Refs #32061 -- Added test for dbshell password leak on PostgreSQL.

This commit is contained in:
Simon Charette 2020-10-04 18:27:20 -04:00 committed by Mariusz Felisiak
parent bbe6fbb876
commit eb25fdb620
2 changed files with 16 additions and 0 deletions

3
tests/dbshell/fake_client.py Executable file
View File

@ -0,0 +1,3 @@
import sys
sys.exit(1)

View File

@ -1,4 +1,7 @@
import signal import signal
import subprocess
import sys
from pathlib import Path
from unittest import mock, skipUnless from unittest import mock, skipUnless
from django.db import connection from django.db import connection
@ -113,3 +116,13 @@ class PostgreSqlDbshellCommandTestCase(SimpleTestCase):
connection.client.runshell([]) connection.client.runshell([])
# dbshell restores the original handler. # dbshell restores the original handler.
self.assertEqual(sigint_handler, signal.getsignal(signal.SIGINT)) self.assertEqual(sigint_handler, signal.getsignal(signal.SIGINT))
def test_crash_password_does_not_leak(self):
# The password doesn't leak in an exception that results from a client
# crash.
args, env = self.settings_to_cmd_args_env({'PASSWORD': 'somepassword'}, [])
fake_client = Path(__file__).with_name('fake_client.py')
args[0:1] = [sys.executable, str(fake_client)]
with self.assertRaises(subprocess.CalledProcessError) as ctx:
subprocess.run(args, check=True, env=env)
self.assertNotIn('somepassword', str(ctx.exception))