diff options
author | Simon Charette <charette.s@gmail.com> | 2020-10-04 18:27:20 -0400 |
---|---|---|
committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2020-10-30 10:12:47 +0100 |
commit | eb25fdb620f9fc3e2bcde916f9db2c06f53a3cd7 (patch) | |
tree | 67c8bae766ff1f48554058cbaf92d88a5be29985 /tests/dbshell | |
parent | bbe6fbb8768e8fb1aecb96d51c049d7ceaf802d3 (diff) | |
download | django-eb25fdb620f9fc3e2bcde916f9db2c06f53a3cd7.tar.gz |
Refs #32061 -- Added test for dbshell password leak on PostgreSQL.
Diffstat (limited to 'tests/dbshell')
-rwxr-xr-x | tests/dbshell/fake_client.py | 3 | ||||
-rw-r--r-- | tests/dbshell/test_postgresql.py | 13 |
2 files changed, 16 insertions, 0 deletions
diff --git a/tests/dbshell/fake_client.py b/tests/dbshell/fake_client.py new file mode 100755 index 0000000000..70451f302a --- /dev/null +++ b/tests/dbshell/fake_client.py @@ -0,0 +1,3 @@ +import sys + +sys.exit(1) diff --git a/tests/dbshell/test_postgresql.py b/tests/dbshell/test_postgresql.py index aad9692ecb..4d8804e43e 100644 --- a/tests/dbshell/test_postgresql.py +++ b/tests/dbshell/test_postgresql.py @@ -1,4 +1,7 @@ import signal +import subprocess +import sys +from pathlib import Path from unittest import mock, skipUnless from django.db import connection @@ -113,3 +116,13 @@ class PostgreSqlDbshellCommandTestCase(SimpleTestCase): connection.client.runshell([]) # dbshell restores the original handler. self.assertEqual(sigint_handler, signal.getsignal(signal.SIGINT)) + + def test_crash_password_does_not_leak(self): + # The password doesn't leak in an exception that results from a client + # crash. + args, env = self.settings_to_cmd_args_env({'PASSWORD': 'somepassword'}, []) + fake_client = Path(__file__).with_name('fake_client.py') + args[0:1] = [sys.executable, str(fake_client)] + with self.assertRaises(subprocess.CalledProcessError) as ctx: + subprocess.run(args, check=True, env=env) + self.assertNotIn('somepassword', str(ctx.exception)) |