Description:
When I use --uri parameter to connect mysql server, mysql-shell report 
 "basic_string::_M_replace_aux" and return with an exit code 1.

$ ./mysqlsh --uri %72%6f%6f%74:123456@abcroot123.com:3306
basic_string::_M_replace_aux

The error occurs when uri parameter contains password, if user name is URL encoded and hostinfo uses domain which contains the decoded user name, mysql-shell exit.

I debug the code and see the error happen in function mysqlsh::hide_password_in_uri.

static std::string hide_password_in_uri(std::string uri,
                                        const std::string &username) {
  std::size_t pwd_start = uri.find(username) + username.length() + 1;
  std::size_t pwd_size = uri.find('@', pwd_start) - pwd_start;
  return uri.replace(pwd_start, pwd_size, pwd_size, '*');
}

In above function, the username was decoded but uri was not decoded, which may be wrong when "uri.find('@', pwd_start)" find nothing (eg: "uri.find(username)" return position after '@').

How to repeat:
use command such as
mysqlsh --uri %72%6f%6f%74:123456@abcroot123.com:3306

Suggested fix:
Decode uri string after mysqlshdk::db::uri::Uri_parser::parse.

Hello guojian zhou,

Thank you for the report and feedback.
Verified as described.

regards,
Umesh

I see this bug in CentOS 7.4 and Ubuntu 18.04.

Posted by developer:
 
Changelog entry added for MySQL Shell 8.0.28:

MySQL Shell masks passwords that are supplied after the user name in a URI-like string specified by the --uri command-line option. If the user name in the string was percent encoded and a password was supplied, the comparison to a plain user name was not made correctly, and the connection failed. MySQL Shell now removes the password from a URI-like string leaving only the user name before the comparison is carried out.