FEAT: Improved Connection String handling in Python (#307)

### Work Item / Issue Reference  
<!-- 
IMPORTANT: Please follow the PR template guidelines below.
For mssql-python maintainers: Insert your ADO Work Item ID below (e.g.
AB#37452)
For external contributors: Insert Github Issue number below (e.g. #149)
Only one reference is required - either GitHub issue OR ADO Work Item.
-->

<!-- mssql-python maintainers: ADO Work Item -->
>
[AB#39896](https://sqlclientdrivers.visualstudio.com/c6d89619-62de-46a0-8b46-70b92a84d85e/_workitems/edit/39896)

<!-- External contributors: GitHub Issue -->
> GitHub Issue: #306

-------------------------------------------------------------------
### Summary   
Fixes #306 by introducing a connection string parser for mssql-python.


### PR Title Guide

FEAT: Improve connection string parsing, honor the allow list, and
improve error messaging.

# Connection String Allowlist Feature - Review Guide

## Overview

This PR introduces a comprehensive connection string validation and
allowlist system that validates all ODBC connection parameters before
passing them to the driver, improving usability and providing better
error messages.

---

## What This Changes

**Before:** Connection strings were passed directly to the ODBC driver
with minimal or no validation. Unknown parameters were silently ignored
by ODBC, malformed strings caused cryptic ODBC errors.

**After:** All connection strings are parsed, validated against an
allowlist of ODBC Driver 18 parameters, and reconstructed with proper
escaping. Clear error messages are provided for any issues.

---

## Data Flow

```
User Input (connection string + kwargs)
    ↓
┌─────────────────────────────────────────────┐
│ Connection.__init__()                        │
│ _construct_connection_string()              │
└─────────────────────────────────────────────┘
    ↓
┌─────────────────────────────────────────────┐
│ Step 1: Parse Connection String             │
│ _ConnectionStringParser.parse()             │
│   - Tokenizes key=value pairs               │
│   - Handles braced values: {val}            │
│   - Processes escape sequences: }}-> }      │
│   - Detects syntax errors                   │
│   Output: Dict[str, str]                    │
└─────────────────────────────────────────────┘
    ↓
┌─────────────────────────────────────────────┐
│ Step 2: Validate Against Allowlist          │
│ ConnectionStringAllowList.normalize_keys()   │
│   - Checks unknown parameters               │
│   - Normalizes synonyms (host→Server)       │
│   - Blocks reserved params (Driver, APP)    │
│   - Warns about rejected params             │
│   Output: Dict[str, str] (filtered)         │
└─────────────────────────────────────────────┘
    ↓
┌─────────────────────────────────────────────┐
│ Step 3: Process kwargs                      │
│   - Normalize each kwarg key                │
│   - Block reserved parameters               │
│   - Merge into filtered params              │
│   - kwargs override connection string       │
└─────────────────────────────────────────────┘
    ↓
┌─────────────────────────────────────────────┐
│ Step 4: Build Connection String             │
│ _ConnectionStringBuilder.build()            │
│   - Add Driver (hardcoded)                  │
│   - Add APP=MSSQL-Python                    │
│   - Escape special characters               │
│   - Format: key1=value1;key2=value2;        │
│   Output: str (final connection string)     │
└─────────────────────────────────────────────┘
    ↓
ODBC Driver (validated, safe connection string)
```

---

## File Structure & Review Order

### **Recommended Review Order**

Review in this sequence to understand the architecture:

#### 1. **Core Components** (understand the building blocks)

1. **`mssql_python/connection_string_parser.py`**  Start here
   - **Purpose:** Parses ODBC connection strings per MS-ODBCSTR spec
   - **Key Classes:** 
     - `ConnectionStringParseError` - Custom exception
     - `_ConnectionStringParser` - Main parser class
   - **Key Methods:**
     - `parse(connection_str)` - Main entry point
     - `_parse_value(str, pos)` - Handles braced values & escaping
   - **What to Look For:**
     - Proper handling of escape sequences (`{{`, `}}`)
     - Error collection and batch reporting
     - Edge cases: empty strings, whitespace, special chars

2. **`mssql_python/connection_string_allowlist.py`** Critical
   - **Purpose:** Validates parameters against ODBC Driver 18 keywords
   - **Key Classes:**
     - `ConnectionStringAllowList` - Singleton allowlist manager
   - **Key Methods:**
     - `normalize_key(key)` - Maps synonyms to canonical names
     - `filter_params(params)` - Validates and filters parameters
   - **What to Look For:**
     - Completeness of allowlist (compare with ODBC docs)
     - Synonym mappings (host→Server, user→UID, etc.)
     - Reserved parameter handling (Driver, APP)

3. **`mssql_python/connection_string_builder.py`**
   - **Purpose:** Safely constructs connection strings with escaping
   - **Key Classes:**
     - `_ConnectionStringBuilder` - Builder with escape logic
   - **Key Methods:**
     - `add_param(key, value)` - Adds a parameter
     - `_needs_braces(value)` - Determines if braces needed
     - `_escape_value(value)` - Escapes special characters
     - `build()` - Constructs final string
   - **What to Look For:**
     - Correct escaping logic (`;`, `{`, `}`, `=`)
     - Proper brace placement
     - Semicolon formatting

#### 2. **Integration** (see how it fits together)

4. **`mssql_python/connection.py`**  Integration point
   - **Modified Method:** `_construct_connection_string()`
   - **What Changed:**
     - Lines 241-303: New implementation replacing old concat logic
     - Now uses parser-> filter-> builder pipeline
     - Handles kwargs with allowlist validation
     - Raises ValueError for reserved parameters
   - **What to Look For:**
     - Error handling for parse failures
     - kwargs override behavior
     - Reserved parameter rejection
     - Logging of warnings

5. **`mssql_python/__init__.py`**
   - **What Changed:**
     - Added export: `ConnectionStringParseError`
   - **What to Look For:**
     - Proper exception exposure for users

#### 3. **Tests** (validate functionality)

6. **`tests/test_010_connection_string_parser.py`**  Parser tests
   - **Coverage:** ~40 test cases
   - **Test Categories:**
     - Valid parsing scenarios
     - Braced value handling
     - Escape sequence processing
     - Error detection and reporting
     - Edge cases (empty, whitespace, unicode)
   - **What to Look For:**
     - Test coverage of MS-ODBCSTR spec
     - Error message clarity
     - Edge case handling

7. **`tests/test_011_connection_string_allowlist.py`**  Allowlist tests
   - **Coverage:** ~25 test cases
   - **Test Categories:**
     - Key normalization (synonyms)
     - Parameter filtering
     - Reserved parameter blocking
     - Unknown parameter detection
   - **What to Look For:**
     - All ODBC parameters tested
     - Synonym mappings validated
     - Security (Driver/APP blocking)

8. **`tests/test_012_connection_string_integration.py`** Integration
tests
   - **Coverage:** ~20 test cases
   - **Test Categories:**
     - End-to-end parsing-> filtering-> building
     - Real connection string scenarios
     - Error propagation from connect() API
     - kwargs override behavior
   - **What to Look For:**
     - Real-world usage patterns
     - Error messages match user expectations
     - Backward compatibility where possible

9. **`tests/test_003_connection.py`** (Updated)
   - **What Changed:**
     - Updated assertions in `test_construct_connection_string()`
- Updated assertions in `test_connection_string_with_attrs_before()`
     - Updated assertions in `test_connection_string_with_odbc_param()`
   - **What to Look For:**
     - Assertions match new builder output format
- No semicolons in middle of assertions (builder handles formatting)

10. **`tests/test_006_exceptions.py`** (Updated)
    - **What Changed:**
- `test_connection_error()` now expects `ConnectionStringParseError`
      - Updated error message assertions
    - **What to Look For:**
      - Proper exception type changes
      - Error messages are helpful

#### 4. **Documentation** (understand design decisions)

11. **`docs/connection_string_allow_list_design.md`**  Read this
    - **Content:**
      - Design rationale and motivation
      - Architecture decisions
      - Security considerations
      - Future enhancements
    - **What to Look For:**
      - Justification for approach
      - Trade-offs discussed
      - Security implications understood

12. **`docs/parser_state_machine.md`**
    - **Content:**
      - Detailed state machine for parser
      - Character-by-character processing flow
      - Error handling states
      - Escape sequence examples
    - **What to Look For:**
      - Parser logic is well-documented
      - Edge cases covered in examples

---

##  Areas to Focus On

### 1. **Security**
- **Reserved Parameters:** Verify Driver and APP cannot be set by users
- **Allowlist Completeness:** Check all ODBC Driver 18 params are
included
- **Escape Handling:** Ensure no injection via special characters

### 2. **Error Handling** 
- **Error Messages:** Are they clear and actionable?
- **Error Collection:** Multiple errors reported together?
- **Backward Compatibility:** Do meaningful errors replace cryptic ODBC
errors?

### 3. **Performance** 
- **Parsing Overhead:** There is no string split being used during
parsing. Hence the cost of multiple allocation of strings is avoided.
- **No Regex in Hot Path:** Parser uses character-by-character
processing. Regex have been known to cause problems and its advisable to
stay away from them.
- **Allowlist Lookup:** O(1) dict lookups, minimal overhead

### 4. **Correctness** 
- **Synonym Handling:** All common aliases map correctly
- **Case Insensitivity:** Keys normalized consistently

---

##  Testing Strategy

### Test Coverage Map

| Component | Test File | Key Scenarios |
|-----------|-----------|---------------|
| Parser | `test_010_connection_string_parser.py` | Syntax, escaping,
errors |
| Allowlist | `test_011_connection_string_allowlist.py` | Validation,
normalization |
| Builder | `test_012_connection_string_integration.py` | Escaping,
formatting |
| Integration | `test_012_connection_string_integration.py` | End-to-end
flows |
| Connection | `test_003_connection.py` | Connection string construction
|
| Exceptions | `test_006_exceptions.py` | Error propagation |


## Behavior Changes

Should be aware of these behavioral changes:

### 1. **Unknown Parameters Now Raise Errors**
**Before:**
```python
connect("Server=localhost;FakeParam=value")  # Silently ignored
```

**After:**
```python
connect("Server=localhost;FakeParam=value")
# Raises: ConnectionStringParseError: Unknown keyword 'FakeParam' is not recognized
```

### 2. **Malformed Strings Caught Early**
**Before:**
```python
connect("ServerLocalhost")  # ODBC error later
```

**After:**
```python
connect("ServerLocalhost")
# Raises: ConnectionStringParseError: Incomplete specification: keyword 'ServerLocalhost' has no value
```

### 3. **Reserved Parameters Blocked**
**Before:**
```python
connect("Server=localhost;Driver={SQL Server}")  # Maybe ignored
```

**After:**
```python
connect("Server=localhost;Driver={SQL Server}")
# Raises: ValueError: Connection parameter 'Driver' is reserved and controlled by the driver
```

---

##  Key Concepts to Understand

### ODBC Connection String Format
```
key1=value1;key2=value2;key3={val;ue}
```

### Braced Values
Used when value contains semicolons or special characters:
```
PWD={my;pass;word} -> Password is "my;pass;word"
```

### Escape Sequences
- `{{`-> `{` (escaped left brace)
- `}}`-> `}` (escaped right brace)

Example:
```
PWD={a}}b{{c} -> Password is "a}b{c"
```

---------

Co-authored-by: Saurabh Singh (SQL Drivers) <singhsaura@microsoft.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: 3 people

eng/pipelines/build-whl-pipeline.yml

@@ -340,7 +340,7 @@ jobs:
         python -m pytest -v
       displayName: 'Run Pytest to validate bindings'
       env:
-        DB_CONNECTION_STRING: 'Driver=ODBC Driver 18 for SQL Server;Server=tcp:127.0.0.1,1433;Database=master;Uid=SA;Pwd=$(DB_PASSWORD);TrustServerCertificate=yes'
+        DB_CONNECTION_STRING: 'Server=tcp:127.0.0.1,1433;Database=master;Uid=SA;Pwd=$(DB_PASSWORD);TrustServerCertificate=yes'
 
     # Build wheel package for universal2
     - script: |
@@ -801,7 +801,7 @@ jobs:
 
       displayName: 'Test wheel installation and basic functionality on $(BASE_IMAGE)'
       env:
-        DB_CONNECTION_STRING: 'Driver=ODBC Driver 18 for SQL Server;Server=localhost;Database=TestDB;Uid=SA;Pwd=$(DB_PASSWORD);TrustServerCertificate=yes'
+        DB_CONNECTION_STRING: 'Server=localhost;Database=TestDB;Uid=SA;Pwd=$(DB_PASSWORD);TrustServerCertificate=yes'
 
     # Run pytest with source code while testing installed wheel
     - script: |
@@ -856,7 +856,7 @@ jobs:
         "
       displayName: 'Run pytest suite on $(BASE_IMAGE) $(ARCH)'
       env:
-        DB_CONNECTION_STRING: 'Driver=ODBC Driver 18 for SQL Server;Server=localhost;Database=TestDB;Uid=SA;Pwd=$(DB_PASSWORD);TrustServerCertificate=yes'
+        DB_CONNECTION_STRING: 'Server=localhost;Database=TestDB;Uid=SA;Pwd=$(DB_PASSWORD);TrustServerCertificate=yes'
       continueOnError: true  # Don't fail pipeline if tests fail
 
     # Cleanup

mssql_python/__init__.py

@@ -25,6 +25,7 @@
     InternalError,
     ProgrammingError,
     NotSupportedError,
+    ConnectionStringParseError,
 )
 
 # Type Objects
@@ -46,6 +47,10 @@
 # Connection Objects
 from .db_connection import connect, Connection
 
+# Connection String Handling
+from .connection_string_parser import _ConnectionStringParser
+from .connection_string_builder import _ConnectionStringBuilder
+
 # Cursor Objects
 from .cursor import Cursor
 

mssql_python/connection.py

@@ -41,6 +41,9 @@
 )
 from mssql_python.auth import process_connection_string
 from mssql_python.constants import ConstantsDDBC, GetInfoConstants
+from mssql_python.connection_string_parser import _ConnectionStringParser
+from mssql_python.connection_string_builder import _ConnectionStringBuilder
+from mssql_python.constants import _RESERVED_PARAMETERS
 
 if TYPE_CHECKING:
     from mssql_python.row import Row
@@ -242,39 +245,62 @@ def _construct_connection_string(
         self, connection_str: str = "", **kwargs: Any
     ) -> str:
         """
-        Construct the connection string by concatenating the connection string
-        with key/value pairs from kwargs.
-
+        Construct the connection string by parsing, validating, and merging parameters.
+        
+        This method performs a 6-step process:
+        1. Parse and validate the base connection_str (validates against allowlist)
+        2. Normalize parameter names (e.g., addr/address -> Server, uid -> UID)
+        3. Merge kwargs (which override connection_str params after normalization)
+        4. Build connection string from normalized, merged params
+        5. Add Driver and APP parameters (always controlled by the driver)
+        6. Return the final connection string
+        
         Args:
             connection_str (str): The base connection string.
             **kwargs: Additional key/value pairs for the connection string.
 
         Returns:
-            str: The constructed connection string.
+            str: The constructed and validated connection string.
         """
-        # Add the driver attribute to the connection string
-        conn_str = add_driver_to_connection_str(connection_str)
-
-        # Add additional key-value pairs to the connection string
+        
+        # Step 1: Parse base connection string with allowlist validation
+        # The parser validates everything: unknown params, reserved params, duplicates, syntax
+        parser = _ConnectionStringParser(validate_keywords=True)
+        parsed_params = parser._parse(connection_str)
+        
+        # Step 2: Normalize parameter names (e.g., addr/address -> Server, uid -> UID)
+        # This handles synonym mapping and deduplication via normalized keys
+        normalized_params = _ConnectionStringParser._normalize_params(parsed_params, warn_rejected=False)
+        
+        # Step 3: Process kwargs and merge with normalized_params
+        # kwargs override connection string values (processed after, so they take precedence)
         for key, value in kwargs.items():
-            if key.lower() == "host" or key.lower() == "server":
-                key = "Server"
-            elif key.lower() == "user" or key.lower() == "uid":
-                key = "Uid"
-            elif key.lower() == "password" or key.lower() == "pwd":
-                key = "Pwd"
-            elif key.lower() == "database":
-                key = "Database"
-            elif key.lower() == "encrypt":
-                key = "Encrypt"
-            elif key.lower() == "trust_server_certificate":
-                key = "TrustServerCertificate"
+            normalized_key = _ConnectionStringParser.normalize_key(key)
+            if normalized_key:
+                # Driver and APP are reserved - raise error if user tries to set them
+                if normalized_key in _RESERVED_PARAMETERS:
+                    raise ValueError(
+                        f"Connection parameter '{key}' is reserved and controlled by the driver. "
+                        f"It cannot be set by the user."
+                    )
+                # kwargs override any existing values from connection string
+                normalized_params[normalized_key] = str(value)
             else:
-                continue
-            conn_str += f"{key}={value};"
-
-        log("info", "Final connection string: %s", sanitize_connection_string(conn_str))
-
+                log('warning', f"Ignoring unknown connection parameter from kwargs: {key}")
+        
+        # Step 4: Build connection string with merged params
+        builder = _ConnectionStringBuilder(normalized_params)
+        
+        # Step 5: Add Driver and APP parameters (always controlled by the driver)
+        # These maintain existing behavior: Driver is always hardcoded, APP is always MSSQL-Python
+        builder.add_param('Driver', 'ODBC Driver 18 for SQL Server')
+        builder.add_param('APP', 'MSSQL-Python')
+        
+        # Step 6: Build final string
+        conn_str = builder.build()
+        
+        log('info', "Final connection string: %s", sanitize_connection_string(conn_str))
+        
         return conn_str
 
     @property

mssql_python/connection_string_builder.py

@@ -0,0 +1,113 @@
+"""
+Copyright (c) Microsoft Corporation.
+Licensed under the MIT license.
+
+Connection string builder for mssql-python.
+
+Reconstructs ODBC connection strings from parameter dictionaries
+with proper escaping and formatting per MS-ODBCSTR specification.
+"""
+
+from typing import Dict, Optional
+from mssql_python.constants import _CONNECTION_STRING_DRIVER_KEY
+
+class _ConnectionStringBuilder:
+    """
+    Internal builder for ODBC connection strings. Not part of public API.
+    
+    Handles proper escaping of special characters and reconstructs
+    connection strings in ODBC format.
+    """
+    
+    def __init__(self, initial_params: Optional[Dict[str, str]] = None):
+        """
+        Initialize the builder with optional initial parameters.
+        
+        Args:
+            initial_params: Dictionary of initial connection parameters
+        """
+        self._params: Dict[str, str] = initial_params.copy() if initial_params else {}
+    
+    def add_param(self, key: str, value: str) -> '_ConnectionStringBuilder':
+        """
+        Add or update a connection parameter.
+        
+        Args:
+            key: Parameter name (should be normalized canonical name)
+            value: Parameter value
+            
+        Returns:
+            Self for method chaining
+        """
+        self._params[key] = str(value)
+        return self
+
+    def build(self) -> str:
+        """
+        Build the final connection string.
+        
+        Returns:
+            ODBC-formatted connection string with proper escaping
+            
+        Note:
+            - Driver parameter is placed first
+            - Other parameters are sorted for consistency
+            - Values are escaped if they contain special characters
+        """
+        parts = []
+        
+        # Build in specific order: Driver first, then others
+        if _CONNECTION_STRING_DRIVER_KEY in self._params:
+            parts.append(f"Driver={self._escape_value(self._params['Driver'])}")
+        
+        # Add other parameters (sorted for consistency)
+        for key in sorted(self._params.keys()):
+            if key == 'Driver':
+                continue  # Already added
+            
+            value = self._params[key]
+            escaped_value = self._escape_value(value)
+            parts.append(f"{key}={escaped_value}")
+        
+        # Join with semicolons
+        return ';'.join(parts)
+    
+    def _escape_value(self, value: str) -> str:
+        """
+        Escape a parameter value if it contains special characters.
+        
+        Per MS-ODBCSTR specification:
+        - Values containing ';', '{', '}', '=', or spaces should be braced for safety
+        - '}' inside braced values is escaped as '}}'
+        - '{' inside braced values is escaped as '{{'
+        
+        Args:
+            value: Parameter value to escape
+            
+        Returns:
+            Escaped value (possibly wrapped in braces)
+            
+        Examples:
+            >>> builder = _ConnectionStringBuilder()
+            >>> builder._escape_value("localhost")
+            'localhost'
+            >>> builder._escape_value("local;host")
+            '{local;host}'
+            >>> builder._escape_value("p}w{d")
+            '{p}}w{{d}'
+            >>> builder._escape_value("ODBC Driver 18 for SQL Server")
+            '{ODBC Driver 18 for SQL Server}'
+        """
+        if not value:
+            return value
+        
+        # Check if value contains special characters that require bracing
+        # Include spaces and = for safety, even though technically not always required
+        needs_braces = any(ch in value for ch in ';{}= ')
+        
+        if needs_braces:
+            # Escape existing braces by doubling them
+            escaped = value.replace('}', '}}').replace('{', '{{')
+            return f'{{{escaped}}}'
+        else:
+            return value