Refs #32061 -- Added test for dbshell password leak on PostgreSQL.

2020-10-04 18:27:20 -04:00 · 2020-10-04 18:27:20 -04:00 · eb25fdb620
parent bbe6fbb876
commit eb25fdb620
2 changed files with 16 additions and 0 deletions
--- a/tests/dbshell/fake_client.py
+++ b/tests/dbshell/fake_client.py
@ -0,0 +1,3 @@
+import sys
+
+sys.exit(1)
--- a/tests/dbshell/test_postgresql.py
+++ b/tests/dbshell/test_postgresql.py
@ -1,4 +1,7 @@
 import signal
+import subprocess
+import sys
+from pathlib import Path
 from unittest import mock, skipUnless

 from django.db import connection
@ -113,3 +116,13 @@ class PostgreSqlDbshellCommandTestCase(SimpleTestCase):
            connection.client.runshell([])
        # dbshell restores the original handler.
        self.assertEqual(sigint_handler, signal.getsignal(signal.SIGINT))
+
+    def test_crash_password_does_not_leak(self):
+        # The password doesn't leak in an exception that results from a client
+        # crash.
+        args, env = self.settings_to_cmd_args_env({'PASSWORD': 'somepassword'}, [])
+        fake_client = Path(__file__).with_name('fake_client.py')
+        args[0:1] = [sys.executable, str(fake_client)]
+        with self.assertRaises(subprocess.CalledProcessError) as ctx:
+            subprocess.run(args, check=True, env=env)
+        self.assertNotIn('somepassword', str(ctx.exception))