Skip to content
Permalink
Browse files

Fix insecure SQL queries in mysql.user_chpass

  • Loading branch information...
ShantonRU committed Jan 28, 2019
1 parent 43a9d2f commit a46c86a987c78e74e87969d8d3b27094e6544b7a
Showing with 10 additions and 11 deletions.
  1. +5 −10 salt/modules/mysql.py
  2. +5 −1 tests/unit/modules/test_mysql.py
@@ -1533,23 +1533,18 @@ def user_chpass(user,
password_column = __password_column(**connection_args)

cur = dbc.cursor()
args['user'] = user
args['host'] = host
if salt.utils.versions.version_cmp(server_version, '8.0.11') >= 0:
qry = ("ALTER USER '" + user + "'@'" + host + "'"
" IDENTIFIED BY '" + password + "';")
args = {}
qry = "ALTER USER %(user)s@%(host)s IDENTIFIED BY %(password)s;"
else:
qry = ('UPDATE mysql.user SET ' + password_column + '='
+ password_sql +
qry = ('UPDATE mysql.user SET ' + password_column + '=' + password_sql +
' WHERE User=%(user)s AND Host = %(host)s;')
args['user'] = user
args['host'] = host
if salt.utils.data.is_true(allow_passwordless) and \
salt.utils.data.is_true(unix_socket):
if host == 'localhost':
if salt.utils.versions.version_cmp(server_version, '8.0.11') >= 0:
qry = ("ALTER USER '" + user + "'@'" + host + "'"
" IDENTIFIED BY '" + password + "';")
args = {}
qry = "ALTER USER %(user)s@%(host)s IDENTIFIED BY %(password)s;"
else:
qry = ('UPDATE mysql.user SET ' + password_column + '='
+ password_sql + ', plugin=%(unix_socket)s' +
@@ -187,7 +187,11 @@ def test_user_chpass(self):
mysql.user_chpass('testuser', password='BLUECOW')
calls = (
call().cursor().execute(
"ALTER USER 'testuser'@'localhost' IDENTIFIED BY 'BLUECOW';"
"ALTER USER %(user)s@%(host)s IDENTIFIED BY %(password)s;",
{'password': 'BLUECOW',
'user': 'testuser',
'host': 'localhost',
}
),
call().cursor().execute('FLUSH PRIVILEGES;'),
)

0 comments on commit a46c86a

Please sign in to comment.
You can’t perform that action at this time.