inspec/docs/resources/postgres_session.md.erb

76 lines
1.7 KiB
Text
Raw Normal View History

2016-09-22 12:43:57 +00:00
---
title: About the postgres_session Resource
---
# postgres_session
Use the `postgres_session` InSpec audit resource to test SQL commands run against a PostgreSQL database.
## Syntax
2016-09-22 12:43:57 +00:00
A `postgres_session` resource block declares the username and password to use for the session, and then the command to be run:
sql = postgres_session('username', 'password')
describe sql.query('SELECT * FROM pg_shadow WHERE passwd IS NULL;') do
its('output') { should eq('') }
end
where
* `sql = postgres_session` declares a username and password with permission to run the query
* `sql.query('')` contains the query to be run
* `its('output') { should eq('') }` compares the results of the query against the expected result in the test
## Matchers
2016-09-22 12:43:57 +00:00
This InSpec audit resource has the following matchers:
### be
2016-09-22 12:43:57 +00:00
<%= partial "/shared/matcher_be" %>
### cmp
2016-09-22 12:43:57 +00:00
<%= partial "/shared/matcher_cmp" %>
### eq
2016-09-22 12:43:57 +00:00
<%= partial "/shared/matcher_eq" %>
### include
2016-09-22 12:43:57 +00:00
<%= partial "/shared/matcher_include" %>
### match
2016-09-22 12:43:57 +00:00
<%= partial "/shared/matcher_match" %>
### output
2016-09-22 12:43:57 +00:00
The `output` matcher tests the results of the query:
its('output') { should eq(/^0/) }
## Examples
2016-09-22 12:43:57 +00:00
The following examples show how to use this InSpec audit resource.
### Test the PostgreSQL shadow password
2016-09-22 12:43:57 +00:00
sql = postgres_session('my_user', 'password')
describe sql.query('SELECT * FROM pg_shadow WHERE passwd IS NULL;') do
its('output') { should eq('') }
end
### Test for risky database entries
2016-09-22 12:43:57 +00:00
describe postgres_session('my_user', 'password').query('SELECT count (*)
FROM pg_language
WHERE lanpltrusted = \'f\'
AND lanname!=\'internal\'
AND lanname!=\'c\';') do
its('output') { should eq '0' }
end