Embedded PostgreSQL Server
julianladisch and smecsia Security update 10.5, 9.6.10, 9.5.14 - CVE-2018-10915, CVE-2018-10925 (
…#138)

This PostgreSQL release fixes two security issues as well as bugs reported over the last three months.

* CVE-2018-10915: Certain host connection parameters defeat client-side security defenses
* CVE-2018-10925: Memory disclosure and missing authorization in INSERT ... ON CONFLICT DO UPDATE

Full PostgreSQL release note: https://www.postgresql.org/about/news/1878/
Latest commit d0a65e6 Aug 14, 2018

README.md

Embedded PostgreSQL Server

Maven Central Build status Windows build status

Embedded PostgreSQL server provides a platform neutral way for running postgres binaries in unittests. This library is based on Flapdoodle OSS's embed process.

Motivation

  • It's much easier than installing specific version manually
  • You can choose the version right from the code
  • You can start your development environment with the PostgreSQL embedded with the single command

Maven

Add the following dependency to your pom.xml:

<dependency>
    <groupId>ru.yandex.qatools.embed</groupId>
    <artifactId>postgresql-embedded</artifactId>
    <version>2.10</version>
</dependency>

Gradle

Add a line to build.gradle:

compile 'ru.yandex.qatools.embed:postgresql-embedded:2.10'

Howto

Here is the example of how to launch and use the embedded PostgreSQL instance

// starting Postgres
final EmbeddedPostgres postgres = new EmbeddedPostgres(V9_6);
// predefined data directory
// final EmbeddedPostgres postgres = new EmbeddedPostgres(V9_6, "/path/to/predefined/data/directory");
final String url = postgres.start("localhost", 5432, "dbName", "userName", "password");

// connecting to a running Postgres and feeding up the database
final Connection conn = DriverManager.getConnection(url);
conn.createStatement().execute("CREATE TABLE films (code char(5));");
conn.createStatement().execute("INSERT INTO films VALUES ('movie');");

// ... or you can execute SQL files...
//postgres.getProcess().importFromFile(new File("someFile.sql"))
// ... or even SQL files with PSQL variables in them...
//postgres.getProcess().importFromFileWithArgs(new File("someFile.sql"), "-v", "tblName=someTable")
// ... or even restore database from dump file
//postgres.getProcess().restoreFromFile(new File("src/test/resources/test.binary_dump"))

// performing some assertions
final Statement statement = conn.createStatement();
assertThat(statement.execute("SELECT * FROM films;"), is(true));
assertThat(statement.getResultSet().next(), is(true));
assertThat(statement.getResultSet().getString("code"), is("movie"));

// close db connection
conn.close();
// stop Postgres
postgres.stop();

Note that EmbeddedPostgres implements java.lang.AutoCloseable, which means that you can use it with a try-with-resources statement (in Java >= 7) to have it automatically stopped.

How to avoid archive extraction on every run

You can specify the cached artifact store to avoid archives downloading and extraction (in case if a directory remains on every run).

final EmbeddedPostgres postgres = new EmbeddedPostgres();
postgres.start(cachedRuntimeConfig("/path/to/my/extracted/postgres"));

How to configure logging

Just configure your own slf4j appenders. Here is the example of typical src/test/resources/log4j.properties file:

# suppress inspection "UnusedProperty" for whole file
log4j.rootLogger=DEBUG, stdout

# reduce logging for postgresql-embedded
log4j.logger.ru.yandex.qatools.embed=INFO
log4j.logger.de.flapdoodle.embed=INFO

# Direct log messages to stdout
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.Target=System.out
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n
log4j.throwableRenderer=org.apache.log4j.EnhancedThrowableRenderer

How to use your custom version of PostgreSQL

Pass the required IVersion interface implementation as a first argument of the EmbeddedPostgres object:

final EmbeddedPostgres postgres = new EmbeddedPostgres(() -> (IS_OS_WINDOWS) ? "9.6.2-2" : "9.6.2-1");

Known issues

  • A lot of issues have been reported for this library under Windows. Please try to use the suggested way of start up and use the cached artifact storage (to avoid extraction of the archive as extraction is extremely slow under Windows):
postgres.start(cachedRuntimeConfig("C:\\Users\\vasya\\pgembedded-installation"));
  • PostgreSQL server is known to not start under the privileged user (which means you cannot start it under root/Administrator of your system):

initdb must be run as the user that will own the server process, because the server needs to have access to the files and directories that initdb creates. Since the server cannot be run as root, you must not run initdb as root either. (It will in fact refuse to do so.) (link).

However some users have launched it successfully on Windows under Administrator, so you can try anyway.

Supported Versions

Versions: 10.5, 9.6.10, 9.5.14, any custom

Platforms: Linux, Windows and MacOSX supported