Use temporary memory database connection to quote the password

[utelle]

Fixes #35760

[ErikEJ]

Could you add some testing?

[utelle]

Could you add some testing?

In principle, a test is already in place:

efcore/test/Microsoft.Data.Sqlite.Tests/SqliteConnectionTest.cs

Lines 264 to 276 in aeb51fa

	[Fact]
	public void Open_works_when_password()
	{
	#if E_SQLITE3 || WINSQLITE3
	Open_works_when_password_unsupported();
	#elif E_SQLCIPHER || E_SQLITE3MC || SQLCIPHER
	Open_works_when_password_supported();
	#elif SQLITE3
	Open_works_when_password_might_be_supported();
	#else
	#error Unexpected native library
	#endif
	}

You just need to enable either E_SQLCIPHER or E_SQLITE3MC. Of course, you need to make sure that a SQLite version greater or equal 3.48.0 is used under the hood.

Without the fix the test will fail for SQLite 3.48.0 or later with an error message (SQLITE_NOTADB), while it will succeed with the fix.

[bricelam]

ExecuteScalar will not use inMemoryConnection here. (It uses _db)

[utelle]

Ouch... that will have to be changed, of course.

[bricelam]

I wouldn't use the ADO.NET interfaces (e.g. SqliteConnection) here. Use the lower-level SQLitePCLRaw APIs (e.g. sqlite3_open_v2) instead.

[utelle]

I'll try to adjust the code accordingly.

[utelle]

@bricelam I tried to adjust the code according to your comments. Please take a look.

[utelle]

@dotnet-policy-service agree

[bricelam]

LGTM

[utelle]

LGTM

@bricelam: Thanks. Nevertheless, I have reconsidered the implementation. I have doubts as to whether the function RetryWhileBusy() should/needs really be used here. I took it from the implementation of ExecScalar(). However, in case of an in-memory database there is no concurrency at all, because only the connection that opened the in-memory database can access it - AFAIK. That is, no way for the connection to be busy under the given circumstances.

Therefore the current implementation

    private string QuotePassword(string pswd, int timeout)
    {
        sqlite3 dbMem;
        var rc = sqlite3_open(":memory:", out dbMem);
        SqliteException.ThrowExceptionForRC(rc, dbMem);

        var timer = Stopwatch.StartNew();
        sqlite3_stmt stmt = null!;
        RetryWhileBusy(() => sqlite3_prepare_v2(dbMem, "SELECT quote($password);", out stmt), timeout, timer);
        try
        {
            sqlite3_bind_text(stmt, 1, pswd);
            RetryWhileBusy(() => sqlite3_step(stmt), () => sqlite3_reset(stmt), timeout, timer);
            return sqlite3_column_text(stmt, 0).utf8_to_string();
        }
        finally
        {
            stmt.Dispose();
            dbMem.Dispose();
        }
    }

could possibly be simplified to the following:

    private string QuotePassword(string pswd)
    {
        sqlite3 dbMem;
        int rc = sqlite3_open(":memory:", out dbMem);
        SqliteException.ThrowExceptionForRC(rc, dbMem);
        sqlite3_stmt stmt = null!;
        try
        {
            rc = sqlite3_prepare_v2(dbMem, "SELECT quote($password);", out stmt);
            SqliteException.ThrowExceptionForRC(rc, dbMem);
            sqlite3_bind_text(stmt, 1, pswd);
            rc = sqlite3_step(stmt);
            SqliteException.ThrowExceptionForRC(rc, dbMem);
            return sqlite3_column_text(stmt, 0).utf8_to_string();
        }
        finally
        {
            stmt.Dispose();
            dbMem.Dispose();
        }
    }

What do you think?

[bricelam]

@utelle I agree, it's not needed here. Proposed code looks good to me.

[cincuranet]

Thanks.

I did quick cleanup in #36961. And backport to 10 (#36962).

[utelle]

I did quick cleanup in #36961. And backport to 10 (#36962).

Thank you very much for cleaning up the code, and for backporting to version 10.