Skip to content

Refactor MySQL connection string assignment logic #4484

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
tanushahande2003 wants to merge 1 commit into from
+5 −2
Closed

Refactor MySQL connection string assignment logic #4484

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions Ginger/GingerCoreNET/Database/DatabaseOperations.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -489,11 +489,14 @@
Password = EncryptionHandler.DecryptwithKey(PassCalculated)
};
if (port1.HasValue) my.Port = port1.Value;
Database.ConnectionString = my.ConnectionString;
if (string.IsNullOrEmpty(ConnectionStringCalculated))
{
Database.ConnectionString = my.ConnectionString;
}

oConn = new MySqlConnection
{
ConnectionString = my.ConnectionString
ConnectionString = GetConnectionString()

Check failure

Code scanning / CodeQL

Resource injection Critical

This resource descriptor depends on a
user-provided value
Loading
.
Comment on lines +492 to +499
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Guard currently preserves connection string assignment but still requires valid TNS unnecessarily

ConnectionStringCalculated is checked only for assignment (Line 492), but MySQL host parsing/ValidateHostPort(...) runs earlier regardless.
If Database.ConnectionString is already provided and Database.TNS is empty/invalid, connect still fails before Line 499 uses GetConnectionString().

Proposed fix 
                     case eDBTypes.MySQL:
-                        string mySQLHost = TNSCalculated;
-                        uint? port1 = null;
-                        if (TNSCalculated.Contains(':', StringComparison.Ordinal))
-                        {
-                            var parts = TNSCalculated.Split(':', 2);
-                            mySQLHost = parts[0];
-                            if (uint.TryParse(parts[1], out uint p)) port1 = p;
-                        }
-
-                        ValidateHostPort(mySQLHost, port1.HasValue ? (int?)port1.Value : null);
-
-                        var my = new MySqlConnectionStringBuilder
-                        {
-                            Server = mySQLHost,
-                            Database = Database.Name ?? string.Empty,
-                            UserID = UserCalculated,
-                            Password = EncryptionHandler.DecryptwithKey(PassCalculated)
-                        };
-                        if (port1.HasValue) my.Port = port1.Value;
-                        if (string.IsNullOrEmpty(ConnectionStringCalculated))
-                        {
-                            Database.ConnectionString = my.ConnectionString;
-                        }
+                        if (string.IsNullOrEmpty(ConnectionStringCalculated))
+                        {
+                            string mySQLHost = TNSCalculated;
+                            uint? port1 = null;
+                            if (TNSCalculated.Contains(':', StringComparison.Ordinal))
+                            {
+                                var parts = TNSCalculated.Split(':', 2);
+                                mySQLHost = parts[0];
+                                if (uint.TryParse(parts[1], out uint p)) port1 = p;
+                            }
+
+                            ValidateHostPort(mySQLHost, port1.HasValue ? (int?)port1.Value : null);
+
+                            var my = new MySqlConnectionStringBuilder
+                            {
+                                Server = mySQLHost,
+                                Database = Database.Name ?? string.Empty,
+                                UserID = UserCalculated,
+                                Password = EncryptionHandler.DecryptwithKey(PassCalculated)
+                            };
+                            if (port1.HasValue) my.Port = port1.Value;
+                            Database.ConnectionString = my.ConnectionString;
+                        }
 
                         oConn = new MySqlConnection
                         {
                             ConnectionString = GetConnectionString()
                         };
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@Ginger/GingerCoreNET/Database/DatabaseOperations.cs` around lines 492 - 499,
The code runs ValidateHostPort(...) and requires a valid Database.TNS even when
a complete connection string exists; update the logic to skip host/TNS parsing
when a connection string is already provided or ConnectionStringCalculated is
true: i.e., before calling ValidateHostPort (or wrap that call), add a guard
checking if !string.IsNullOrEmpty(Database.ConnectionString) ||
ConnectionStringCalculated and only run ValidateHostPort when that guard is
false so GetConnectionString() and the MySqlConnection initialization (oConn /
GetConnectionString) can succeed without TNS validation.

};
oConn.Open();
break;
Expand Down
Loading