From bf2706a87c6cdb4cff9189c080b9cca9cb1812af Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Thu, 19 Mar 2026 20:44:14 -0400
Subject: [PATCH] refactor(setup): Add shared generateDbPassword() to
 AbstractDatabase

Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 lib/private/Setup/AbstractDatabase.php | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/lib/private/Setup/AbstractDatabase.php b/lib/private/Setup/AbstractDatabase.php
index d07d4af91a6..a2369085e6f 100644
--- a/lib/private/Setup/AbstractDatabase.php
+++ b/lib/private/Setup/AbstractDatabase.php
@@ -75,6 +75,27 @@ abstract class AbstractDatabase {
 		$this->tablePrefix = $dbTablePrefix;
 	}
 
+	/**
+	 * Generate a strong random password suitable for database user accounts.
+	 *
+	 * Guarantees at least 2 uppercase, 2 lowercase, 2 digit, and 2 symbol
+	 * characters are present, with symbols filtered to exclude characters
+	 * that are problematic in SQL string contexts (", \, ', `).
+	 *
+	 * @return string A 30-character random password
+	 */
+	protected function generateDbPassword(): string {
+		$safeSymbols = str_replace(['\"', '\\', '\'', '`'], '', ISecureRandom::CHAR_SYMBOLS);
+
+		$password = $this->random->generate(22, ISecureRandom::CHAR_ALPHANUMERIC . $safeSymbols)
+			. $this->random->generate(2, ISecureRandom::CHAR_UPPER)
+			. $this->random->generate(2, ISecureRandom::CHAR_LOWER)
+			. $this->random->generate(2, ISecureRandom::CHAR_DIGITS)
+			. $this->random->generate(2, $safeSymbols);
+
+		return str_shuffle($password);
+	}
+
 	/**
 	 * @param array $configOverwrite
 	 * @return \OC\DB\Connection