Invalid handling of empty values in sqlcmd

[debarshibasak]

The built sqlcmd is throwing panic errors, for the empty values. For eg.

SQLCMDPASSWORD=<somepassword> ./sqlcmd -S <ip> -U 'sa' -d '' -Q "SELECT name FROM sys.databases WHERE name NOT IN ('tempdb','sys','msdb', 'model')" -b

Throws:

runtime error: index out of range [0] with length 0

goroutine 1 [running]:
github.com/microsoft/go-sqlcmd/cmd/sqlcmd.checkDefaultValue({0xc000034150, 0x9, 0xefcf38?}, 0x4)
	/__w/1/s/go-sqlcmd/cmd/sqlcmd/sqlcmd.go:320 +0x2da
github.com/microsoft/go-sqlcmd/cmd/sqlcmd.convertOsArgs({0xc000034150, 0x9, 0x9})
	/__w/1/s/go-sqlcmd/cmd/sqlcmd/sqlcmd.go:302 +0x22a
github.com/microsoft/go-sqlcmd/cmd/sqlcmd.Execute({0x122eaac, 0x6})
	/__w/1/s/go-sqlcmd/cmd/sqlcmd/sqlcmd.go:274 +0x150
main.main()
	/__w/1/s/go-sqlcmd/cmd/modern/main.go:52 +0x209

After the fix:

name

pubs

I have validated for rest of the flags too.

[debarshibasak]

@microsoft-github-policy-service agree [company="{your company}"]

@debarshibasak please read the following Contributor License Agreement(CLA). If you agree with the CLA, please reply with the following information.

@microsoft-github-policy-service agree [company="{your company}"]

Options:

• (default - no company specified) I have sole ownership of intellectual property rights to my Submissions and I am not making Submissions in the course of work for my employer.

@microsoft-github-policy-service agree

• (when company given) I am making Submissions in the course of work for my employer (or my employer has intellectual property rights in my Submissions by contract or applicable law). I have permission from my employer to make Submissions and enter into this Agreement on behalf of my employer. By signing below, the defined term “You” includes me and my employer.

@microsoft-github-policy-service agree company="Microsoft"

Contributor License Agreement

@microsoft-github-policy-service agree [company="Adaptive"]

[debarshibasak]

@microsoft-github-policy-service agree

@microsoft-github-policy-service agree

[debarshibasak]

@microsoft-github-policy-service agree company="your company"

@microsoft-github-policy-service agree company="Adaptive"

[Copilot]

Pull request overview

Fixes a panic in the legacy cmd/sqlcmd argument-rewriting logic when a flag is followed by an empty string value (e.g., -d ""), ensuring sqlcmd can accept intentionally empty values without crashing.

Changes:

• Make flag detection safe for empty-string arguments by guarding index access and reusing isFlag in checkDefaultValue.
• Add a unit test case covering a flag with an explicit empty value (-d "") to prevent regression.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
cmd/sqlcmd/sqlcmd.go	Prevents panics by making isFlag safe on empty strings and using it in checkDefaultValue when checking the next arg.
cmd/sqlcmd/sqlcmd_test.go	Adds a regression test ensuring empty flag values (e.g., -d "") are preserved and don’t crash conversion.

[Copilot]

In TestConvertOsArgs, the argument order is semantically important for Cobra/pflag parsing, but the test currently uses assert.ElementsMatch (order-insensitive). This can allow regressions in convertOsArgs ordering to pass undetected; use an order-sensitive assertion (e.g., assert.Equal) for the converted args.