Build database URL using sqlalchemy URL create

String concatination can cause issues with special characters and can be a risk for URL parameter injection. fixes https://github.com/maxdorninger/MediaManager/issues/193
2026-04-18 04:53:59 +02:00 · 2025-11-02 12:17:41 +01:00
parent 8e9947652d
commit 45fc771c16
1 changed files with 8 additions and 12 deletions
--- a/media_manager/database/init.py
+++ b/media_manager/database/init.py
@@ -4,6 +4,7 @@ from typing import Annotated, Any, Generator

 from fastapi import Depends
 from sqlalchemy import create_engine
+from sqlalchemy.engine.url import URL
 from sqlalchemy.orm import Session, declarative_base, sessionmaker

 from media_manager.config import AllEncompassingConfig
@@ -11,18 +12,13 @@ from media_manager.config import AllEncompassingConfig
 log = logging.getLogger(__name__)
 config = AllEncompassingConfig().database

-db_url = (
-    "postgresql+psycopg"
-    + "://"
-    + config.user
-    + ":"
-    + config.password
-    + "@"
-    + config.host
-    + ":"
-    + str(config.port)
-    + "/"
-    + config.dbname
+db_url = URL.create(
+    "postgresql+psycopg",
+    config.user,
+    config.password,
+    config.host,
+    config.port,
+    config.dbname,
 )

 engine = create_engine(