From cc047a445a9b74e38f1f3128545302f26d83ff81 Mon Sep 17 00:00:00 2001 From: Daniele Varrazzo Date: Wed, 15 Mar 2017 16:00:40 +0000 Subject: Added tests to verify the password is obscured The url test fails: see issue #528 --- tests/test_connection.py | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) (limited to 'tests') diff --git a/tests/test_connection.py b/tests/test_connection.py index 385d979..dcf3a4a 100755 --- a/tests/test_connection.py +++ b/tests/test_connection.py @@ -1479,6 +1479,46 @@ class AutocommitTests(ConnectingTestCase): self.assertEqual(cur.fetchone()[0], 'on') +class PasswordLeakTestCase(ConnectingTestCase): + def setUp(self): + super(PasswordLeakTestCase, self).setUp() + PasswordLeakTestCase.dsn = None + + class GrassingConnection(ext.connection): + """A connection snitching the dsn away. + + This connection passes the dsn to the test case class even if init + fails (e.g. connection error). Test that we mangle the dsn ok anyway. + """ + + def __init__(self, *args, **kwargs): + try: + super(PasswordLeakTestCase.GrassingConnection, self).__init__( + *args, **kwargs) + finally: + # The connection is not initialized entirely, however the C + # code should have set the dsn, and it should have scrubbed + # the password away + PasswordLeakTestCase.dsn = self.dsn + + def test_leak(self): + self.assertRaises(psycopg2.DatabaseError, + self.GrassingConnection, "dbname=nosuch password=whateva") + + self.assert_('nosuch' in self.dsn) + self.assert_('password' in self.dsn) + self.assert_('whateva' not in self.dsn) + + def test_url_leak(self): + self.assertRaises(psycopg2.DatabaseError, + self.GrassingConnection, + "postgres://someone:whateva@localhost/nosuch") + + self.assert_('nosuch' in self.dsn) + self.assert_('someone' in self.dsn) + self.assert_('whateva' not in self.dsn) + + def test_suite(): return unittest.TestLoader().loadTestsFromName(__name__) -- cgit v1.2.1