Affects Version/s: None
Fix Version/s: None
Environment:clojure 1.9.0, clojure.java.jdbc 0.7.7
The parse-properties-uri function uses uri.getQuery(), which decodes the entire query string. This means that any query string parameters that include the characters = or & (even when properly encoded) will be lost in the subsequent steps to split apart the k/v pairs.
Instead, it should split the raw query string on "&", then the raw key-value pairs on "=". Then, decode each name or value independently using e.g. URLDecoder.
My use case is that I am passing a CA certificate in PEM format to Postgres in the connection string. Since the PEM data is base64, it sometimes ends with = padding, for example:
The parameter in the connection string is properly encoded:
When I use this connection string with clojure.java.jdbc, I receive an exception (java.security.cert.CertificateException: java.io.IOException: Incomplete data) because the equals padding and everything after it was truncated by this split.
Perhaps a more compelling use case for most folks is passwords. Postgres accepts passwords as connection string query parameters. If the password contains an equals sign or ampersand, you will receive baffling authentication failures:
First, set up a few users. (This also requires altering pg_hba.conf from the default.)
Now try connecting with clojure.java.jdbc: