Use lib/pq
's QuoteIdentifier()
on all identifiers and Prepare
for all literals.
This commit is contained in:
parent
4a8d9eb942
commit
08fb1a30d4
|
@ -238,9 +238,8 @@ func testAccStepReadCreds(t *testing.T, b logical.Backend, s logical.Storage, na
|
|||
}
|
||||
|
||||
returnedRows := func() int {
|
||||
stmt, err := db.Prepare(fmt.Sprintf(
|
||||
"SELECT DISTINCT schemaname FROM pg_tables WHERE has_table_privilege('%s', 'information_schema.role_column_grants', 'select');",
|
||||
d.Username))
|
||||
stmt, err := db.Prepare("SELECT DISTINCT schemaname FROM pg_tables WHERE has_table_privilege($1, 'information_schema.role_column_grants', 'select');",
|
||||
d.Username)
|
||||
if err != nil {
|
||||
return -1
|
||||
}
|
||||
|
|
|
@ -99,8 +99,7 @@ func (b *backend) secretCredsRevoke(
|
|||
|
||||
// Check if the role exists
|
||||
var exists bool
|
||||
query := fmt.Sprintf("SELECT exists (SELECT rolname FROM pg_roles WHERE rolname='%s');", username)
|
||||
err = db.QueryRow(query).Scan(&exists)
|
||||
err = db.QueryRow("SELECT exists (SELECT rolname FROM pg_roles WHERE rolname=$1);", username).Scan(&exists)
|
||||
if err != nil && err != sql.ErrNoRows {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -113,9 +112,7 @@ func (b *backend) secretCredsRevoke(
|
|||
// the role
|
||||
// This isn't done in a transaction because even if we fail along the way,
|
||||
// we want to remove as much access as possible
|
||||
stmt, err := db.Prepare(fmt.Sprintf(
|
||||
"SELECT DISTINCT table_schema FROM information_schema.role_column_grants WHERE grantee='%s';",
|
||||
username))
|
||||
stmt, err := db.Prepare("SELECT DISTINCT table_schema FROM information_schema.role_column_grants WHERE grantee=$1;", username)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -127,7 +124,8 @@ func (b *backend) secretCredsRevoke(
|
|||
}
|
||||
defer rows.Close()
|
||||
|
||||
var revocationStmts []string
|
||||
const initialNumRevocations = 16
|
||||
revocationStmts := make([]string, 0, initialNumRevocations)
|
||||
for rows.Next() {
|
||||
var schema string
|
||||
err = rows.Scan(&schema)
|
||||
|
@ -136,21 +134,23 @@ func (b *backend) secretCredsRevoke(
|
|||
continue
|
||||
}
|
||||
revocationStmts = append(revocationStmts, fmt.Sprintf(
|
||||
"REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA %s FROM %s;",
|
||||
schema, pq.QuoteIdentifier(username)))
|
||||
`REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA %s FROM %s;`,
|
||||
pq.QuoteIdentifier(schema),
|
||||
pq.QuoteIdentifier(username)))
|
||||
|
||||
revocationStmts = append(revocationStmts, fmt.Sprintf(
|
||||
"REVOKE USAGE ON SCHEMA %s FROM %s;",
|
||||
schema, pq.QuoteIdentifier(username)))
|
||||
`REVOKE USAGE ON SCHEMA %s FROM %s;`,
|
||||
pq.QuoteIdentifier(schema),
|
||||
pq.QuoteIdentifier(username)))
|
||||
}
|
||||
|
||||
// for good measure, revoke all privileges and usage on schema public
|
||||
revocationStmts = append(revocationStmts, fmt.Sprintf(
|
||||
"REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA public FROM %s;",
|
||||
`REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA public FROM %s;`,
|
||||
pq.QuoteIdentifier(username)))
|
||||
|
||||
revocationStmts = append(revocationStmts, fmt.Sprintf(
|
||||
"REVOKE USAGE ON SCHEMA public FROM %s;",
|
||||
`REVOKE USAGE ON SCHEMA public FROM %s;`,
|
||||
pq.QuoteIdentifier(username)))
|
||||
|
||||
// get the current database name so we can issue a REVOKE CONNECT for
|
||||
|
@ -162,8 +162,9 @@ func (b *backend) secretCredsRevoke(
|
|||
|
||||
if dbname.Valid {
|
||||
revocationStmts = append(revocationStmts, fmt.Sprintf(
|
||||
"REVOKE CONNECT ON DATABASE %s FROM %s;",
|
||||
dbname.String, pq.QuoteIdentifier(username)))
|
||||
`REVOKE CONNECT ON DATABASE %s FROM %s;`,
|
||||
pq.QuoteIdentifier(dbname.String),
|
||||
pq.QuoteIdentifier(username)))
|
||||
}
|
||||
|
||||
// again, here, we do not stop on error, as we want to remove as
|
||||
|
@ -192,7 +193,7 @@ func (b *backend) secretCredsRevoke(
|
|||
|
||||
// Drop this user
|
||||
stmt, err = db.Prepare(fmt.Sprintf(
|
||||
"DROP ROLE IF EXISTS %s;", pq.QuoteIdentifier(username)))
|
||||
`DROP ROLE IF EXISTS %s;`, pq.QuoteIdentifier(username)))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue