diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2022-03-03 22:23:42 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2022-03-03 22:23:42 +0000 |
| commit | 4191cb150300d310ab5fa22ce2cfb02b6f6051b0 (patch) | |
| tree | 501724c674333b636ce1a5a73f84dec708d35bcd /test/confs/2620 | |
| parent | 376d3790ba2756278e28d0ecaa1ed7c9b1a0ab00 (diff) | |
Check query strings of query-style lookups for quoting. Bug 2850
Diffstat (limited to 'test/confs/2620')
| -rw-r--r-- | test/confs/2620 | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/test/confs/2620 b/test/confs/2620 index 85d25035f..70a460e24 100644 --- a/test/confs/2620 +++ b/test/confs/2620 @@ -25,26 +25,29 @@ begin acl check_recipient: # Tainted-data checks warn - # taint only in lookup string - set acl_m0 = ok: ${lookup pgsql {select name from them where id = '$local_part'}} + # taint only in lookup string, properly quoted + set acl_m0 = ok: ${lookup pgsql {select name from them where id = '${quote_pgsql:$local_part}'}} + # taint only in lookup string, but not quoted + set acl_m0 = FAIL: ${lookup pgsql,cache=no_rd {select name from them where id = '$local_part'}} + warn # option on lookup type unaffected - set acl_m0 = ok: ${lookup pgsql,servers=SERVERS {select name from them where id = '$local_part'}} + set acl_m0 = ok: ${lookup pgsql,servers=SERVERS {select name from them where id = '${quote_pgsql:$local_part}'}} # partial server-spec, indexing main-option, works - set acl_m0 = ok: ${lookup pgsql,servers=PARTIAL {select name from them where id = '$local_part'}} + set acl_m0 = ok: ${lookup pgsql,servers=PARTIAL {select name from them where id = '${quote_pgsql:$local_part}'}} # oldstyle server spec, prepended to lookup string, fails with taint - set acl_m0 = FAIL: ${lookup pgsql {servers=SERVERS; select name from them where id = '$local_part'}} + set acl_m0 = FAIL: ${lookup pgsql {servers=SERVERS; select name from them where id = '${quote_pgsql:$local_part}'}} - # In list-stle lookup, tainted lookup string is ok if server spec comes from main-option + # In list-style lookup, tainted lookup string is ok if server spec comes from main-option warn set acl_m0 = ok: hostlist - hosts = net-pgsql;select * from them where id='$local_part' + hosts = net-pgsql;select * from them where id='${quote_pgsql:$local_part}' # ... but setting a per-query servers spec fails due to the taint warn set acl_m0 = FAIL: hostlist - hosts = <& net-pgsql;servers=SERVERS; select * from them where id='$local_part' + hosts = <& net-pgsql;servers=SERVERS; select * from them where id='${quote_pgsql:$local_part}' # The newer server-list-as-option-to-lookup-type is not a solution to tainted data in the lookup, because # string-expansion is done before list-expansion so the taint contaminates the entire list. warn set acl_m0 = FAIL: hostlist - hosts = <& net-pgsql,servers=SERVERS; select * from them where id='$local_part' + hosts = <& net-pgsql,servers=SERVERS; select * from them where id='${quote_pgsql:$local_part}' accept domains = +local_domains accept hosts = +relay_hosts |