mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
postgresql_info: add the trust_input parameter (#308)
* postgresql_info: add the trust_input parameter * add changelog fragment
This commit is contained in:
parent
156d90ce90
commit
acc7bc1ea6
3 changed files with 34 additions and 1 deletions
|
@ -0,0 +1,2 @@
|
|||
minor_changes:
|
||||
- postgresql_info - add the ``trust_input`` parameter (https://github.com/ansible-collections/community.general/pull/308).
|
|
@ -46,6 +46,12 @@ options:
|
|||
- Permissions checking for SQL commands is carried out as though
|
||||
the session_role were the one that had logged in originally.
|
||||
type: str
|
||||
trust_input:
|
||||
description:
|
||||
- If C(no), check whether a value of I(session_role) is potentially dangerous.
|
||||
- It makes sense to use C(yes) only when SQL injections via I(session_role) are possible.
|
||||
type: bool
|
||||
default: yes
|
||||
seealso:
|
||||
- module: postgresql_ping
|
||||
author:
|
||||
|
@ -483,6 +489,9 @@ except ImportError:
|
|||
pass
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible_collections.community.general.plugins.module_utils.database import (
|
||||
check_input,
|
||||
)
|
||||
from ansible_collections.community.general.plugins.module_utils.postgres import (
|
||||
connect_to_db,
|
||||
get_conn_params,
|
||||
|
@ -988,13 +997,18 @@ def main():
|
|||
db=dict(type='str', aliases=['login_db']),
|
||||
filter=dict(type='list', elements='str'),
|
||||
session_role=dict(type='str'),
|
||||
trust_input=dict(type='bool', default=True),
|
||||
)
|
||||
module = AnsibleModule(
|
||||
argument_spec=argument_spec,
|
||||
supports_check_mode=True,
|
||||
)
|
||||
|
||||
filter_ = module.params["filter"]
|
||||
filter_ = module.params['filter']
|
||||
|
||||
if not module.params['trust_input']:
|
||||
# Check input for potentially dangerous elements:
|
||||
check_input(module, module.params['session_role'])
|
||||
|
||||
db_conn_obj = PgDbConn(module)
|
||||
|
||||
|
|
|
@ -139,6 +139,7 @@
|
|||
<<: *pg_parameters
|
||||
login_db: '{{ test_db }}'
|
||||
login_port: '{{ master_port }}'
|
||||
trust_input: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
|
@ -152,3 +153,19 @@
|
|||
- result.settings
|
||||
- result.tablespaces
|
||||
- result.roles
|
||||
|
||||
- name: postgresql_info - test trust_input parameter
|
||||
<<: *task_parameters
|
||||
postgresql_info:
|
||||
<<: *pg_parameters
|
||||
login_db: '{{ test_db }}'
|
||||
login_port: '{{ master_port }}'
|
||||
trust_input: no
|
||||
session_role: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is failed
|
||||
- result.msg is search('is potentially dangerous')
|
||||
|
|
Loading…
Reference in a new issue