arunk-kumar opened a new pull request, #1069:
URL: https://github.com/apache/ranger/pull/1069

   ## Summary
   
   Fixes [RANGER-5631](https://issues.apache.org/jira/browse/RANGER-5631). 
Setup and DB scripts fail on any password containing percent, backslash, 
backtick, single quote, or double quote.
   
   ## Root cause
   
   1. ConfigParser treats percent as an interpolation prefix — a value like 
100%pure raises InterpolationSyntaxError.
   2. get_jisql_cmd builds the command with the password wrapped in single 
quotes, then shlex.splits it — so a single quote in the password breaks the 
quoting. A denylist regex hid the real bug by rejecting the problematic 
characters upfront.
   
   ## Fix
   
   - unixauthservice/scripts/setup.py: switch to 
ConfigParser(interpolation=None); drop the denylist (this file is Unix-only).
   - security-admin/ and kms/ dba_script.py + db_setup.py: unquote the password 
format specifier and wrap it with shlex.quote() at every Unix get_jisql_cmd 
site (MySQL, Oracle, Postgres, MSSQL, SQLAnywhere).
   - Windows retains a double-quote-only denylist. Proper cmd.exe quoting is 
out of scope here; happy to file a follow-up ticket.
   
   ## Testing
   
   - Full mvn -T 8 clean verify — all 90 modules green.
   - Local Python smoke test round-trips 18 problem passwords (percent, 
backslash, backticks, quotes, shell-substitution attempts, arg-injection 
dashes) through the exact ConfigParser and shlex.quote → shlex.split → 
subprocess pipeline used by the patched code paths.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to