diff options
| author | Peter Eisentraut | 2016-08-04 18:44:23 +0000 |
|---|---|---|
| committer | Peter Eisentraut | 2016-09-22 16:00:00 +0000 |
| commit | 8b845520fb0aa50fea7aae44a45cee1b6d87845d (patch) | |
| tree | 92ccc8596edadb6fb529c9b1c9872451e5e185df /src/test/perl | |
| parent | e7010ce4794a4c12a6a8bfb0ca1de49b61046847 (diff) | |
Add tests for various connection string issues
Add tests for consistent support of connection strings in frontend
programs as well as proper handling of unusual characters in database
and user names. These tests were developed for the issues of
CVE-2016-5424.
To allow testing of names with spaces, change the pg_regress
command-line options --create-role and --dbname to split their arguments
by comma only, not space or comma as before. Only commas were actually
used in existing uses.
Noah Misch, Michael Paquier, Peter Eisentraut
Diffstat (limited to 'src/test/perl')
| -rw-r--r-- | src/test/perl/PostgresNode.pm | 29 | ||||
| -rw-r--r-- | src/test/perl/TestLib.pm | 14 |
2 files changed, 41 insertions, 2 deletions
diff --git a/src/test/perl/PostgresNode.pm b/src/test/perl/PostgresNode.pm index fede1e601b9..afbdb6332bd 100644 --- a/src/test/perl/PostgresNode.pm +++ b/src/test/perl/PostgresNode.pm @@ -243,7 +243,13 @@ sub connstr { return "port=$pgport host=$pghost"; } - return "port=$pgport host=$pghost dbname=$dbname"; + + # Escape properly the database string before using it, only + # single quotes and backslashes need to be treated this way. + $dbname =~ s#\\#\\\\#g; + $dbname =~ s#\'#\\\'#g; + + return "port=$pgport host=$pghost dbname='$dbname'"; } =pod @@ -396,7 +402,8 @@ sub init mkdir $self->backup_dir; mkdir $self->archive_dir; - TestLib::system_or_bail('initdb', '-D', $pgdata, '-A', 'trust', '-N'); + TestLib::system_or_bail('initdb', '-D', $pgdata, '-A', 'trust', '-N', + @{ $params{extra} }); TestLib::system_or_bail($ENV{PG_REGRESS}, '--config-auth', $pgdata); open my $conf, ">>$pgdata/postgresql.conf"; @@ -1300,6 +1307,24 @@ sub issues_sql_like =pod +=item $node->run_log(...) + +Runs a shell command like TestLib::run_log, but with PGPORT set so +that the command will default to connecting to this PostgresNode. + +=cut + +sub run_log +{ + my $self = shift; + + local $ENV{PGPORT} = $self->port; + + TestLib::run_log(@_); +} + +=pod + =back =cut diff --git a/src/test/perl/TestLib.pm b/src/test/perl/TestLib.pm index 51b533e08cd..31e7acd4dae 100644 --- a/src/test/perl/TestLib.pm +++ b/src/test/perl/TestLib.pm @@ -20,6 +20,7 @@ use SimpleTee; use Test::More; our @EXPORT = qw( + generate_ascii_string slurp_dir slurp_file append_to_file @@ -166,6 +167,19 @@ sub run_log return IPC::Run::run(@_); } +# Generate a string made of the given range of ASCII characters +sub generate_ascii_string +{ + my ($from_char, $to_char) = @_; + my $res; + + for my $i ($from_char .. $to_char) + { + $res .= sprintf("%c", $i); + } + return $res; +} + sub slurp_dir { my ($dir) = @_; |