--- title: About the postgres_session Resource --- # postgres_session Use the `postgres_session` InSpec audit resource to test SQL commands run against a PostgreSQL database. ## Syntax A `postgres_session` resource block declares the username and password to use for the session, and then the command to be run: # Create a PostgreSQL session: sql = postgres_session('username', 'password', 'host') # default values: # username: 'postgres' # host: 'localhost' # Run an SQL query with an optional database to execute sql.query('sql_query', ['database_name'])` A full example is: sql = postgres_session('username', 'password', 'host') describe sql.query('SELECT * FROM pg_shadow WHERE passwd IS NULL;') do its('output') { should eq '' } end where `its('output') { should eq '' }` compares the results of the query against the expected result in the test ## Matchers This InSpec audit resource has the following matchers: ### be <%= partial "/shared/matcher_be" %> ### cmp <%= partial "/shared/matcher_cmp" %> ### eq <%= partial "/shared/matcher_eq" %> ### include <%= partial "/shared/matcher_include" %> ### match <%= partial "/shared/matcher_match" %> ### output The `output` matcher tests the results of the query: its('output') { should eq(/^0/) } ## Examples The following examples show how to use this InSpec audit resource. ### Test the PostgreSQL shadow password sql = postgres_session('my_user', 'password', '192.168.1.2') describe sql.query('SELECT * FROM pg_shadow WHERE passwd IS NULL;', ['testdb']) do its('output') { should eq('') } end ### Test for risky database entries describe postgres_session('my_user', 'password').query('SELECT count (*) FROM pg_language WHERE lanpltrusted = \'f\' AND lanname!=\'internal\' AND lanname!=\'c\';', ['postgres']) do its('output') { should eq '0' } end