scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-01 19:17:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use parameters when executing prepared statements rather than fmt.Sprintf (#9013)

Browse Source 
* Don't use string formatting to prepare queries.

We should, when possible, use the built-in params and ? format when
preparing and executing a query. This is done to prevent SQL Injection
attacks.

* Revert some changes due to failing tests, update mssql go driver

* Add docker container startup for some MSSQL tests

* Remove acceptance test flagging, add more SQL injection protection

* Refactor MSSQL prepareTestContainer to a test helper

Also, remove all ? references and convert them to @p*
This commit is contained in:
Lauren Voswinkel
2020-05-21 16:07:18 -07:00
committed by GitHub
parent 87f47c216c
commit 1a322e2026
7 changed files with 84 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
plugins/database/mssql/mssql_test.go
View File

@@ -4,19 +4,17 @@ import (
"context"
"database/sql"
"fmt"
"os"
"strings"
"testing"
"time"
mssqlhelper "github.com/hashicorp/vault/helper/testhelpers/mssql"
"github.com/hashicorp/vault/sdk/database/dbplugin"
)
func TestMSSQL_Initialize(t *testing.T) {
if os.Getenv("MSSQL_URL") == "" || os.Getenv("VAULT_ACC") != "1" {
t.SkipNow()
}
connURL := os.Getenv("MSSQL_URL")
cleanup, connURL := mssqlhelper.PrepareMSSQLTestContainer(t)
defer cleanup()
connectionDetails := map[string]interface{}{
"connection_url": connURL,
@@ -50,10 +48,8 @@ func TestMSSQL_Initialize(t *testing.T) {
}
func TestMSSQL_CreateUser(t *testing.T) {
if os.Getenv("MSSQL_URL") == "" || os.Getenv("VAULT_ACC") != "1" {
t.SkipNow()
}
connURL := os.Getenv("MSSQL_URL")
cleanup, connURL := mssqlhelper.PrepareMSSQLTestContainer(t)
defer cleanup()
connectionDetails := map[string]interface{}{
"connection_url": connURL,
@@ -91,10 +87,8 @@ func TestMSSQL_CreateUser(t *testing.T) {
}
func TestMSSQL_RotateRootCredentials(t *testing.T) {
if os.Getenv("MSSQL_URL") == "" || os.Getenv("VAULT_ACC") != "1" {
t.SkipNow()
}
connURL := os.Getenv("MSSQL_URL")
cleanup, connURL := mssqlhelper.PrepareMSSQLTestContainer(t)
defer cleanup()
connectionDetails := map[string]interface{}{
"connection_url": connURL,
@@ -130,10 +124,8 @@ func TestMSSQL_RotateRootCredentials(t *testing.T) {
}
func TestMSSQL_RevokeUser(t *testing.T) {
if os.Getenv("MSSQL_URL") == "" || os.Getenv("VAULT_ACC") != "1" {
t.SkipNow()
}
connURL := os.Getenv("MSSQL_URL")
cleanup, connURL := mssqlhelper.PrepareMSSQLTestContainer(t)
defer cleanup()
connectionDetails := map[string]interface{}{
"connection_url": connURL,