update sqlite escaping, add symlink check, remove escaping for sqlite + postgres since they're not using connection urls

modelorona · modelorona · commit 68135979a7da · 2025-06-16T15:01:52.000-07:00
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,7 @@
 /.idea
 /.vscode
 /dev/elasticsearch
-DS_Store
+DS_Store
+.DS_Store
+__debug*
+*.db
diff --git a/core/src/plugins/gorm/db.go b/core/src/plugins/gorm/db.go
@@ -18,13 +18,14 @@ package gorm_plugin
 
 import (
 	"fmt"
+	"net/url"
+	"strconv"
+	"time"
+
 	"github.com/clidey/whodb/core/src/common"
 	"github.com/clidey/whodb/core/src/engine"
 	"github.com/clidey/whodb/core/src/plugins"
 	"gorm.io/gorm"
-	"net/url"
-	"strconv"
-	"time"
 )
 
 const (
@@ -111,11 +112,23 @@ func (p *GormPlugin) ParseConnectionConfig(config *engine.PluginConfig) (*Connec
 		return nil, err
 	}
 
+	database := config.Credentials.Database
+	username := config.Credentials.Username
+	password := config.Credentials.Password
+	hostname := config.Credentials.Hostname
+
+	if p.Type != engine.DatabaseType_Sqlite3 && p.Type != engine.DatabaseType_Postgres {
+		database = url.PathEscape(database)
+		username = url.PathEscape(username)
+		password = url.PathEscape(password)
+		hostname = url.PathEscape(hostname)
+	}
+
 	input := &ConnectionInput{
-		Username:                url.PathEscape(config.Credentials.Username),
-		Password:                url.PathEscape(config.Credentials.Password),
-		Database:                url.PathEscape(config.Credentials.Database),
-		Hostname:                url.PathEscape(config.Credentials.Hostname),
+		Username:                username,
+		Password:                password,
+		Database:                database,
+		Hostname:                hostname,
 		Port:                    port,
 		ParseTime:               parseTime,
 		Loc:                     loc,
diff --git a/core/src/plugins/sqlite3/db.go b/core/src/plugins/sqlite3/db.go
@@ -45,6 +45,10 @@ func (p *Sqlite3Plugin) DB(config *engine.PluginConfig) (*gorm.DB, error) {
 	}
 	database := connectionInput.Database
 	fileNameDatabase := filepath.Join(getDefaultDirectory(), database)
+	fileNameDatabase, err = filepath.EvalSymlinks(fileNameDatabase)
+	if err != nil {
+		return nil, err
+	}
 	if !strings.HasPrefix(fileNameDatabase, getDefaultDirectory()) {
 		return nil, errDoesNotExist
 	}
diff --git a/core/src/plugins/sqlite3/utils.go b/core/src/plugins/sqlite3/utils.go
@@ -49,5 +49,5 @@ func (p *Sqlite3Plugin) GetColTypeQuery() string {
 
 func (p *Sqlite3Plugin) EscapeSpecificIdentifier(identifier string) string {
 	identifier = strings.Replace(identifier, "\"", "\"\"", -1)
-	return "\"" + identifier + "\""
+	return identifier
 }

Original file line number	Diff line number	Diff line change
`@@ -45,6 +45,10 @@ func (p Sqlite3Plugin) DB(config engine.PluginConfig) (*gorm.DB, error) {`
`45`	`45`	`}`
`46`	`46`	`database := connectionInput.Database`
`47`	`47`	`fileNameDatabase := filepath.Join(getDefaultDirectory(), database)`
	`48`	`+ fileNameDatabase, err = filepath.EvalSymlinks(fileNameDatabase)`
	`49`	`+ if err != nil {`
	`50`	`+ return nil, err`
	`51`	`+ }`
`48`	`52`	`if !strings.HasPrefix(fileNameDatabase, getDefaultDirectory()) {`
`49`	`53`	`return nil, errDoesNotExist`
`50`	`54`	`}`
Original file line number	Diff line number	Diff line change
`@@ -49,5 +49,5 @@ func (p *Sqlite3Plugin) GetColTypeQuery() string {`
`49`	`49`
`50`	`50`	`func (p *Sqlite3Plugin) EscapeSpecificIdentifier(identifier string) string {`
`51`	`51`	`identifier = strings.Replace(identifier, "\"", "\"\"", -1)`
`52`		`- return "\"" + identifier + "\""`
	`52`	`+ return identifier`
`53`	`53`	`}`