fix(trino): sanitize bracketed userinfo and URL-decode credentials#2455
fix(trino): sanitize bracketed userinfo and URL-decode credentials#2455Bartok9 wants to merge 2 commits into
Conversation
Raw '[' / ']' in trino:// credentials raise ValueError from urlparse's IPv6 netloc check. Escape only the userinfo segment (preserving real IPv6 hosts), then unquote username/password/catalog/schema so both the escaped brackets and ordinary percent-encoded reserved characters land as the intended strings. unquote (not unquote_plus) keeps literal '+'.
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
💤 Files with no reviewable changes (1)
WalkthroughThe Trino connector now escapes brackets in userinfo before parsing URLs and unquotes parsed user, password, catalog, and schema values. New tests cover bracketed passwords, IPv6 hosts, percent-decoding, and literal ChangesTrino URL Parsing Fix
Estimated code review effort: 2 (Simple) | ~10 minutes Suggested reviewers: Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Summary
[/]in Trino connection-URL userinfo beforeurlparse.unquote.Motivation
Two silent failures on
trino://URLs:urlparsetreats any[/]in the netloc as IPv6 delimiters, sotrino://user:p[a]ss@host/c/sraisesValueError: Invalid IPv6 URLand never connects. Same root cause already fixed for MySQL/MSSQL/Oracle/ClickHouse helpers.urlparseleaves%40etc. literal in userinfo/path, so correctly encoded reserved characters fail auth / catalog resolution.Decoding is required after bracket sanitisation (otherwise the pre-escaped brackets remain as
%5B/%5D). Usesunquote, notunquote_plus, so a literal+is preserved.Differential value
#2435 (mine, still open) only does the decode half on an older branch. This PR is the complete parentheses-safe version of the same path; prefer this one and close #2435 once merged.
Verification
PYTHONPATH=src pytest tests/connectors/test_trino.py -k parse_trino_url→ 7 passed, 66 deselectedtest_parse_trino_url_allows_raw_brackets_in_passwordtest_parse_trino_url_preserves_ipv6_host_with_bracketed_passwordtest_parse_trino_url_decodes_user_password_and_identifierstest_parse_trino_url_preserves_literal_plus_in_userinfotrino://user:p[a]ss@host:8080/c/s→ValueError: Invalid IPv6 URLuser, passwordp[a]ss; IPv6 host::1still parses when bracketed.License
core/wren/**only (Apache-2.0).Summary by CodeRabbit
[/]) in the userinfo portion to prevent URL parsing failures.+characters in userinfo fields and added coverage for additional edge cases via new unit tests.