diff options
| author | Mike Bayer <mike_mp@zzzcomputing.com> | 2016-11-10 17:08:06 -0500 |
|---|---|---|
| committer | Mike Bayer <mike_mp@zzzcomputing.com> | 2016-11-11 13:30:25 -0500 |
| commit | 5fba7db9be7a03076d50051fb84dade31d55262e (patch) | |
| tree | 08b4da15962dbac0eae834f69005be2de9a221fe /test/dialect | |
| parent | 91e7d46fe1dc037a4817667813abb0a0bf164a1a (diff) | |
| download | sqlalchemy-5fba7db9be7a03076d50051fb84dade31d55262e.tar.gz | |
Quote URL tokens with semicolons for pyodbc, adodbapi
Fixed bug in pyodbc dialect (as well as in the mostly non-working
adodbapi dialect) whereby a semicolon present in the password
or username fields could be interpreted as a separator for another
token; the values are now quoted when semicolons are present.
Change-Id: I5f99fd8db53ebf8e805e7d9d60bc09b8f1af603f
Fixes: #3762
Diffstat (limited to 'test/dialect')
| -rw-r--r-- | test/dialect/mssql/test_engine.py | 45 |
1 files changed, 44 insertions, 1 deletions
diff --git a/test/dialect/mssql/test_engine.py b/test/dialect/mssql/test_engine.py index 929afc8f9..39562e0db 100644 --- a/test/dialect/mssql/test_engine.py +++ b/test/dialect/mssql/test_engine.py @@ -2,7 +2,7 @@ from sqlalchemy.testing import eq_, engines from sqlalchemy import * from sqlalchemy import exc -from sqlalchemy.dialects.mssql import pyodbc, pymssql +from sqlalchemy.dialects.mssql import pyodbc, pymssql, adodbapi from sqlalchemy.engine import url from sqlalchemy.testing import fixtures from sqlalchemy import testing @@ -123,6 +123,49 @@ class ParseConnectTest(fixtures.TestBase): eq_([['DRIVER={SQL Server};Server=hostspec;Database=database;UI' 'D=username;PWD=password'], {}], connection) + def test_pyodbc_token_injection(self): + token1 = "someuser%3BPORT%3D50001" + token2 = "somepw%3BPORT%3D50001" + token3 = "somehost%3BPORT%3D50001" + token4 = "somedb%3BPORT%3D50001" + + u = url.make_url( + 'mssql+pyodbc://%s:%s@%s/%s?driver=foob' % ( + token1, token2, token3, token4 + ) + ) + dialect = pyodbc.dialect() + connection = dialect.create_connect_args(u) + eq_( + [[ + "DRIVER={foob};Server=somehost%3BPORT%3D50001;" + "Database=somedb%3BPORT%3D50001;UID='someuser;PORT=50001';" + "PWD='somepw;PORT=50001'"], {}], + connection + ) + + def test_adodbapi_token_injection(self): + token1 = "someuser%3BPORT%3D50001" + token2 = "somepw%3BPORT%3D50001" + token3 = "somehost%3BPORT%3D50001" + token4 = "someport%3BPORT%3D50001" + + # this URL format is all wrong + u = url.make_url( + 'mssql+adodbapi://@/?user=%s&password=%s&host=%s&port=%s' % ( + token1, token2, token3, token4 + ) + ) + dialect = adodbapi.dialect() + connection = dialect.create_connect_args(u) + eq_( + [["Provider=SQLOLEDB;" + "Data Source='somehost;PORT=50001', 'someport;PORT=50001';" + "Initial Catalog=None;User Id='someuser;PORT=50001';" + "Password='somepw;PORT=50001'"], {}], + connection + ) + def test_pymssql_port_setting(self): dialect = pymssql.dialect() |