Skip to content

fix(PDO): strip libpq-style paired quotes from dbname DSN value #3885

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Leiyks merged 3 commits into from
May 18, 2026
Merged

fix(PDO): strip libpq-style paired quotes from dbname DSN value #3885

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
9e21345
fix(PDO): strip libpq-style paired quotes from dbname DSN value
Leiyks May 18, 2026
11b382f
chore: shorten inline comment
Leiyks May 18, 2026
272f0f0
test(PDO): move parseDsn quote-handling cases into PDOTest
Leiyks May 18, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions src/DDTrace/Integrations/PDO/PDOIntegration.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -247,6 +247,10 @@ private static function parseDsn($dsn)
$tags[Tag::DB_SYSTEM] = $dbSystem;
$tags[Tag::DB_TYPE] = $dbSystem; // db.type is DD equivalent to db.system in OpenTelemetry, used for SQL spans obfuscation

// Match libpq: strip paired wrapping single quotes from dbname (APMS-19464).
if (strlen($db) >= 2 && $db[0] === "'" && substr($db, -1) === "'") {
$db = substr($db, 1, -1);
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot May 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Unescape libpq-quoted dbnames before tagging

When a valid pgsql DSN uses libpq escaping inside the quoted dbname, this only removes the outer quotes and leaves escape characters in the tag. For example pgsql:dbname='customer\'s db' connects to database customer's db, but the span now emits db.name=customer\'s db, so peer-service/db-name identity is still split for quoted database names containing a quote or backslash. After stripping libpq-style quotes, the escaped \' and \\ sequences need to be decoded as libpq does.

Useful? React with 👍 / 👎.

}
if ($db !== "") {
$tags[Tag::DB_NAME] = $db;
}
Expand Down
31 changes: 31 additions & 0 deletions tests/Integrations/PDO/PDOTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,11 @@

namespace DDTrace\Tests\Integrations\PDO;

use DDTrace\Integrations\PDO\PDOIntegration;
use DDTrace\Tag;
use DDTrace\Tests\Common\IntegrationTestCase;
use DDTrace\Tests\Common\SpanAssertion;
use ReflectionMethod;
use function DDTrace\close_span;
use function DDTrace\start_trace_span;

Expand Down Expand Up @@ -907,4 +909,33 @@ protected function baseTags($expectPeerService = false)

return $tags;
}

/**
* @dataProvider dsnDbNameCases
*/
public function testParseDsnDbNameQuoteHandling($dsn, $expectedDbName)
{
$method = new ReflectionMethod(PDOIntegration::class, 'parseDsn');
$method->setAccessible(true);
$tags = $method->invoke(null, $dsn);

if ($expectedDbName === null) {
$this->assertArrayNotHasKey(Tag::DB_NAME, $tags);
} else {
$this->assertSame($expectedDbName, $tags[Tag::DB_NAME]);
}
}

public function dsnDbNameCases()
{
return [
'unquoted dbname' => ['pgsql:host=h;dbname=milk', 'milk'],
'paired single quotes stripped' => ["pgsql:host=h;dbname='milk'", 'milk'],
'double quotes preserved as-is' => ['pgsql:host=h;dbname="milk"', '"milk"'],
'unpaired leading quote preserved' => ["pgsql:host=h;dbname='milk", "'milk"],
'unpaired trailing quote preserved' => ["pgsql:host=h;dbname=milk'", "milk'"],
'empty quoted dbname omitted' => ["pgsql:host=h;dbname=''", null],
'database= alias also stripped' => ["mysql:host=h;database='foo'", 'foo'],
];
}
}
Loading