Describe the bug
sqlalchemy.engine.url.URL's render_as_string function url encodes some but not all characters for passwords.
I expect the output of render_as_string to url encode all necessary characters for a db url.
Optional link from https://docs.sqlalchemy.org which documents the behavior that is expected
No response
SQLAlchemy Version in Use
1.4.41
DBAPI (i.e. the database driver)
n/a
Database Vendor and Major Version
n/a
Python Version
3.8
Operating system
Linux
To Reproduce
from sqlalchemy import create_engine
import urllib
password = urllib.parse.quote_plus("notareal[password]")
db_url = f"postgresql+pg8000://scott:{password}@localhost:5432/mydatabase"
print(db_url)
# postgresql+pg8000://scott:notareal%5Bpassword%5D@localhost:5432/mydatabase
engine = create_engine(db_url)
print(engine.url.render_as_string(hide_password=False))
# postgresql+pg8000://scott:notareal[password]@localhost:5432/mydatabase
# The password is no longer url encoded.Error
I am using AWS xray which monkey patches Session. The monkey patched code uses urllib.parse.urlparse on the string returned by URL's render_as_string.
One of my passwords included a square bracket. Because square brackets are not url encoded by render_as_string, this leads to urlparse interpreting the db url as an invalid IPv6 url. This breaks xray functionality and logs an error:
[ERROR] Error parsing sql metadata.
Traceback (most recent call last):
File "/var/task/aws_xray_sdk/ext/sqlalchemy_core/patch.py", line 22, in _sql_meta
url = urlparse(str(engine_instance.engine.url))
File "/var/lang/lib/python3.8/urllib/parse.py", line 384, in urlparse
splitresult = urlsplit(url, scheme, allow_fragments)
File "/var/lang/lib/python3.8/urllib/parse.py", line 486, in urlsplit
raise ValueError("Invalid IPv6 URL")
Additional context
Is there any reason why sqlalchemy is only url encoding specific characters instead of using urllib.parse.quoteplus?
Describe the bug
sqlalchemy.engine.url.URL's render_as_string function url encodes some but not all characters for passwords.
I expect the output of
render_as_stringto url encode all necessary characters for a db url.Optional link from https://docs.sqlalchemy.org which documents the behavior that is expected
No response
SQLAlchemy Version in Use
1.4.41
DBAPI (i.e. the database driver)
n/a
Database Vendor and Major Version
n/a
Python Version
3.8
Operating system
Linux
To Reproduce
Error
I am using AWS xray which monkey patches
Session. The monkey patched code usesurllib.parse.urlparseon the string returned by URL'srender_as_string.One of my passwords included a square bracket. Because square brackets are not url encoded by
render_as_string, this leads tourlparseinterpreting the db url as an invalid IPv6 url. This breaks xray functionality and logs an error:Additional context
Is there any reason why sqlalchemy is only url encoding specific characters instead of using
urllib.parse.quoteplus?