Commit Graph

11 Commits

Author SHA1 Message Date
Hasan Ramezani 1a78ef2b85
Fixed #33715 -- Allowed keyboard interrupt to abort queries in MySQL dbshell. 2022-05-20 07:11:51 +02:00
django-bot 9c19aff7c7 Refs #33476 -- Reformatted code with Black. 2022-02-07 20:37:05 +01:00
Nick Pope 1061f52436 Fixed #32732 -- Removed usage of deprecated 'db' and 'passwd' connection options in MySQL backend.
The 'db' and 'passwd' connection options have been deprecated, use
'database' and 'password' instead (available since mysqlclient >= 1.3.8).

This also allows the 'database' option in DATABASES['OPTIONS'] on MySQL.
2021-05-12 12:21:57 +02:00
Mariusz Felisiak 009fddc96b
Refs #32061 -- Fixed test_crash_password_does_not_leak() crash on Windows.
When env is passed to subprocess.run() we should pass all existing
environment variables. This fixes crash on Windows:

Fatal Python error: failed to get random numbers to initialize Python

Fatal Python error: _Py_HashRandomization_Init: failed to get random
numbers to initialize Python
Python runtime state: preinitialized
2020-11-03 11:38:40 +01:00
Simon Charette 384ac0990f Refs #32061 -- Prevented password leak on MySQL dbshell crash.
The usage of the --password flag when invoking the mysql CLI has the
potential of exposing the password in plain text if the command happens
to crash due to the inclusion of args provided to
subprocess.run(check=True) in the string representation of the
subprocess.CalledProcessError exception raised on non-zero return code.

Since this has the potential of leaking the password to logging
facilities configured to capture crashes (e.g. sys.excepthook, Sentry)
it's safer to rely on the MYSQL_PWD environment variable instead even
if its usage is discouraged due to potential leak through the ps
command on old flavors of Unix.

Thanks Charlie Denton for reporting the issue to the security team.

Refs #24999.
2020-10-30 10:12:52 +01:00
Simon Charette bbe6fbb876 Refs #32061 -- Unified DatabaseClient.runshell() in db backends. 2020-10-29 22:22:58 +01:00
manav014 af87574a3c Fixed #6517 -- Made dbshell use charset option on MySQL.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-10-17 12:24:36 +02:00
Hasan Ramezani 9e8edc1e55 Fixed #31491 -- Allowed 'password' option in DATABASES['OPTIONS'] on MySQL. 2020-06-12 12:07:43 +02:00
Adam Johnson 5b884d45ac Fixed #29501 -- Allowed dbshell to pass options to underlying tool. 2020-04-14 14:02:51 +01:00
Paul Tiplady 335a8d7895 Fixed #28322 -- Added dbshell support for MySQL client TLS certs. 2017-06-19 18:11:25 -04:00
Tim Graham 1e63652e44 Renamed MySQL-specific dbshell test file. 2015-06-27 16:22:11 -04:00