Fix Issue #5183.

Signed-off-by: Adam M Dutko <adutko@chef.io>
2024-11-23 05:03:07 +00:00 · 2020-08-11 10:34:13 -04:00 · 2020-08-11 10:34:13 -04:00 · 04c3aef004
commit 04c3aef004
parent 679ddd1ee8
4 changed files with 27 additions and 15 deletions
--- a/docs/resources/postgres_session.md.erb
+++ b/docs/resources/postgres_session.md.erb
@ -24,18 +24,19 @@ This resource first became available in v1.0.0 of InSpec.
 A `postgres_session` resource block declares the username and password to use for the session, and then the command to be run:

    # Create a PostgreSQL session:
-    sql = postgres_session('username', 'password', 'host')
+    sql = postgres_session('username', 'password', 'host', 'port')

    # default values:
    #   username: 'postgres'
    #   host: 'localhost'
+    #   port: 5432

    # Run an SQL query with an optional database to execute
    sql.query('sql_query', ['database_name'])`

 A full example is:

-    sql = postgres_session('username', 'password', 'host')
+    sql = postgres_session('username', 'password', 'host', 'port')
    describe sql.query('SELECT * FROM pg_shadow WHERE passwd IS NULL;') do
      its('output') { should eq '' }
    end
@ -50,7 +51,7 @@ The following examples show how to use this Chef InSpec audit resource.

 ### Test the PostgreSQL shadow password

-    sql = postgres_session('my_user', 'password', '192.168.1.2')
+    sql = postgres_session('my_user', 'password', '192.168.1.2', 5432)

    describe sql.query('SELECT * FROM pg_shadow WHERE passwd IS NULL;', ['testdb']) do
      its('output') { should eq('') }
--- a/lib/inspec/resources/postgres_session.rb
+++ b/lib/inspec/resources/postgres_session.rb
@ -26,12 +26,13 @@ module Inspec::Resources
    supports platform: "windows"
    desc "Use the postgres_session InSpec audit resource to test SQL commands run against a PostgreSQL database."
    example <<~EXAMPLE
-      sql = postgres_session('username', 'password', 'host')
+      sql = postgres_session('username', 'password', 'host', 'port')
      query('sql_query', ['database_name'])` contains the query and (optional) database to execute

      # default values:
      # username: 'postgres'
      # host: 'localhost'
+      # port: 5432
      # db: databse == db_user running the sql query

      describe sql.query('SELECT * FROM pg_shadow WHERE passwd IS NULL;') do
@ -39,10 +40,11 @@ module Inspec::Resources
      end
    EXAMPLE

-    def initialize(user, pass, host = nil)
+    def initialize(user, pass, host = nil, port = nil)
      @user = user || "postgres"
      @pass = pass
      @host = host || "localhost"
+      @port = port || 5432
    end

    def query(query, db = [])
@ -64,7 +66,7 @@ module Inspec::Resources

    def create_psql_cmd(query, db = [])
      dbs = db.map { |x| "-d #{x}" }.join(" ")
-      "PGPASSWORD='#{@pass}' psql -U #{@user} #{dbs} -h #{@host} -A -t -c #{escaped_query(query)}"
+      "PGPASSWORD='#{@pass}' psql -U #{@user} #{dbs} -h #{@host} -p #{@port} -A -t -c #{escaped_query(query)}"
    end
  end
 end
--- a/test/unit/resources/postgres_session_test.rb
+++ b/test/unit/resources/postgres_session_test.rb
@ -5,19 +5,27 @@ require "inspec/resources/command"

 describe "Inspec::Resources::PostgresSession" do
  it "verify postgres_session create_psql_cmd with a basic query" do
-    resource = load_resource("postgres_session", "myuser", "mypass", "127.0.0.1")
-    _(resource.send(:create_psql_cmd, "SELECT * FROM STUDENTS;", ["testdb"])).must_equal "PGPASSWORD='mypass' psql -U myuser -d testdb -h 127.0.0.1 -A -t -c SELECT\\ \\*\\ FROM\\ STUDENTS\\;"
+    resource = load_resource("postgres_session", "myuser", "mypass", "127.0.0.1", 5432)
+    _(resource.send(:create_psql_cmd, "SELECT * FROM STUDENTS;", ["testdb"])).must_equal "PGPASSWORD='mypass' psql -U myuser -d testdb -h 127.0.0.1 -p 5432 -A -t -c SELECT\\ \\*\\ FROM\\ STUDENTS\\;"
  end
  it "verify postgres_session escaped_query with a complex query" do
-    resource = load_resource("postgres_session", "myuser", "mypass", "127.0.0.1")
-    _(resource.send(:create_psql_cmd, "SELECT current_setting('client_min_messages')", ["testdb"])).must_equal "PGPASSWORD='mypass' psql -U myuser -d testdb -h 127.0.0.1 -A -t -c SELECT\\ current_setting\\(\\'client_min_messages\\'\\)"
+    resource = load_resource("postgres_session", "myuser", "mypass", "127.0.0.1", 5432)
+    _(resource.send(:create_psql_cmd, "SELECT current_setting('client_min_messages')", ["testdb"])).must_equal "PGPASSWORD='mypass' psql -U myuser -d testdb -h 127.0.0.1 -p 5432 -A -t -c SELECT\\ current_setting\\(\\'client_min_messages\\'\\)"
  end
  it "verify postgres_session redacts output" do
-    cmd = %q{PGPASSWORD='mypass' psql -U myuser -d testdb -h 127.0.0.1 -A -t -c "SELECT current_setting('client_min_messages')"}
+    cmd = %q{PGPASSWORD='mypass' psql -U myuser -d testdb -h 127.0.0.1 -p 5432 -A -t -c "SELECT current_setting('client_min_messages')"}
    options = { redact_regex: /(PGPASSWORD=').+(' psql .*)/ }
    resource = load_resource("command", cmd, options)

-    expected_to_s = %q{Command: `PGPASSWORD='REDACTED' psql -U myuser -d testdb -h 127.0.0.1 -A -t -c "SELECT current_setting('client_min_messages')"`}
+    expected_to_s = %q{Command: `PGPASSWORD='REDACTED' psql -U myuser -d testdb -h 127.0.0.1 -p 5432 -A -t -c "SELECT current_setting('client_min_messages')"`}
    _(resource.to_s).must_equal(expected_to_s)
  end
+  it "verify postgres_session works with empty port value" do
+    resource = load_resource("postgres_session", "myuser", "mypass", "127.0.0.1")
+    _(resource.send(:create_psql_cmd, "SELECT * FROM STUDENTS;", ["testdb"])).must_equal "PGPASSWORD='mypass' psql -U myuser -d testdb -h 127.0.0.1 -p 5432 -A -t -c SELECT\\ \\*\\ FROM\\ STUDENTS\\;"
+  end
+  it "verify postgres_session works with empty host and port value" do
+    resource = load_resource("postgres_session", "myuser", "mypass")
+    _(resource.send(:create_psql_cmd, "SELECT * FROM STUDENTS;", ["testdb"])).must_equal "PGPASSWORD='mypass' psql -U myuser -d testdb -h localhost -p 5432 -A -t -c SELECT\\ \\*\\ FROM\\ STUDENTS\\;"
+  end
 end
--- a/www/content/inspec/resources/postgres_session.md
+++ b/www/content/inspec/resources/postgres_session.md
@ -29,18 +29,19 @@ This resource first became available in v1.0.0 of InSpec.
 A `postgres_session` resource block declares the username and password to use for the session, and then the command to be run:

    # Create a PostgreSQL session:
-    sql = postgres_session('username', 'password', 'host')
+    sql = postgres_session('username', 'password', 'host', 'port')

    # default values:
    #   username: 'postgres'
    #   host: 'localhost'
+    #   port: 5432

    # Run an SQL query with an optional database to execute
    sql.query('sql_query', ['database_name'])`

 A full example is:

-    sql = postgres_session('username', 'password', 'host')
+    sql = postgres_session('username', 'password', 'host', 'port')
    describe sql.query('SELECT * FROM pg_shadow WHERE passwd IS NULL;') do
      its('output') { should eq '' }
    end
@ -53,7 +54,7 @@ The following examples show how to use this Chef InSpec audit resource.

 ### Test the PostgreSQL shadow password

-    sql = postgres_session('my_user', 'password', '192.168.1.2')
+    sql = postgres_session('my_user', 'password', '192.168.1.2', 5432)

    describe sql.query('SELECT * FROM pg_shadow WHERE passwd IS NULL;', ['testdb']) do
      its('output') { should eq('') }