Use lib/pq's QuoteIdentifier() on all identifiers and Prepare

for all literals.
This commit is contained in:
Sean Chittenden 2016-07-03 16:01:39 -07:00
parent 4a8d9eb942
commit 08fb1a30d4
No known key found for this signature in database
GPG key ID: 4EBC9DC16C2E5E16
2 changed files with 18 additions and 18 deletions

View file

@ -238,9 +238,8 @@ func testAccStepReadCreds(t *testing.T, b logical.Backend, s logical.Storage, na
}
returnedRows := func() int {
stmt, err := db.Prepare(fmt.Sprintf(
"SELECT DISTINCT schemaname FROM pg_tables WHERE has_table_privilege('%s', 'information_schema.role_column_grants', 'select');",
d.Username))
stmt, err := db.Prepare("SELECT DISTINCT schemaname FROM pg_tables WHERE has_table_privilege($1, 'information_schema.role_column_grants', 'select');",
d.Username)
if err != nil {
return -1
}

View file

@ -99,8 +99,7 @@ func (b *backend) secretCredsRevoke(
// Check if the role exists
var exists bool
query := fmt.Sprintf("SELECT exists (SELECT rolname FROM pg_roles WHERE rolname='%s');", username)
err = db.QueryRow(query).Scan(&exists)
err = db.QueryRow("SELECT exists (SELECT rolname FROM pg_roles WHERE rolname=$1);", username).Scan(&exists)
if err != nil && err != sql.ErrNoRows {
return nil, err
}
@ -113,9 +112,7 @@ func (b *backend) secretCredsRevoke(
// the role
// This isn't done in a transaction because even if we fail along the way,
// we want to remove as much access as possible
stmt, err := db.Prepare(fmt.Sprintf(
"SELECT DISTINCT table_schema FROM information_schema.role_column_grants WHERE grantee='%s';",
username))
stmt, err := db.Prepare("SELECT DISTINCT table_schema FROM information_schema.role_column_grants WHERE grantee=$1;", username)
if err != nil {
return nil, err
}
@ -127,7 +124,8 @@ func (b *backend) secretCredsRevoke(
}
defer rows.Close()
var revocationStmts []string
const initialNumRevocations = 16
revocationStmts := make([]string, 0, initialNumRevocations)
for rows.Next() {
var schema string
err = rows.Scan(&schema)
@ -136,21 +134,23 @@ func (b *backend) secretCredsRevoke(
continue
}
revocationStmts = append(revocationStmts, fmt.Sprintf(
"REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA %s FROM %s;",
schema, pq.QuoteIdentifier(username)))
`REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA %s FROM %s;`,
pq.QuoteIdentifier(schema),
pq.QuoteIdentifier(username)))
revocationStmts = append(revocationStmts, fmt.Sprintf(
"REVOKE USAGE ON SCHEMA %s FROM %s;",
schema, pq.QuoteIdentifier(username)))
`REVOKE USAGE ON SCHEMA %s FROM %s;`,
pq.QuoteIdentifier(schema),
pq.QuoteIdentifier(username)))
}
// for good measure, revoke all privileges and usage on schema public
revocationStmts = append(revocationStmts, fmt.Sprintf(
"REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA public FROM %s;",
`REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA public FROM %s;`,
pq.QuoteIdentifier(username)))
revocationStmts = append(revocationStmts, fmt.Sprintf(
"REVOKE USAGE ON SCHEMA public FROM %s;",
`REVOKE USAGE ON SCHEMA public FROM %s;`,
pq.QuoteIdentifier(username)))
// get the current database name so we can issue a REVOKE CONNECT for
@ -162,8 +162,9 @@ func (b *backend) secretCredsRevoke(
if dbname.Valid {
revocationStmts = append(revocationStmts, fmt.Sprintf(
"REVOKE CONNECT ON DATABASE %s FROM %s;",
dbname.String, pq.QuoteIdentifier(username)))
`REVOKE CONNECT ON DATABASE %s FROM %s;`,
pq.QuoteIdentifier(dbname.String),
pq.QuoteIdentifier(username)))
}
// again, here, we do not stop on error, as we want to remove as
@ -192,7 +193,7 @@ func (b *backend) secretCredsRevoke(
// Drop this user
stmt, err = db.Prepare(fmt.Sprintf(
"DROP ROLE IF EXISTS %s;", pq.QuoteIdentifier(username)))
`DROP ROLE IF EXISTS %s;`, pq.QuoteIdentifier(username)))
if err != nil {
return nil, err
}