-
Type: Bug
-
Resolution: Fixed
-
Priority: Unknown
-
Affects Version/s: None
-
Component/s: None
-
None
-
(copied to CRM)
-
Python Drivers
-
Not Needed
-
Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/Users/khalen.fredieu/tools/triage-scripts/triage_scripts/lib/python3.8/site-packages/pymongo/mongo_client.py", line 774, in __init__ res = uri_parser.parse_uri( File "/Users/khalen.fredieu/tools/triage-scripts/triage_scripts/lib/python3.8/site-packages/pymongo/uri_parser.py", line 568, in parse_uri nodes = split_hosts(hosts, default_port=default_port) File "/Users/khalen.fredieu/tools/triage-scripts/triage_scripts/lib/python3.8/site-packages/pymongo/uri_parser.py", line 381, in split_hosts nodes.append(parse_host(entity, port)) File "/Users/khalen.fredieu/tools/triage-scripts/triage_scripts/lib/python3.8/site-packages/pymongo/uri_parser.py", line 147, in parse_host raise ValueError(f"Port must be an integer between 0 and 65535: {port!r}") ValueError: Port must be an integer between 0 and 65535: 'pass'
Detailed steps to reproduce the problem?
- Instantiate a MongoClient with a connection string featuring a user:password, but have the password end in a forward slash
MongoClient("mongodb://user:pass/@localhost:27017")
Passwords are often changed manually, this bug was revealed after a manual password change led to the traceback above, and a password was printed to application logs.
Definition of done: what must be done to consider the task complete?
Avoid parsing passwords which have not been percent-encoded one would assume the parser should fail when it observes a malformed password. Alternatively, do not print potential password values in exceptions.
The exact Python version used, with patch level:
3.8.0 (v3.8.0:fa919fdf25, Oct 14 2019, 10:23:27) }}{{[Clang 6.0 (clang-600.0.57)]
The exact version of PyMongo used, with patch level:
4.8.0, }}{{True
Describe how MongoDB is set up. Local vs Hosted, version, topology, load balanced, etc.
Local, replica set, 3 nodes.
The operating system and version (e.g. Windows 7, OSX 10.8, ...)
Mac OS Sonoma 14.5
Web framework or asynchronous network library used, if any, with version (e.g. Django 1.7, mod_wsgi 4.3.0, gevent 1.0.1, Tornado 4.0.2, ...)
N/A
Security Vulnerabilities
If you’ve identified a security vulnerability in a driver or any other MongoDB project, please report it according to the instructions here
- related to
-
JAVA-5560 IllegalArgumentException thrown from ConnectionString could contain sensitive data in its message
- Closed
-
DRIVERS-2950 Drivers connection string parsing logic can print secrets in logs.
- Backlog
-
PYTHON-3251 Make trailing whitespace visible in invalid port exception
- Closed