Merge pull request #520 from clidey/claude/issue-502-20250613_182153

fix: Add proper identifier quoting for SQLite3 non-English characters

Author: modelorona

.gitignore

@@ -1,4 +1,7 @@
 /.idea
 /.vscode
 /dev/elasticsearch
-DS_Store
+DS_Store
+.DS_Store
+__debug*
+*.db

core/src/plugins/gorm/db.go

@@ -18,13 +18,14 @@ package gorm_plugin
 
 import (
 	"fmt"
+	"net/url"
+	"strconv"
+	"time"
+
 	"github.com/clidey/whodb/core/src/common"
 	"github.com/clidey/whodb/core/src/engine"
 	"github.com/clidey/whodb/core/src/plugins"
 	"gorm.io/gorm"
-	"net/url"
-	"strconv"
-	"time"
 )
 
 const (
@@ -111,11 +112,23 @@ func (p *GormPlugin) ParseConnectionConfig(config *engine.PluginConfig) (*Connec
 		return nil, err
 	}
 
+	database := config.Credentials.Database
+	username := config.Credentials.Username
+	password := config.Credentials.Password
+	hostname := config.Credentials.Hostname
+
+	if p.Type != engine.DatabaseType_Sqlite3 && p.Type != engine.DatabaseType_Postgres {
+		database = url.PathEscape(database)
+		username = url.PathEscape(username)
+		password = url.PathEscape(password)
+		hostname = url.PathEscape(hostname)
+	}
+
 	input := &ConnectionInput{
-		Username:                url.PathEscape(config.Credentials.Username),
-		Password:                url.PathEscape(config.Credentials.Password),
-		Database:                url.PathEscape(config.Credentials.Database),
-		Hostname:                url.PathEscape(config.Credentials.Hostname),
+		Username:                username,
+		Password:                password,
+		Database:                database,
+		Hostname:                hostname,
 		Port:                    port,
 		ParseTime:               parseTime,
 		Loc:                     loc,
@@ -135,7 +148,12 @@ func (p *GormPlugin) ParseConnectionConfig(config *engine.PluginConfig) (*Connec
 			case portKey, parseTimeKey, locKey, allowClearTextPasswordsKey, sslModeKey, httpProtocolKey, readOnlyKey, debugKey, connectionTimeoutKey:
 				continue
 			default:
-				params[record.Key] = url.QueryEscape(record.Value) // todo: this may break for postgres
+				// PostgreSQL uses libpq connection string format, not URL query parameters
+				if p.Type == engine.DatabaseType_Postgres {
+					params[record.Key] = record.Value // Raw value, PostgreSQL plugin will handle escaping
+				} else {
+					params[record.Key] = url.QueryEscape(record.Value)
+				}
 			}
 		}
 		input.ExtraOptions = params

core/src/plugins/postgres/db.go

@@ -18,40 +18,33 @@ package postgres
 
 import (
 	"fmt"
+	"net/url"
 	"strings"
 
 	"github.com/clidey/whodb/core/src/engine"
 	"gorm.io/driver/postgres"
 	"gorm.io/gorm"
 )
 
-func escape(x string) string {
-	return strings.ReplaceAll(x, "'", "\\'")
-}
-
 func (p *PostgresPlugin) DB(config *engine.PluginConfig) (*gorm.DB, error) {
 	connectionInput, err := p.ParseConnectionConfig(config)
 	if err != nil {
 		return nil, err
 	}
 
-	host := escape(connectionInput.Hostname)
-	username := escape(connectionInput.Username)
-	password := escape(connectionInput.Password)
-	database := escape(connectionInput.Database)
+	dsn := fmt.Sprintf("postgresql://%s:%s@%s:%v/%s",
+		url.QueryEscape(connectionInput.Username),
+		url.QueryEscape(connectionInput.Password),
+		url.QueryEscape(connectionInput.Hostname),
+		connectionInput.Port,
+		url.QueryEscape(connectionInput.Database))
 
-	params := strings.Builder{}
 	if connectionInput.ExtraOptions != nil {
+		params := url.Values{}
 		for key, value := range connectionInput.ExtraOptions {
-			params.WriteString(fmt.Sprintf("%v='%v' ", strings.ToLower(key), escape(value)))
+			params.Add(strings.ToLower(key), value)
 		}
-	}
-
-	dsn := fmt.Sprintf("host='%v' user='%v' password='%v' dbname='%v' port='%v'",
-		host, username, password, database, connectionInput.Port)
-
-	if params.Len() > 0 {
-		dsn = fmt.Sprintf("%v %v", dsn, params.String())
+		dsn += "?" + params.Encode()
 	}
 
 	db, err := gorm.Open(postgres.Open(dsn), &gorm.Config{})

core/src/plugins/sqlite3/add.go

@@ -26,7 +26,7 @@ func (p *Sqlite3Plugin) GetCreateTableQuery(schema string, storageUnit string, c
 	var columnDefs []string
 
 	for _, column := range columns {
-		parts := []string{column.Key}
+		parts := []string{p.EscapeIdentifier(column.Key)}
 
 		// Handle primary key with INTEGER type for auto-increment
 		if primary, ok := column.Extra["primary"]; ok && primary == "true" {
@@ -47,5 +47,5 @@ func (p *Sqlite3Plugin) GetCreateTableQuery(schema string, storageUnit string, c
 		columnDefs = append(columnDefs, strings.Join(parts, " "))
 	}
 
-	return fmt.Sprintf("CREATE TABLE %s (%s)", storageUnit, strings.Join(columnDefs, ", "))
+	return fmt.Sprintf("CREATE TABLE %s (%s)", p.EscapeIdentifier(storageUnit), strings.Join(columnDefs, ", "))
 }

core/src/plugins/sqlite3/db.go

@@ -45,6 +45,10 @@ func (p *Sqlite3Plugin) DB(config *engine.PluginConfig) (*gorm.DB, error) {
 	}
 	database := connectionInput.Database
 	fileNameDatabase := filepath.Join(getDefaultDirectory(), database)
+	fileNameDatabase, err = filepath.EvalSymlinks(fileNameDatabase)
+	if err != nil {
+		return nil, err
+	}
 	if !strings.HasPrefix(fileNameDatabase, getDefaultDirectory()) {
 		return nil, errDoesNotExist
 	}

core/src/plugins/sqlite3/sqlite3.go

@@ -90,7 +90,8 @@ func (p *Sqlite3Plugin) GetTableNameAndAttributes(rows *sql.Rows, db *gorm.DB) (
 	}
 
 	var rowCount int64
-	rowCountRow := db.Raw(fmt.Sprintf("SELECT COUNT(*) FROM '%s'", tableName)).Row()
+	escapedTableName := p.EscapeIdentifier(tableName)
+	rowCountRow := db.Raw(fmt.Sprintf("SELECT COUNT(*) FROM %s", escapedTableName)).Row()
 	err := rowCountRow.Scan(&rowCount)
 	if err != nil {
 		return "", nil