postgresql_schema: add trust_input parameter (#259)

* postgresql_schema: add trust_input parameter

* add changelog fragment
This commit is contained in:
Andrew Klychkov 2020-05-01 14:09:23 +03:00 committed by GitHub
parent d6b368e63f
commit c68f17f09b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 44 additions and 5 deletions

View file

@ -2,5 +2,6 @@
db_name: 'ansible_db'
db_user1: 'ansible_db_user1'
db_user2: 'ansible_db_user2'
dangerous_name: 'curious.anonymous"; SELECT * FROM information_schema.tables; --'
db_session_role1: 'session_role1'
db_session_role2: 'session_role2'

View file

@ -61,6 +61,7 @@
database: "{{ db_name }}"
name: acme
login_user: "{{ pg_user }}"
trust_input: yes
register: result
# Checks
@ -144,6 +145,25 @@
that:
- result.rowcount == 0
# Test: trust_input parameter
- name: Create a new schema with potentially dangerous owner name
become_user: "{{ pg_user }}"
become: yes
postgresql_schema:
database: "{{ db_name }}"
name: acme
login_user: "{{ pg_user }}"
owner: "{{ dangerous_name }}"
trust_input: no
register: result
ignore_errors: yes
# Checks
- assert:
that:
- result is failed
- result.msg == 'Passed input \'{{ dangerous_name }}\' is potentially dangerous'
# Test: CREATE SCHEMA; WITH TABLE for DROP CASCADE test
- name: Create a new schema "acme"
become_user: "{{ pg_user }}"