Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

conn.Query* might return error that contains connection credentials #219

Open
jzhn opened this issue Aug 30, 2024 · 0 comments
Open

conn.Query* might return error that contains connection credentials #219

jzhn opened this issue Aug 30, 2024 · 0 comments

Comments

@jzhn
Copy link

jzhn commented Aug 30, 2024

Describe the bug

When the connection string is malformed, go-mssqldb might return an error that contains the username and password, which might be logged by the caller and cause credentials leak.

This is caused by a late url.Parse call which might include the entire connection URL in the error message.

Stack trace

url.Parse (url.go:478) net/url
msdsn.splitConnectionStringURL (conn_str.go:631) github.com/microsoft/go-mssqldb/msdsn
msdsn.getDsnParams (conn_str.go:272) github.com/microsoft/go-mssqldb/msdsn
msdsn.Parse (conn_str.go:291) github.com/microsoft/go-mssqldb/msdsn
mssql.(*Driver).open (mssql.go:410) github.com/microsoft/go-mssqldb
mssql.(*Driver).Open (mssql.go:77) github.com/microsoft/go-mssqldb
sql.dsnConnector.Connect (sql.go:791) database/sql
<autogenerated>:2
sql.(*DB).conn (sql.go:1415) database/sql
sql.(*DB).query (sql.go:1749) database/sql
sql.(*DB).QueryContext.func1 (sql.go:1732) database/sql
sql.(*DB).retry (sql.go:1566) database/sql
sql.(*DB).QueryContext (sql.go:1731) database/sql
sql.(*DB).Query (sql.go:1745) database/sql

Steps to reproduce

func (suite *MssqlDBTestSuite) TestConnectionCredentialsLeak() {
	conn, err := sql.Open("mssql", "sqlserver://username:password@[foo].bar:1433?database=foo&encrypt=true&ssl=require")
	suite.NoError(err)

	_, err = conn.Query("select 1")
	suite.NoError(err)
}

Actual behaviour

the error returned from conn.Query reveals the connection credentials

Error:      	Received unexpected error:
        	            	parse "sqlserver://username:password@[foo].bar:1433?database=foo&encrypt=true&ssl=require": invalid port ".bar:1433" after host

Expected behaviour

The error does not include credentials (username/password)

Further technical details

SQL Server version: doesn't matter. this error happens on the client side.
Operating system: macOS 14.5 on M1 CPU
Table schema: doesn't matter. this error happens on the client side.

Notes

The issue happens when the caller provides a malformed connection string. However, it's still undesirable for go-mssqldb to return an error that could lead to the leak of connection credentials. Especially that the error isn't returned in sql.Open, but later on conn.Query, so the error can not be easily handled centrally.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jzhn