fix(db): preserve percent encoding in database passwords

[ysinghc]

User description

SUMMARY

Fixes a critical bug where database connection passwords containing special characters fail to connect due to improper URL encoding handling in the sqlalchemy_uri_decrypted property.

Root Cause:
The Database.sqlalchemy_uri_decrypted property used str(conn) to convert SQLAlchemy URL objects to strings, which loses percent encoding during the conversion.

Solution:

1. Pre-encode the raw password using urllib.parse.quote(safe="") to ensure special characters are properly encoded
2. Set the encoded password in the URL object: conn.set(password=encoded_password)
3. Use conn.render_as_string(hide_password=False) instead of str(conn) to preserve the URL encoding

This ensures passwords with special characters survive the encode -> store -> decode -> parse cycle without data loss.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

TESTING INSTRUCTIONS

1. Unit Test:

pytest tests/unit_tests/models/test_core_database_password_encoding.py -v

2. Integration Test:

pytest tests/integration_tests/test_database_password_encoding.py -v

ADDITIONAL INFORMATION

• Has associated issue: Escaping the % character as %25 in the password within the connection string does not work #36328
• Required feature flags:
• Changes UI
• Includes DB Migration (follow approval process in SIP-59)
  • Migration is atomic, supports rollback & is backwards-compatible
  • Confirm DB migration upgrade and downgrade tested
  • Runtime estimates and downtime expectations provided
• Introduces new feature or API
• Removes existing feature or API

---

CodeAnt-AI Description

Preserve percent-encoding for database passwords to avoid connection failures

What Changed

• The decrypted SQLAlchemy URI now preserves percent-encoding for stored passwords so passwords containing %, #, @, :, /, ?, &, = and other special characters survive save/load/parse cycles.
• When an app-level custom password store is configured, its returned password is encoded and rendered correctly in the URI; when no custom store is used, the model password is handled the same way.
• Added unit and integration tests that verify round-trip password preservation, engine creation with special-character passwords, encrypted storage, and correct password masking in URLs.

Impact

✅ Fewer database connection failures with special-character passwords
✅ Reliable engine creation when passwords contain percent or other special characters
✅ Clearer masked connection URLs

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

[codeant-ai-for-open-source]

CodeAnt AI is reviewing your PR.

---

Thanks for using CodeAnt! 🎉

We're free for open-source projects. if you're enjoying it, help us grow by sharing.

Share on X ·
Reddit ·
LinkedIn

[bito-code-review]

Code Review Agent Run #9cc4c2

Actionable Suggestions - 0

Additional Suggestions - 1

• tests/integration_tests/test_database_password_encoding.py - 1

  • Weak test assertion for password encryption · Line 81-93
    The test 'test_database_password_stored_encrypted' checks that the password field is set and is a string, but doesn't verify that encryption occurred. Since the password field uses encrypted_field_factory, the stored value should differ from the plaintext input. Add 'assert db.password != password' to ensure encryption is working.

Review Details

• Files reviewed - 3 · Commit Range: f5530a3..f5530a3

  • superset/models/core.py
  • tests/integration_tests/test_database_password_encoding.py
  • tests/unit_tests/models/test_core_database_password_encoding.py
• Files skipped - 0
• Tools

  • Whispers (Secret Scanner) - ✔︎ Successful
  • Detect-secrets (Secret Scanner) - ✔︎ Successful
  • MyPy (Static Code Analysis) - ✔︎ Successful
  • Astral Ruff (Static Code Analysis) - ✔︎ Successful

---

Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

• /review - Manually triggers a full AI review.

• /pause - Pauses automatic reviews on this pull request.

• /resume - Resumes automatic reviews.

• /resolve - Marks all Bito-posted review comments as resolved.

• /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Superset You can customize the agent settings here or contact your Bito workspace admin at [email protected].

Documentation & Help

• Customize agent settings
• Review rules
• General documentation
• FAQ

AI Code Review powered by

[codeant-ai-for-open-source]

Nitpicks 🔍

🔒 No security issues identified

⚡ Recommended areas for review Exposure surface The property returns the full connection string via conn.render_as_string(hide_password=False). Ensure callers of this property don't log or leak the returned URL; changes here preserve encoded password and may make accidental leaks harder to notice in logs. Possible double-encoding The logic in sqlalchemy_uri_decrypted percent-encodes raw_password with quote(raw_password, safe=""). If the raw password is already percent-encoded (e.g. coming from a custom password store or external input), this may produce double-encoded values and result in incorrect credentials when SQLAlchemy parses the URL. Consider normalizing by unquoting before quoting or otherwise ensuring idempotent encoding. Double-encoding risk The code always calls urllib.parse.quote() on raw_password before setting it on the URL. If raw_password is already percent-encoded (for example stored that way by some custom stores or during import), quoting again will double-encode the value and break authentication. Non-str password types raw_password may be bytes or another non-str type (coming from custom password stores or encrypted fields). Passing a bytes value to quote() will raise or behave unexpectedly. Coerce/validate the type before quoting. Empty vs None handling The implementation treats empty string and None differently: empty string is quoted into "" and set as password, while None clears the password. Ensure this maps to expected behavior when constructing and parsing URLs (some URL parsers may interpret empty password differently). Confirm the tests cover both cases and that downstream consumers accept both.

[Copilot]

Pull request overview

This PR fixes a critical bug where database connection passwords containing special characters (especially percent signs) fail due to improper URL encoding in the sqlalchemy_uri_decrypted property. The fix ensures passwords survive the encode-store-decode-parse cycle without data loss.

Key Changes:

• Modified Database.sqlalchemy_uri_decrypted to pre-encode passwords using urllib.parse.quote before setting them on the URL object
• Replaced str(conn) with conn.render_as_string(hide_password=False) to preserve URL encoding
• Added comprehensive unit and integration tests for password encoding scenarios

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File	Description
superset/models/core.py	Updated sqlalchemy_uri_decrypted property to properly encode special characters in passwords using URL percent-encoding before rendering the URI string
tests/unit_tests/models/test_core_database_password_encoding.py	Added comprehensive unit tests covering various special characters, edge cases (empty/None), and different app contexts
tests/integration_tests/test_database_password_encoding.py	Added integration tests verifying password encoding through full database model lifecycle including engine creation and password masking

[Copilot]

Consider adding test cases for additional edge cases such as passwords containing spaces, backslashes, and unicode characters to ensure comprehensive coverage of the encoding logic. For example: "pass word" (with space), "pass\word" (with backslash), or "pässwörd" (with unicode).

[codeant-ai-for-open-source]

CodeAnt AI finished reviewing your PR.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 68.11%. Comparing base (76d897e) to head (e3e44b5).
⚠️ Report is 3213 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #36783      +/-   ##
==========================================
+ Coverage   60.48%   68.11%   +7.62%     
==========================================
  Files        1931      640    -1291     
  Lines       76236    47636   -28600     
  Branches     8568     5202    -3366     
==========================================
- Hits        46114    32445   -13669     
+ Misses      28017    13911   -14106     
+ Partials     2105     1280     -825     

Flag	Coverage Δ
hive	43.05% <81.81%> (-6.11%)	⬇️
javascript	?
mysql	66.11% <100.00%> (?)
postgres	66.16% <100.00%> (?)
presto	46.65% <81.81%> (-7.16%)	⬇️
python	68.07% <100.00%> (+4.57%)	⬆️
sqlite	65.88% <100.00%> (?)
unit	100.00% <ø> (+42.36%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[bito-code-review]

Code Review Agent Run #caab2e

Actionable Suggestions - 0

Review Details

• Files reviewed - 3 · Commit Range: f5530a3..e3e44b5

  • superset/models/core.py
  • tests/integration_tests/test_database_password_encoding.py
  • tests/unit_tests/models/test_core_database_password_encoding.py
• Files skipped - 0
• Tools

  • Whispers (Secret Scanner) - ✔︎ Successful
  • Detect-secrets (Secret Scanner) - ✔︎ Successful
  • MyPy (Static Code Analysis) - ✔︎ Successful
  • Astral Ruff (Static Code Analysis) - ✔︎ Successful

---

Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

• /review - Manually triggers a full AI review.

• /pause - Pauses automatic reviews on this pull request.

• /resume - Resumes automatic reviews.

• /resolve - Marks all Bito-posted review comments as resolved.

• /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Superset You can customize the agent settings here or contact your Bito workspace admin at [email protected].

Documentation & Help

• Customize agent settings
• Review rules
• General documentation
• FAQ

AI Code Review powered by