From 36294f464a4253017c4d9e04657d5469556f27f8 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 24 Aug 2018 11:22:17 -0700 Subject: [PATCH] Update psql invocations to properly escape user input! See also: - https://stackoverflow.com/a/18683163/433558 - https://www.postgresql.org/docs/9.3/static/app-psql.html#APP-PSQL-VARIABLES - https://www.postgresql.org/docs/9.3/static/app-psql.html#APP-PSQL-INTERPOLATION --- 10/alpine/docker-entrypoint.sh | 10 +++++----- 10/docker-entrypoint.sh | 10 +++++----- 11/alpine/docker-entrypoint.sh | 10 +++++----- 11/docker-entrypoint.sh | 10 +++++----- 9.3/alpine/docker-entrypoint.sh | 10 +++++----- 9.3/docker-entrypoint.sh | 10 +++++----- 9.4/alpine/docker-entrypoint.sh | 10 +++++----- 9.4/docker-entrypoint.sh | 10 +++++----- 9.5/alpine/docker-entrypoint.sh | 10 +++++----- 9.5/docker-entrypoint.sh | 10 +++++----- 9.6/alpine/docker-entrypoint.sh | 10 +++++----- 9.6/docker-entrypoint.sh | 10 +++++----- docker-entrypoint.sh | 10 +++++----- 13 files changed, 65 insertions(+), 65 deletions(-) diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh index 33d48430fc..fb078c82cd 100755 --- a/10/alpine/docker-entrypoint.sh +++ b/10/alpine/docker-entrypoint.sh @@ -81,7 +81,7 @@ if [ "$1" = 'postgres' ]; then # messes it up file_env 'POSTGRES_PASSWORD' if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD '$POSTGRES_PASSWORD'" + pass="PASSWORD :'pass'" authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -121,8 +121,8 @@ if [ "$1" = 'postgres' ]; then psql=( psql -v ON_ERROR_STOP=1 ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres <<-EOSQL - CREATE DATABASE "$POSTGRES_DB" ; + "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + CREATE DATABASE :"db" ; EOSQL echo fi @@ -132,8 +132,8 @@ if [ "$1" = 'postgres' ]; then else op='CREATE' fi - "${psql[@]}" --username postgres <<-EOSQL - $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; + "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL + $op USER :"user" WITH SUPERUSER $pass ; EOSQL echo diff --git a/10/docker-entrypoint.sh b/10/docker-entrypoint.sh index dafe66000f..4ef90d3ef9 100755 --- a/10/docker-entrypoint.sh +++ b/10/docker-entrypoint.sh @@ -81,7 +81,7 @@ if [ "$1" = 'postgres' ]; then # messes it up file_env 'POSTGRES_PASSWORD' if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD '$POSTGRES_PASSWORD'" + pass="PASSWORD :'pass'" authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -121,8 +121,8 @@ if [ "$1" = 'postgres' ]; then psql=( psql -v ON_ERROR_STOP=1 ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres <<-EOSQL - CREATE DATABASE "$POSTGRES_DB" ; + "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + CREATE DATABASE :"db" ; EOSQL echo fi @@ -132,8 +132,8 @@ if [ "$1" = 'postgres' ]; then else op='CREATE' fi - "${psql[@]}" --username postgres <<-EOSQL - $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; + "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL + $op USER :"user" WITH SUPERUSER $pass ; EOSQL echo diff --git a/11/alpine/docker-entrypoint.sh b/11/alpine/docker-entrypoint.sh index 33d48430fc..fb078c82cd 100755 --- a/11/alpine/docker-entrypoint.sh +++ b/11/alpine/docker-entrypoint.sh @@ -81,7 +81,7 @@ if [ "$1" = 'postgres' ]; then # messes it up file_env 'POSTGRES_PASSWORD' if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD '$POSTGRES_PASSWORD'" + pass="PASSWORD :'pass'" authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -121,8 +121,8 @@ if [ "$1" = 'postgres' ]; then psql=( psql -v ON_ERROR_STOP=1 ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres <<-EOSQL - CREATE DATABASE "$POSTGRES_DB" ; + "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + CREATE DATABASE :"db" ; EOSQL echo fi @@ -132,8 +132,8 @@ if [ "$1" = 'postgres' ]; then else op='CREATE' fi - "${psql[@]}" --username postgres <<-EOSQL - $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; + "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL + $op USER :"user" WITH SUPERUSER $pass ; EOSQL echo diff --git a/11/docker-entrypoint.sh b/11/docker-entrypoint.sh index dafe66000f..4ef90d3ef9 100755 --- a/11/docker-entrypoint.sh +++ b/11/docker-entrypoint.sh @@ -81,7 +81,7 @@ if [ "$1" = 'postgres' ]; then # messes it up file_env 'POSTGRES_PASSWORD' if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD '$POSTGRES_PASSWORD'" + pass="PASSWORD :'pass'" authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -121,8 +121,8 @@ if [ "$1" = 'postgres' ]; then psql=( psql -v ON_ERROR_STOP=1 ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres <<-EOSQL - CREATE DATABASE "$POSTGRES_DB" ; + "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + CREATE DATABASE :"db" ; EOSQL echo fi @@ -132,8 +132,8 @@ if [ "$1" = 'postgres' ]; then else op='CREATE' fi - "${psql[@]}" --username postgres <<-EOSQL - $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; + "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL + $op USER :"user" WITH SUPERUSER $pass ; EOSQL echo diff --git a/9.3/alpine/docker-entrypoint.sh b/9.3/alpine/docker-entrypoint.sh index 4ab34909c7..3b8a7735f9 100755 --- a/9.3/alpine/docker-entrypoint.sh +++ b/9.3/alpine/docker-entrypoint.sh @@ -81,7 +81,7 @@ if [ "$1" = 'postgres' ]; then # messes it up file_env 'POSTGRES_PASSWORD' if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD '$POSTGRES_PASSWORD'" + pass="PASSWORD :'pass'" authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -121,8 +121,8 @@ if [ "$1" = 'postgres' ]; then psql=( psql -v ON_ERROR_STOP=1 ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres <<-EOSQL - CREATE DATABASE "$POSTGRES_DB" ; + "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + CREATE DATABASE :"db" ; EOSQL echo fi @@ -132,8 +132,8 @@ if [ "$1" = 'postgres' ]; then else op='CREATE' fi - "${psql[@]}" --username postgres <<-EOSQL - $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; + "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL + $op USER :"user" WITH SUPERUSER $pass ; EOSQL echo diff --git a/9.3/docker-entrypoint.sh b/9.3/docker-entrypoint.sh index 41802e82c2..8a405b0c7b 100755 --- a/9.3/docker-entrypoint.sh +++ b/9.3/docker-entrypoint.sh @@ -81,7 +81,7 @@ if [ "$1" = 'postgres' ]; then # messes it up file_env 'POSTGRES_PASSWORD' if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD '$POSTGRES_PASSWORD'" + pass="PASSWORD :'pass'" authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -121,8 +121,8 @@ if [ "$1" = 'postgres' ]; then psql=( psql -v ON_ERROR_STOP=1 ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres <<-EOSQL - CREATE DATABASE "$POSTGRES_DB" ; + "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + CREATE DATABASE :"db" ; EOSQL echo fi @@ -132,8 +132,8 @@ if [ "$1" = 'postgres' ]; then else op='CREATE' fi - "${psql[@]}" --username postgres <<-EOSQL - $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; + "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL + $op USER :"user" WITH SUPERUSER $pass ; EOSQL echo diff --git a/9.4/alpine/docker-entrypoint.sh b/9.4/alpine/docker-entrypoint.sh index 4ab34909c7..3b8a7735f9 100755 --- a/9.4/alpine/docker-entrypoint.sh +++ b/9.4/alpine/docker-entrypoint.sh @@ -81,7 +81,7 @@ if [ "$1" = 'postgres' ]; then # messes it up file_env 'POSTGRES_PASSWORD' if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD '$POSTGRES_PASSWORD'" + pass="PASSWORD :'pass'" authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -121,8 +121,8 @@ if [ "$1" = 'postgres' ]; then psql=( psql -v ON_ERROR_STOP=1 ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres <<-EOSQL - CREATE DATABASE "$POSTGRES_DB" ; + "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + CREATE DATABASE :"db" ; EOSQL echo fi @@ -132,8 +132,8 @@ if [ "$1" = 'postgres' ]; then else op='CREATE' fi - "${psql[@]}" --username postgres <<-EOSQL - $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; + "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL + $op USER :"user" WITH SUPERUSER $pass ; EOSQL echo diff --git a/9.4/docker-entrypoint.sh b/9.4/docker-entrypoint.sh index 41802e82c2..8a405b0c7b 100755 --- a/9.4/docker-entrypoint.sh +++ b/9.4/docker-entrypoint.sh @@ -81,7 +81,7 @@ if [ "$1" = 'postgres' ]; then # messes it up file_env 'POSTGRES_PASSWORD' if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD '$POSTGRES_PASSWORD'" + pass="PASSWORD :'pass'" authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -121,8 +121,8 @@ if [ "$1" = 'postgres' ]; then psql=( psql -v ON_ERROR_STOP=1 ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres <<-EOSQL - CREATE DATABASE "$POSTGRES_DB" ; + "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + CREATE DATABASE :"db" ; EOSQL echo fi @@ -132,8 +132,8 @@ if [ "$1" = 'postgres' ]; then else op='CREATE' fi - "${psql[@]}" --username postgres <<-EOSQL - $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; + "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL + $op USER :"user" WITH SUPERUSER $pass ; EOSQL echo diff --git a/9.5/alpine/docker-entrypoint.sh b/9.5/alpine/docker-entrypoint.sh index 4ab34909c7..3b8a7735f9 100755 --- a/9.5/alpine/docker-entrypoint.sh +++ b/9.5/alpine/docker-entrypoint.sh @@ -81,7 +81,7 @@ if [ "$1" = 'postgres' ]; then # messes it up file_env 'POSTGRES_PASSWORD' if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD '$POSTGRES_PASSWORD'" + pass="PASSWORD :'pass'" authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -121,8 +121,8 @@ if [ "$1" = 'postgres' ]; then psql=( psql -v ON_ERROR_STOP=1 ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres <<-EOSQL - CREATE DATABASE "$POSTGRES_DB" ; + "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + CREATE DATABASE :"db" ; EOSQL echo fi @@ -132,8 +132,8 @@ if [ "$1" = 'postgres' ]; then else op='CREATE' fi - "${psql[@]}" --username postgres <<-EOSQL - $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; + "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL + $op USER :"user" WITH SUPERUSER $pass ; EOSQL echo diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index 41802e82c2..8a405b0c7b 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -81,7 +81,7 @@ if [ "$1" = 'postgres' ]; then # messes it up file_env 'POSTGRES_PASSWORD' if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD '$POSTGRES_PASSWORD'" + pass="PASSWORD :'pass'" authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -121,8 +121,8 @@ if [ "$1" = 'postgres' ]; then psql=( psql -v ON_ERROR_STOP=1 ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres <<-EOSQL - CREATE DATABASE "$POSTGRES_DB" ; + "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + CREATE DATABASE :"db" ; EOSQL echo fi @@ -132,8 +132,8 @@ if [ "$1" = 'postgres' ]; then else op='CREATE' fi - "${psql[@]}" --username postgres <<-EOSQL - $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; + "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL + $op USER :"user" WITH SUPERUSER $pass ; EOSQL echo diff --git a/9.6/alpine/docker-entrypoint.sh b/9.6/alpine/docker-entrypoint.sh index 4ab34909c7..3b8a7735f9 100755 --- a/9.6/alpine/docker-entrypoint.sh +++ b/9.6/alpine/docker-entrypoint.sh @@ -81,7 +81,7 @@ if [ "$1" = 'postgres' ]; then # messes it up file_env 'POSTGRES_PASSWORD' if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD '$POSTGRES_PASSWORD'" + pass="PASSWORD :'pass'" authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -121,8 +121,8 @@ if [ "$1" = 'postgres' ]; then psql=( psql -v ON_ERROR_STOP=1 ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres <<-EOSQL - CREATE DATABASE "$POSTGRES_DB" ; + "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + CREATE DATABASE :"db" ; EOSQL echo fi @@ -132,8 +132,8 @@ if [ "$1" = 'postgres' ]; then else op='CREATE' fi - "${psql[@]}" --username postgres <<-EOSQL - $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; + "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL + $op USER :"user" WITH SUPERUSER $pass ; EOSQL echo diff --git a/9.6/docker-entrypoint.sh b/9.6/docker-entrypoint.sh index 41802e82c2..8a405b0c7b 100755 --- a/9.6/docker-entrypoint.sh +++ b/9.6/docker-entrypoint.sh @@ -81,7 +81,7 @@ if [ "$1" = 'postgres' ]; then # messes it up file_env 'POSTGRES_PASSWORD' if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD '$POSTGRES_PASSWORD'" + pass="PASSWORD :'pass'" authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -121,8 +121,8 @@ if [ "$1" = 'postgres' ]; then psql=( psql -v ON_ERROR_STOP=1 ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres <<-EOSQL - CREATE DATABASE "$POSTGRES_DB" ; + "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + CREATE DATABASE :"db" ; EOSQL echo fi @@ -132,8 +132,8 @@ if [ "$1" = 'postgres' ]; then else op='CREATE' fi - "${psql[@]}" --username postgres <<-EOSQL - $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; + "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL + $op USER :"user" WITH SUPERUSER $pass ; EOSQL echo diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index dafe66000f..4ef90d3ef9 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -81,7 +81,7 @@ if [ "$1" = 'postgres' ]; then # messes it up file_env 'POSTGRES_PASSWORD' if [ "$POSTGRES_PASSWORD" ]; then - pass="PASSWORD '$POSTGRES_PASSWORD'" + pass="PASSWORD :'pass'" authMethod=md5 else # The - option suppresses leading tabs but *not* spaces. :) @@ -121,8 +121,8 @@ if [ "$1" = 'postgres' ]; then psql=( psql -v ON_ERROR_STOP=1 ) if [ "$POSTGRES_DB" != 'postgres' ]; then - "${psql[@]}" --username postgres <<-EOSQL - CREATE DATABASE "$POSTGRES_DB" ; + "${psql[@]}" --username postgres --set db="$POSTGRES_DB" <<-'EOSQL' + CREATE DATABASE :"db" ; EOSQL echo fi @@ -132,8 +132,8 @@ if [ "$1" = 'postgres' ]; then else op='CREATE' fi - "${psql[@]}" --username postgres <<-EOSQL - $op USER "$POSTGRES_USER" WITH SUPERUSER $pass ; + "${psql[@]}" --username postgres --set user="$POSTGRES_USER" --set pass="$POSTGRES_PASSWORD" <<-EOSQL + $op USER :"user" WITH SUPERUSER $pass ; EOSQL echo