Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-14 17:07:09 +00:00
Code Issues Projects Releases Packages Wiki Activity
inspec/docs/resources/postgres_session.md.erb
Clinton Wolfe 2de06bdeb5 Clean injection of Availability section (#3206) 
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-08-09 08:34:49 -04:00

79 lines
2 KiB
Text
Raw Blame History

---
title: About the postgres_session Resource
platform: os
---
# postgres_session
Use the `postgres_session` InSpec audit resource to test SQL commands run against a PostgreSQL database.
<br>
## Availability
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
### Version
This resource first became available in v1.0.0 of InSpec.
## Syntax
A `postgres_session` resource block declares the username and password to use for the session, and then the command to be run:
# Create a PostgreSQL session:
sql = postgres_session('username', 'password', 'host')
# default values:
# username: 'postgres'
# host: 'localhost'
# Run an SQL query with an optional database to execute
sql.query('sql_query', ['database_name'])`
A full example is:
sql = postgres_session('username', 'password', 'host')
describe sql.query('SELECT * FROM pg_shadow WHERE passwd IS NULL;') do
its('output') { should eq '' }
end
where `its('output') { should eq '' }` compares the results of the query against the expected result in the test
<br>
## Examples
The following examples show how to use this InSpec audit resource.
### Test the PostgreSQL shadow password
sql = postgres_session('my_user', 'password', '192.168.1.2')
describe sql.query('SELECT * FROM pg_shadow WHERE passwd IS NULL;', ['testdb']) do
its('output') { should eq('') }
end
### Test for risky database entries
describe postgres_session('my_user', 'password').query('SELECT count (*)
FROM pg_language
WHERE lanpltrusted = \'f\'
AND lanname!=\'internal\'
AND lanname!=\'c\';', ['postgres']) do
its('output') { should eq '0' }
end
<br>
## Matchers
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
### output
The `output` matcher tests the results of the query:
its('output') { should eq(/^0/) }
Reference in a new issue View git blame Copy permalink