hans/Nominatim
1
0
Fork 1
mirror of https://github.com/osm-search/Nominatim.git synced 2026-02-15 10:57:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

only allow alphanumeric and dash in DATABASE_WEBUSER

Browse Source 
This variable is used a lot in raw SQL. Avoid injection issues.
This commit is contained in:
Sarah Hoffmann
2026-02-09 21:07:31 +01:00
parent 7a62c7d812
commit e17d0cb5cf
3 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
test/python/tools/test_database_import.py
View File

@@ -62,7 +62,7 @@ class TestDatabaseSetup:
def test_create_db_missing_ro_user(self):
with pytest.raises(UsageError, match='Missing read-only user.'):
database_import.setup_database_skeleton(f'dbname={self.DBNAME}',
rouser='sdfwkjkjgdugu2;jgsafkljas;')
rouser='sdfwkjkjgdugu2jgsafkljas')
def test_setup_extensions_old_postgis(self, monkeypatch):
monkeypatch.setattr(database_import, 'POSTGIS_REQUIRED_VERSION', (50, 50))