hans/Nominatim
1
0
Fork 1
mirror of https://github.com/osm-search/Nominatim.git synced 2026-02-16 15:47:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

only allow alphanumeric and dash in DATABASE_WEBUSER

Browse Source 
This variable is used a lot in raw SQL. Avoid injection issues.
This commit is contained in:
Sarah Hoffmann
2026-02-09 21:07:31 +01:00
parent 7a62c7d812
commit e17d0cb5cf
3 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
test/python/config/test_config.py
View File

@@ -2,7 +2,7 @@
#
# This file is part of Nominatim. (https://nominatim.org)
#
# Copyright (C) 2025 by the Nominatim developer community.
# Copyright (C) 2026 by the Nominatim developer community.
# For a full list of authors see the git log.
"""
Test for loading dotenv configuration.
@@ -68,13 +68,13 @@ def test_prefer_os_environ_over_project_setting(make_config, monkeypatch, tmp_pa
def test_prefer_os_environ_can_unset_project_setting(make_config, monkeypatch, tmp_path):
envfile = tmp_path / '.env'
envfile.write_text('NOMINATIM_DATABASE_WEBUSER=apache\n', encoding='utf-8')
envfile.write_text('NOMINATIM_OSM2PGSQL_BINARY=osm2pgsql\n', encoding='utf-8')
monkeypatch.setenv('NOMINATIM_DATABASE_WEBUSER', '')
monkeypatch.setenv('NOMINATIM_OSM2PGSQL_BINARY', '')
config = make_config(tmp_path)
assert config.DATABASE_WEBUSER == ''
assert config.OSM2PGSQL_BINARY == ''
def test_get_os_env_add_defaults(make_config, monkeypatch):