sqlcmd quote around DB name

Author: dzsquared

__tests__/AzureSqlAction.test.ts

@@ -55,10 +55,12 @@ describe('AzureSqlAction tests', () => {
     describe('sql script action tests for different auth types', () => {
         // Format: [test case description, connection string, expected sqlcmd arguments]
         const testCases = [
-            ['SQL login', 'Server=testServer.database.windows.net;Database=testDB;User Id=testUser;Password=placeholder', '-S testServer.database.windows.net,1433 -d testDB -U "testUser" -i "./TestFile.sql" -t 20'],
-            ['AAD password', 'Server=testServer.database.windows.net;Database=testDB;Authentication=Active Directory Password;User Id=testAADUser;Password=placeholder', '-S testServer.database.windows.net,1433 -d testDB --authentication-method=ActiveDirectoryPassword -U "testAADUser" -i "./TestFile.sql" -t 20'],
-            ['AAD service principal', 'Server=testServer.database.windows.net;Database=testDB;Authentication=Active Directory Service Principal;User Id=appId;Password=placeholder', '-S testServer.database.windows.net,1433 -d testDB --authentication-method=ActiveDirectoryServicePrincipal -U "appId" -i "./TestFile.sql" -t 20'],
-            ['AAD default', 'Server=testServer.database.windows.net;Database=testDB;Authentication=Active Directory Default;', '-S testServer.database.windows.net,1433 -d testDB --authentication-method=ActiveDirectoryDefault -i "./TestFile.sql" -t 20']
+            ['SQL login', 'Server=testServer.database.windows.net;Database=testDB;User Id=testUser;Password=placeholder', '-S testServer.database.windows.net,1433 -d "testDB" -U "testUser" -i "./TestFile.sql" -t 20'],
+            ['AAD password', 'Server=testServer.database.windows.net;Database=testDB;Authentication=Active Directory Password;User Id=testAADUser;Password=placeholder', '-S testServer.database.windows.net,1433 -d "testDB" --authentication-method=ActiveDirectoryPassword -U "testAADUser" -i "./TestFile.sql" -t 20'],
+            ['AAD service principal', 'Server=testServer.database.windows.net;Database=testDB;Authentication=Active Directory Service Principal;User Id=appId;Password=placeholder', '-S testServer.database.windows.net,1433 -d "testDB" --authentication-method=ActiveDirectoryServicePrincipal -U "appId" -i "./TestFile.sql" -t 20'],
+            ['AAD default', 'Server=testServer.database.windows.net;Database=testDB;Authentication=Active Directory Default;', '-S testServer.database.windows.net,1433 -d "testDB" --authentication-method=ActiveDirectoryDefault -i "./TestFile.sql" -t 20'],
+            ['SQL login (DB has space)', 'Server=testServer.database.windows.net;Database=test DB;User Id=testUser;Password=placeholder', '-S testServer.database.windows.net,1433 -d "test DB" -U "testUser" -i "./TestFile.sql" -t 20'],
+            ['SQL login (DB has quote)', 'Server=testServer.database.windows.net;Database=test"DB;User Id=testUser;Password=placeholder', '-S testServer.database.windows.net,1433 -d "test\\"DB" -U "testUser" -i "./TestFile.sql" -t 20']
         ];
 
         it.each(testCases)('%s', async (testCase, connectionString, expectedSqlCmdCall) => {
@@ -88,8 +90,8 @@ describe('AzureSqlAction tests', () => {
     describe('sql script action tests for different port numbers', () => {
         // Format: [test case description, connection string, expected sqlcmd arguments]
         const testCases = [
-            ['Default port', 'Server=testServer.database.windows.net;Database=testDB;User Id=testUser;Password=placeholder', '-S testServer.database.windows.net,1433 -d testDB -U "testUser" -i "./TestFile.sql" -t 20'],
-            ['Custom port', 'Server=testServer.database.windows.net,1234;Database=testDB;User Id=testUser;Password=placeholder', '-S testServer.database.windows.net,1234 -d testDB -U "testUser" -i "./TestFile.sql" -t 20']
+            ['Default port', 'Server=testServer.database.windows.net;Database=testDB;User Id=testUser;Password=placeholder', '-S testServer.database.windows.net,1433 -d "testDB" -U "testUser" -i "./TestFile.sql" -t 20'],
+            ['Custom port', 'Server=testServer.database.windows.net,1234;Database=testDB;User Id=testUser;Password=placeholder', '-S testServer.database.windows.net,1234 -d "testDB" -U "testUser" -i "./TestFile.sql" -t 20']
             ];
 
         it.each(testCases)('%s', async (testCase, connectionString, expectedSqlCmdCall) => {

lib/main.js

@@ -83,6 +83,15 @@ export default class SqlConnectionConfig {
         return result;
     }
 
+    /**
+     * Returns the database name enclosed by quotes for use in sqlcmd commands.
+     * Escapes any quotes in the database name with \"
+     */
+    public get QuotedDatabaseName(): string {
+        let dbName = this.Database.replace(/"/g, '\\"');
+        return `"${dbName}"`;
+    }
+
     /**
      * The basic format of a connection string includes a series of keyword/value pairs separated by semicolons. 
      * The equal sign (=) connects each keyword and its value. (Ex: Key1=Val1;Key2=Val2)

src/SqlConnectionConfig.ts

@@ -52,7 +52,7 @@ export default class SqlUtils {
      * @returns A ConnectionResult object indicating success/failure, the connection on success, or the error on failure.
      */
     private static async tryConnection(config: SqlConnectionConfig, useMaster?: boolean): Promise<ConnectionResult> {
-        const database = useMaster ? "master" : config.Database;
+        const database = useMaster ? "master" : config.QuotedDatabaseName;
 
         let sqlCmdError = '';
         try {
@@ -120,7 +120,7 @@ export default class SqlUtils {
         }
 
         if (!database) {
-            database = connectionConfig.Database;
+            database = connectionConfig.QuotedDatabaseName;
         }
 
         let sqlcmdCall = `"${sqlCmdPath}" -S ${connectionConfig.Server},${connectionConfig.Port ?? 1433} -d ${database}`;