvements?

Also could you please add a changeset for hive using the command pnpm changeset, for describing this improvement?

@Intellicode Intellicode requested a review from n1ru4l December 23, 2024 13:02
@Intellicode
Copy link
Author

@n1ru4l Thanks for your feedback! I've modified the other places to include the logic, I've also made password optional, since some authentication mechanisms allow disabling of password based login (such as in Azure with Workload ID's on Kubernetes)

@Intellicode Intellicode force-pushed the fix/encode-db-params branch 2 times, most recently from a25a003 to cbfe669 Compare December 27, 2024 09:33
@n1ru4l n1ru4l self-requested a review December 27, 2024 10:16
n1ru4l
n1ru4l requested changes Dec 27, 2024
View reviewed changes
Copy link
Contributor

@n1ru4l n1ru4l left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Intellicode Can you also update the configuration of other services that access postgres and the READMEs (mark password as optional env variable).

Please also add a changeset for graphql-hive

@Intellicode Intellicode force-pushed the fix/encode-db-params branch 2 times, most recently from 74f029e to 9b7794a Compare January 14, 2025 21:29
@Intellicode Intellicode requested a review from n1ru4l January 14, 2025 21:33
n1ru4l
n1ru4l requested changes Jan 16, 2025
View reviewed changes
Copy link
Contributor

@n1ru4l n1ru4l left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updates to the following files are missing:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@n1ru4l n1ru4l n1ru4l requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Intellicode @n1ru4l