Skip to content

Do not include password in data source name with Persist Security Info=true#6395

Merged
roji merged 1 commit intonpgsql:mainfrom
roji:TracingPassword
Dec 29, 2025
Merged

Do not include password in data source name with Persist Security Info=true#6395
roji merged 1 commit intonpgsql:mainfrom
roji:TracingPassword

Conversation

@roji
Copy link
Member

@roji roji commented Dec 27, 2025

Closes #6394

Copilot AI review requested due to automatic review settings December 27, 2025 08:14
@roji roji requested a review from vonzshik as a code owner December 27, 2025 08:14
Copilot AI reviewed Dec 27, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes a security issue where passwords could leak through the data source name when PersistSecurityInfo=true in tracing and metrics reporting. The fix ensures that the Name property of NpgsqlDataSource never contains the password, even when PersistSecurityInfo is enabled.

Key changes:

  • Modified NpgsqlDataSource constructor to conditionally set Name without password when PersistSecurityInfo=true
  • Added comprehensive test coverage for both tracing and metrics to verify passwords don't leak through data source names

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
src/Npgsql/NpgsqlDataSource.cs Updated constructor logic to ensure the Name property always uses connection string without password, regardless of PersistSecurityInfo setting
test/Npgsql.Tests/TracingTests.cs Added test to verify password doesn't leak via data source name in tracing activities
test/Npgsql.Tests/MetricTests.cs Added test to verify password doesn't leak via data source name in metrics

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Copilot AI review requested due to automatic review settings December 27, 2025 10:14
Copilot AI reviewed Dec 27, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@roji roji merged commit 847d69f into npgsql:main Dec 29, 2025
17 of 18 checks passed
@roji roji deleted the TracingPassword branch December 29, 2025 13:55
roji added a commit that referenced this pull request Dec 29, 2025
@roji
Do not include password in data source name with Persist Security Inf…
bf3dd9b 
…o=true (#6395)

Closes #6394

(cherry picked from commit 847d69f)
roji added a commit that referenced this pull request Dec 29, 2025
@roji
Do not include password in data source name with Persist Security Inf…
686e1b9 
…o=true (#6395)

Closes #6394

(cherry picked from commit 847d69f)
@roji
Copy link
Member Author

roji commented Dec 29, 2025
edited
Loading

Backported to 10.0.2 via f87005b
Backported to 9.0.5 via bf3dd9b
Backported to 8.0.9 vio 686e1b9

roji added a commit that referenced this pull request Dec 30, 2025
@roji
Do not include password in data source name with Persist Security Inf…
f87005b 
…o=true (#6395)

Closes #6394

(cherry picked from commit 847d69f)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@vonzshik vonzshik Awaiting requested review from vonzshik vonzshik is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Potential credential leakage via OpenTelemetry when using Npgsql

2 participants

@roji