postgresql_set: add trust_input parameter (#302)

* postgresql_set: add trust_input parameter

* add changelog fragment

* fix CI
This commit is contained in:
Andrew Klychkov 2020-05-12 10:03:40 +03:00 committed by GitHub
commit afe2946cce
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 40 additions and 3 deletions

View file

@ -288,6 +288,7 @@
<<: *task_parameters
postgresql_set:
<<: *pg_parameters
trust_input: yes
name: archive_command
value: 'test ! -f /mnt/postgres/mb/%f && cp %p /mnt/postgres/mb/%f'
@ -302,3 +303,21 @@
- assert:
that:
- result.query_result.0.reset_val == "test ! -f /mnt/postgres/mb/%f && cp %p /mnt/postgres/mb/%f"
#############################
# Check trust_input parameter
- name: postgresql_set - check trust_input
<<: *task_parameters
postgresql_set:
<<: *pg_parameters
name: shared_buffers
value: 111MB
trust_input: no
session_role: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'
register: result
ignore_errors: yes
- assert:
that:
- result is failed
- result.msg is search('is potentially dangerous')