Escape PostgreSQL connection string whitespace#7787
Conversation
Signed-off-by: Zbynek Roubalik <[email protected]>
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
|
Thank you for your contribution! 🙏 Please understand that we will do our best to review your PR and give you feedback as soon as possible, but please bear with us if it takes a little longer as expected. While you are waiting, make sure to:
Once the initial tests are successful, a KEDA member will ensure that the e2e tests are run. Once the e2e tests have been successfully completed, the PR may be merged at a later date. Please be patient. Learn more about our contribution guide. |
|
/run-e2e postgres passed tests: 3failed tests: 0 |
There was a problem hiding this comment.
Pull request overview
This PR hardens the PostgreSQL scaler’s generated keyword/value connection strings to prevent parameter injection via whitespace and quote/backslash characters, addressing issue #7784.
Changes:
- Update connection-parameter escaping to quote values containing any whitespace and to escape single quotes/backslashes.
- Add unit tests covering whitespace and quote/backslash escaping, plus an end-to-end connection-string generation case.
- Document the behavior change in the changelog.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| pkg/scalers/postgresql_scaler.go | Strengthens connection parameter escaping to safely quote/escape whitespace and quote/backslash characters. |
| pkg/scalers/postgresql_scaler_test.go | Adds focused tests for the escaping helper and connection string generation behavior with whitespace. |
| CHANGELOG.md | Notes the PostgreSQL scaler change for end users. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Signed-off-by: Zbynek Roubalik <[email protected]> Signed-off-by: Yurii Shcherbak <[email protected]>
Escapes PostgreSQL scaler generated keyword/value connection string parameters more defensively.
Generated connection strings previously quoted parameters only when they contained a literal space. This now quotes values containing any whitespace and escapes quote/backslash characters so user-provided values cannot split into additional connection parameters.
Checklist
Fixes #7784