Describe the bug
When the connection string is malformed, go-mssqldb might return an error that contains the username and password, which might be logged by the caller and cause credentials leak.
This is caused by a late url.Parse call which might include the entire connection URL in the error message.
Stack trace
url.Parse (url.go:478) net/url
msdsn.splitConnectionStringURL (conn_str.go:631) github.com/microsoft/go-mssqldb/msdsn
msdsn.getDsnParams (conn_str.go:272) github.com/microsoft/go-mssqldb/msdsn
msdsn.Parse (conn_str.go:291) github.com/microsoft/go-mssqldb/msdsn
mssql.(*Driver).open (mssql.go:410) github.com/microsoft/go-mssqldb
mssql.(*Driver).Open (mssql.go:77) github.com/microsoft/go-mssqldb
sql.dsnConnector.Connect (sql.go:791) database/sql
<autogenerated>:2
sql.(*DB).conn (sql.go:1415) database/sql
sql.(*DB).query (sql.go:1749) database/sql
sql.(*DB).QueryContext.func1 (sql.go:1732) database/sql
sql.(*DB).retry (sql.go:1566) database/sql
sql.(*DB).QueryContext (sql.go:1731) database/sql
sql.(*DB).Query (sql.go:1745) database/sql
Steps to reproduce
func (suite *MssqlDBTestSuite) TestConnectionCredentialsLeak() {
conn, err := sql.Open("mssql", "sqlserver://username:password@[foo].bar:1433?database=foo&encrypt=true&ssl=require")
suite.NoError(err)
_, err = conn.Query("select 1")
suite.NoError(err)
}
Actual behaviour
the error returned from conn.Query reveals the connection credentials
Error: Received unexpected error:
parse "sqlserver://username:password@[foo].bar:1433?database=foo&encrypt=true&ssl=require": invalid port ".bar:1433" after host
Expected behaviour
The error does not include credentials (username/password)
Further technical details
SQL Server version: doesn't matter. this error happens on the client side.
Operating system: macOS 14.5 on M1 CPU
Table schema: doesn't matter. this error happens on the client side.
Notes
The issue happens when the caller provides a malformed connection string. However, it's still undesirable for go-mssqldb to return an error that could lead to the leak of connection credentials. Especially that the error isn't returned in sql.Open, but later on conn.Query, so the error can not be easily handled centrally.
Describe the bug
When the connection string is malformed, go-mssqldb might return an error that contains the username and password, which might be logged by the caller and cause credentials leak.
This is caused by a late
url.Parsecall which might include the entire connection URL in the error message.Stack trace
Steps to reproduce
Actual behaviour
the error returned from
conn.Queryreveals the connection credentialsExpected behaviour
The error does not include credentials (
username/password)Further technical details
SQL Server version: doesn't matter. this error happens on the client side.
Operating system: macOS 14.5 on M1 CPU
Table schema: doesn't matter. this error happens on the client side.
Notes
The issue happens when the caller provides a malformed connection string. However, it's still undesirable for go-mssqldb to return an error that could lead to the leak of connection credentials. Especially that the error isn't returned in
sql.Open, but later onconn.Query, so the error can not be easily handled centrally.