Commit Graph

31 Commits

Author SHA1 Message Date
Mariusz Felisiak 009fddc96b
Refs #32061 -- Fixed test_crash_password_does_not_leak() crash on Windows.
When env is passed to subprocess.run() we should pass all existing
environment variables. This fixes crash on Windows:

Fatal Python error: failed to get random numbers to initialize Python

Fatal Python error: _Py_HashRandomization_Init: failed to get random
numbers to initialize Python
Python runtime state: preinitialized
2020-11-03 11:38:40 +01:00
Simon Charette 384ac0990f Refs #32061 -- Prevented password leak on MySQL dbshell crash.
The usage of the --password flag when invoking the mysql CLI has the
potential of exposing the password in plain text if the command happens
to crash due to the inclusion of args provided to
subprocess.run(check=True) in the string representation of the
subprocess.CalledProcessError exception raised on non-zero return code.

Since this has the potential of leaking the password to logging
facilities configured to capture crashes (e.g. sys.excepthook, Sentry)
it's safer to rely on the MYSQL_PWD environment variable instead even
if its usage is discouraged due to potential leak through the ps
command on old flavors of Unix.

Thanks Charlie Denton for reporting the issue to the security team.

Refs #24999.
2020-10-30 10:12:52 +01:00
Simon Charette eb25fdb620 Refs #32061 -- Added test for dbshell password leak on PostgreSQL. 2020-10-30 10:12:47 +01:00
Simon Charette bbe6fbb876 Refs #32061 -- Unified DatabaseClient.runshell() in db backends. 2020-10-29 22:22:58 +01:00
manav014 af87574a3c Fixed #6517 -- Made dbshell use charset option on MySQL.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-10-17 12:24:36 +02:00
Hasan Ramezani 9e8edc1e55 Fixed #31491 -- Allowed 'password' option in DATABASES['OPTIONS'] on MySQL. 2020-06-12 12:07:43 +02:00
Adam Johnson 5b884d45ac Fixed #29501 -- Allowed dbshell to pass options to underlying tool. 2020-04-14 14:02:51 +01:00
Mariusz Felisiak 8189976663 Refs #29501 -- Added test for missing dbshell executable. 2020-04-14 13:22:46 +02:00
Zeynel Özdemir 9d40b6bbf4 Fixed #31076 -- Fixed dbshell crash on Windows with Python < 3.8.
subprocess.run()'s args parameter accepts path-like objects on Windows
since Python 3.8.
2019-12-16 11:20:41 +01:00
Mariusz Felisiak 92c72b68b7
Fixed broken OracleDbshellTests tests after 9386586f31. 2019-08-23 21:25:21 +02:00
Claude Paroz 9386586f31 Replaced subprocess commands by run() wherever possible. 2019-08-23 10:53:36 +02:00
Min ho Kim 9f11939dd1 Fixed typos in comments and a test name. 2019-07-19 18:24:06 +02:00
Oleh Mykytiuk 177fa08339 Fixed #30370 -- Added dbshell support for client TLS certificates on PostgreSQL. 2019-04-18 08:10:31 +02:00
Daniel Bowring cf826c9a91 Fixed #30173 -- Simplified db.backends.postgresql.client. 2019-02-13 17:12:02 -05:00
Tim Graham ddb2936852 Refs #25175 -- Renamed test file referencing the old postgresql_psycopg2 engine. 2019-02-13 17:11:33 -05:00
Jon Dufresne 7e3bf2662b Removed default mode='r' argument from calls to open(). 2019-01-27 17:41:43 -05:00
Mariusz Felisiak c6525bea9e Fixed #29534 -- Made dbshell use rlwrap on Oracle if available. 2018-10-25 19:39:42 -04:00
luz.paz 97e637a87f Fixed typos in comments and docs. 2018-08-01 16:09:22 -04:00
Paul Tiplady 335a8d7895 Fixed #28322 -- Added dbshell support for MySQL client TLS certs. 2017-06-19 18:11:25 -04:00
Chris Sinchok 66150f7cf6 Fixed #27954 -- Allowed keyboard interrupt to abort queries in PostgreSQL dbshell.
Thanks Tim Martin for review.
2017-04-01 21:01:08 -04:00
Tim Graham 7aba69145d Refs #23919 -- Removed django.test.mock Python 2 compatibility shim. 2017-01-20 08:17:20 -05:00
Claude Paroz dc8834cad4 Refs #23919 -- Removed unneeded force_str calls 2017-01-20 08:44:31 +01:00
Claude Paroz c716fe8782 Refs #23919 -- Removed six.PY2/PY3 usage
Thanks Tim Graham for the review.
2017-01-18 16:21:28 +01:00
Claude Paroz d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
mieciu 19ff506878 Fixed #26698 -- Fixed PostgreSQL dbshell crash on an empty database name. 2016-06-03 12:30:21 -04:00
Caio Ariede ec9004728e Fixed #25175 -- Renamed the postgresql_psycopg2 database backend to postgresql. 2015-08-07 09:33:17 -04:00
Tim Graham 6bd8462380 Refs #23658 -- Fixed dbshell tests on Windows. 2015-07-06 16:17:56 -04:00
Tim Graham b535eb3fcb Refs #23658 -- Fixed unclosed file in dbshell tests. 2015-07-01 13:45:02 -04:00
Jean-Michel Vourgère b64c0d4d61 Fixed #23658 -- Provided the password to PostgreSQL dbshell command
The password from settings.py is written in a temporary .pgpass file
file whose name is given to psql using the PGPASSFILE environment
variable.
2015-06-30 18:21:51 -04:00
Tim Graham 1e63652e44 Renamed MySQL-specific dbshell test file. 2015-06-27 16:22:11 -04:00
zsoldosp 01801edd37 Fixed #22646: Added support for the MySQL ssl-ca option to dbshell. 2014-08-13 18:29:42 -04:00