arunk-kumar opened a new pull request, #1069: URL: https://github.com/apache/ranger/pull/1069
## Summary Fixes [RANGER-5631](https://issues.apache.org/jira/browse/RANGER-5631). Setup and DB scripts fail on any password containing percent, backslash, backtick, single quote, or double quote. ## Root cause 1. ConfigParser treats percent as an interpolation prefix — a value like 100%pure raises InterpolationSyntaxError. 2. get_jisql_cmd builds the command with the password wrapped in single quotes, then shlex.splits it — so a single quote in the password breaks the quoting. A denylist regex hid the real bug by rejecting the problematic characters upfront. ## Fix - unixauthservice/scripts/setup.py: switch to ConfigParser(interpolation=None); drop the denylist (this file is Unix-only). - security-admin/ and kms/ dba_script.py + db_setup.py: unquote the password format specifier and wrap it with shlex.quote() at every Unix get_jisql_cmd site (MySQL, Oracle, Postgres, MSSQL, SQLAnywhere). - Windows retains a double-quote-only denylist. Proper cmd.exe quoting is out of scope here; happy to file a follow-up ticket. ## Testing - Full mvn -T 8 clean verify — all 90 modules green. - Local Python smoke test round-trips 18 problem passwords (percent, backslash, backticks, quotes, shell-substitution attempts, arg-injection dashes) through the exact ConfigParser and shlex.quote → shlex.split → subprocess pipeline used by the patched code paths. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
