Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-23 05:03:07 +00:00
Code Issues Projects Releases Packages Wiki Activity

sqlplus credentials could contain special symbols and need to be escaped (#2308)

Browse source 
Signed-off-by: Dmytro Malovany <dmytro.malovannyy@gmail.com>
This commit is contained in:
malovdm1 2017-11-15 21:49:09 +01:00 committed by Christoph Hartmann
parent c5130621f3
commit 923e4abf21
2 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/resources/oracledb_session.rb
View file

@ -60,7 +60,9 @@ module Inspec::Resources
p = :parse_html_result
end
command = "echo \"#{opts}\n#{verify_query(escaped_query)}\nEXIT\" | #{bin} -s #{@user}/#{@password}@//#{@host}:#{@port}/#{@service}"
query = verify_query(escaped_query)
query += ';' unless query.end_with?(';')
command = %{echo "#{opts}\n#{query}\nEXIT" | #{bin} "#{@user}"/"#{@password}"@#{@host}:#{@port}/#{@service}}
cmd = inspec.command(command)
out = cmd.stdout + "\n" + cmd.stderr

2
test/helper.rb
View file

@ -416,7 +416,7 @@ class MockLoader
"5c2bc0f0568d11451d6cf83aff02ee3d47211265b52b6c5d45f8e57290b35082" => cmd.call('mssql-getdate'),
# oracle
"bash -c 'type \"sqlplus\"'" => cmd.call('oracle-cmd'),
"ef04e5199abee80e662cc0dd1dd3bf3e0aaae9b4498217d241db00b413820911" => cmd.call('oracle-result'),
"527f243fe9b01fc7b7d78eb1ef5200e272b011aa07c9f59836d950107d6d2a5c" => cmd.call('oracle-result'),
# nginx mock cmd
%{nginx -V 2>&1} => cmd.call('nginx-v'),
%{/usr/sbin/nginx -V 2>&1} => cmd.call('nginx-v'),