From bff3c40a3fadf211320df7970affb3cd8cc4070f Mon Sep 17 00:00:00 2001
From: Alex Brice <alexbrice@paloalto.com>
Date: Thu, 28 Nov 2024 08:55:32 -0800
Subject: [PATCH] feat(postgres): Add URL escaping to database connection
 string (#380)

* feat(postgres): Add URL escaping to database connection string

Add url.QueryEscape() to properly handle special characters in PostgreSQL
connection parameters. This prevents potential connection issues and improves
security when credentials contain special characters.

Changes:
- Escape username with url.QueryEscape()
- Escape password with url.QueryEscape()
- Escape hostname with url.QueryEscape()
- Escape database name with url.QueryEscape()

Example special characters handled:
- @ in usernames (e.g., user@domain.com)
- Special chars in passwords (e.g., *, (, ), @)
- Special chars in database names

This change ensures the DSN string is properly formatted regardless of the
characters present in the connection parameters.

Related to PostgreSQL connection string format:
postgres://username:password@hostname:port/database

* Update src/lib/config/config.go

Remove url.QueryEscape for Host

Co-authored-by: ellipsis-dev[bot] <65095814+ellipsis-dev[bot]@users.noreply.github.com>

* Update config.go to match spacing format

---------

Co-authored-by: ellipsis-dev[bot] <65095814+ellipsis-dev[bot]@users.noreply.github.com>
---
 .gitignore               |  3 +++
 src/lib/config/config.go | 17 ++++++++++-------
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/.gitignore b/.gitignore
index fb102b19..3a442175 100644
--- a/.gitignore
+++ b/.gitignore
@@ -28,3 +28,6 @@ test_data
 # Go workspace file
 .idea
 .vscode
+
+# VSCode local history
+.history
diff --git a/src/lib/config/config.go b/src/lib/config/config.go
index 06d853e9..c98b6546 100644
--- a/src/lib/config/config.go
+++ b/src/lib/config/config.go
@@ -1,6 +1,9 @@
 package config
 
-import "fmt"
+import (
+	"fmt"
+	"net/url"
+)
 
 // this is a pointer so that if someone attempts to use it before loading it will
 // panic and force them to load it first.
@@ -63,12 +66,12 @@ type postgresConfigCommon struct {
 func (c postgresConfigCommon) DSN() string {
 	return fmt.Sprintf(
 		"postgres://%s:%s@%s:%d/%s?sslmode=disable",
-		c.User,
-		c.Password,
-		c.Host,
-		c.Port,
-		c.Database,
-	)
+        	url.QueryEscape(c.User),
+        	url.QueryEscape(c.Password),
+        	c.Host,
+        	c.Port,
+        	url.QueryEscape(c.Database),
+    	)
 }
 
 type carbonConfig struct {