Add trust_input option to postgresql_slot module (#298)

* Add trust_input option to postgresql_slot module

Have added a trust_input option to the postgresql_slot module. This
only checks the session_role since all other options are passed as
parameters.

* Add Changelog fragment

* Update docs following PR review

changelogs/fragments/298-postgresql_slot_add_trust_input.yml

@@ -0,0 +1,3 @@
+---
+minor_changes:
+  - postgresql_slot - add the ``trust_input`` parameter (https://github.com/ansible-collections/community.general/pull/298).

plugins/modules/database/postgresql/postgresql_slot.py

@@ -70,6 +70,12 @@ options:
     - Permissions checking for SQL commands is carried out as though
       the session_role were the one that had logged in originally.
     type: str
+  trust_input:
+    description:
+    - If C(no), check the value of I(session_role) is potentially dangerous.
+    - It sense to use C(no) only when SQL injections via I(session_role) are possible.
+    type: bool
+    default: yes
 
 notes:
 - Physical replication slots were introduced to PostgreSQL with version 9.4,
@@ -89,6 +95,7 @@ seealso:
 author:
 - John Scalia (@jscalia)
 - Andrew Klychkov (@Andersson007)
+- Thomas O'Donnell (@andytom)
 extends_documentation_fragment:
 - community.general.postgres
 
@@ -147,6 +154,9 @@ except ImportError:
     pass
 
 from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.community.general.plugins.module_utils.database import (
+    check_input,
+)
 from ansible_collections.community.general.plugins.module_utils.postgres import (
     connect_to_db,
     exec_sql,
@@ -229,6 +239,7 @@ def main():
         session_role=dict(type="str"),
         output_plugin=dict(type="str", default="test_decoding"),
         state=dict(type="str", default="present", choices=["absent", "present"]),
+        trust_input=dict(type="bool", default=True),
     )
 
     module = AnsibleModule(
@@ -242,6 +253,9 @@ def main():
     state = module.params["state"]
     output_plugin = module.params["output_plugin"]
 
+    if not module.params["trust_input"]:
+        check_input(module, module.params['session_role'])
+
     if immediately_reserve and slot_type == 'logical':
         module.fail_json(msg="Module parameters immediately_reserve and slot_type=logical are mutually exclusive")
 

tests/integration/targets/postgresql_slot/tasks/postgresql_slot_initial.yml

@@ -1,3 +1,4 @@
+---
 # Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
 # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 
@@ -680,6 +681,24 @@
     - result.rowcount == 0
   when: postgres_version_resp.stdout is version('9.6', '>=')
 
+# Check trust input
+- name: postgresql_slot - try using a bad name
+  postgresql_slot:
+    session_role: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'
+    db: postgres
+    name: slot1
+    trust_input: no
+  register: result
+  ignore_errors: true
+  when: postgres_version_resp.stdout is version('9.6', '>=')
+
+- name: postgresql_slot - check that using a dangerous name fails
+  assert:
+    that:
+      - result is failed
+      - result.msg is search('is potentially dangerous')
+  when: postgres_version_resp.stdout is version('9.6', '>=')
+
 #
 # clean up
 #