Add trust_input option to postgresql_slot module (#298)

* Add trust_input option to postgresql_slot module Have added a trust_input option to the postgresql_slot module. This only checks the session_role since all other options are passed as parameters. * Add Changelog fragment * Update docs following PR review
2024-09-14 20:13:21 +02:00 · 2020-05-07 17:26:15 +02:00 · 2020-05-07 17:26:15 +02:00 · f887aff159
commit f887aff159
parent f340b39bb9
3 changed files with 54 additions and 18 deletions
--- a/changelogs/fragments/298-postgresql_slot_add_trust_input.yml
+++ b/changelogs/fragments/298-postgresql_slot_add_trust_input.yml
@ -0,0 +1,3 @@
+---
+minor_changes:
+  - postgresql_slot - add the ``trust_input`` parameter (https://github.com/ansible-collections/community.general/pull/298).
--- a/plugins/modules/database/postgresql/postgresql_slot.py
+++ b/plugins/modules/database/postgresql/postgresql_slot.py
@ -70,6 +70,12 @@ options:
    - Permissions checking for SQL commands is carried out as though
      the session_role were the one that had logged in originally.
    type: str
+  trust_input:
+    description:
+    - If C(no), check the value of I(session_role) is potentially dangerous.
+    - It sense to use C(no) only when SQL injections via I(session_role) are possible.
+    type: bool
+    default: yes

 notes:
 - Physical replication slots were introduced to PostgreSQL with version 9.4,
@ -89,6 +95,7 @@ seealso:
 author:
 - John Scalia (@jscalia)
 - Andrew Klychkov (@Andersson007)
+- Thomas O'Donnell (@andytom)
 extends_documentation_fragment:
 - community.general.postgres

@ -147,6 +154,9 @@ except ImportError:
    pass

 from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.community.general.plugins.module_utils.database import (
+    check_input,
+)
 from ansible_collections.community.general.plugins.module_utils.postgres import (
    connect_to_db,
    exec_sql,
@ -229,6 +239,7 @@ def main():
        session_role=dict(type="str"),
        output_plugin=dict(type="str", default="test_decoding"),
        state=dict(type="str", default="present", choices=["absent", "present"]),
+        trust_input=dict(type="bool", default=True),
    )

    module = AnsibleModule(
@ -242,6 +253,9 @@ def main():
    state = module.params["state"]
    output_plugin = module.params["output_plugin"]

+    if not module.params["trust_input"]:
+        check_input(module, module.params['session_role'])
+
    if immediately_reserve and slot_type == 'logical':
        module.fail_json(msg="Module parameters immediately_reserve and slot_type=logical are mutually exclusive")

--- a/tests/integration/targets/postgresql_slot/tasks/postgresql_slot_initial.yml
+++ b/tests/integration/targets/postgresql_slot/tasks/postgresql_slot_initial.yml
@ -1,3 +1,4 @@
+---
 # Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
 # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

@ -680,6 +681,24 @@
    - result.rowcount == 0
  when: postgres_version_resp.stdout is version('9.6', '>=')

+# Check trust input
+- name: postgresql_slot - try using a bad name
+  postgresql_slot:
+    session_role: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'
+    db: postgres
+    name: slot1
+    trust_input: no
+  register: result
+  ignore_errors: true
+  when: postgres_version_resp.stdout is version('9.6', '>=')
+
+- name: postgresql_slot - check that using a dangerous name fails
+  assert:
+    that:
+      - result is failed
+      - result.msg is search('is potentially dangerous')
+  when: postgres_version_resp.stdout is version('9.6', '>=')
+
 #
 # clean up
 #