Allow for changing database name (#1397)

* Remove hard coded database name * Update permissions on build scripts * Update Setup project and run scripts for configuring database name * Remove hyphen from database name flag * Update with suggested changes, still needs testing * Revert SQL statements to concatenantion for testing * Fix typo * Update util/Setup/EnvironmentFileBuilder.cs Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com> * Update SQL commands to prevent SQL injection attacks Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
2025-06-30 07:36:14 -05:00 · 2021-07-02 10:52:34 -04:00
parent 86a12efa76
commit bdcfbb3b43
10 changed files with 73 additions and 27 deletions
--- a/util/Migrator/DbMigrator.cs
+++ b/util/Migrator/DbMigrator.cs
@ -34,15 +34,24 @@ namespace Bit.Migrator

            using (var connection = new SqlConnection(_masterConnectionString))
            {
+                var databaseName = new SqlConnectionStringBuilder(_connectionString).InitialCatalog;
+                if (string.IsNullOrWhiteSpace(databaseName))
+                {
+                    databaseName = "vault";
+                }
+                var commandBuilder = new SqlCommandBuilder();
+                var databaseNameQuoted = new SqlCommandBuilder().QuoteIdentifier(databaseName);
                var command = new SqlCommand(
-                    "IF ((SELECT COUNT(1) FROM sys.databases WHERE [name] = 'vault') = 0) " +
-                    "CREATE DATABASE [vault];", connection);
+                    "IF ((SELECT COUNT(1) FROM sys.databases WHERE [name] = '@DatabaseName') = 0) " +
+                    "CREATE DATABASE " + databaseNameQuoted + ";", connection);
+                command.Parameters.Add("@DatabaseName", System.Data.SqlDbType.VarChar);
+                command.Parameters["@DatabaseName"].Value = databaseName;
                command.Connection.Open();
                command.ExecuteNonQuery();

                command.CommandText = "IF ((SELECT DATABASEPROPERTYEX([name], 'IsAutoClose') " +
-                    "FROM sys.databases WHERE [name] = 'vault') = 1) " +
-                    "ALTER DATABASE [vault] SET AUTO_CLOSE OFF;";
+                    "FROM sys.databases WHERE [name] = '@DatabaseName') = 1) " +
+                    "ALTER DATABASE " + databaseNameQuoted + " SET AUTO_CLOSE OFF;";
                command.ExecuteNonQuery();
            }