From eb25fdb620f9fc3e2bcde916f9db2c06f53a3cd7 Mon Sep 17 00:00:00 2001 From: Simon Charette Date: Sun, 4 Oct 2020 18:27:20 -0400 Subject: [PATCH] Refs #32061 -- Added test for dbshell password leak on PostgreSQL. --- tests/dbshell/fake_client.py | 3 +++ tests/dbshell/test_postgresql.py | 13 +++++++++++++ 2 files changed, 16 insertions(+) create mode 100755 tests/dbshell/fake_client.py diff --git a/tests/dbshell/fake_client.py b/tests/dbshell/fake_client.py new file mode 100755 index 0000000000..70451f302a --- /dev/null +++ b/tests/dbshell/fake_client.py @@ -0,0 +1,3 @@ +import sys + +sys.exit(1) diff --git a/tests/dbshell/test_postgresql.py b/tests/dbshell/test_postgresql.py index aad9692ecb..4d8804e43e 100644 --- a/tests/dbshell/test_postgresql.py +++ b/tests/dbshell/test_postgresql.py @@ -1,4 +1,7 @@ import signal +import subprocess +import sys +from pathlib import Path from unittest import mock, skipUnless from django.db import connection @@ -113,3 +116,13 @@ class PostgreSqlDbshellCommandTestCase(SimpleTestCase): connection.client.runshell([]) # dbshell restores the original handler. self.assertEqual(sigint_handler, signal.getsignal(signal.SIGINT)) + + def test_crash_password_does_not_leak(self): + # The password doesn't leak in an exception that results from a client + # crash. + args, env = self.settings_to_cmd_args_env({'PASSWORD': 'somepassword'}, []) + fake_client = Path(__file__).with_name('fake_client.py') + args[0:1] = [sys.executable, str(fake_client)] + with self.assertRaises(subprocess.CalledProcessError) as ctx: + subprocess.run(args, check=True, env=env) + self.assertNotIn('somepassword', str(ctx.exception))