Skip to content

Commit 1494412

Browse files
igalicigalic
committed
Merge pull request #588 from maxenced/fix-mysql-user-allowed-char
Improve checks for MySQL user's name.
2 parents d9e5c95 + cdd7132 commit 1494412

File tree

2 files changed

+23
-2
lines changed

2 files changed

+23
-2
lines changed

lib/puppet/type/mysql_user.rb

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,9 +9,13 @@
99
newparam(:name, :namevar => true) do
1010
desc "The name of the user. This uses the 'username@hostname' or username@hostname."
1111
validate do |value|
12-
# https://dev.mysql.com/doc/refman/5.1/en/account-names.html
12+
# http://dev.mysql.com/doc/refman/5.5/en/identifiers.html
1313
# Regex should problably be more like this: /^[`'"]?[^`'"]*[`'"]?@[`'"]?[\w%\.]+[`'"]?$/
14-
raise(ArgumentError, "Invalid database user #{value}") unless value =~ /[\w-]*@[\w%\.:]+/
14+
# If at least one special char is used, string must be quoted
15+
raise(ArgumentError, "Database user #{value} must be quotted as it contains special characters") if value =~ /^[^'`"].*[^0-9a-zA-Z$_].*[^'`"]@[\w%\.:]+/
16+
# If no special char, quoted is not needed, but allowed
17+
# I don't see any case where this could happen, as it should be covered by previous check
18+
raise(ArgumentError, "Invalid database user #{value}") unless value =~ /^['`"]?[0-9a-zA-Z$_]*['`"]?@[\w%\.:]+/
1519
username = value.split('@')[0]
1620
if username.size > 16
1721
raise ArgumentError, 'MySQL usernames are limited to a maximum of 16 characters'

spec/unit/puppet/type/mysql_user_spec.rb

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,23 @@
3737
it 'should lowercase the user name' do
3838
expect(@user[:name]).to eq('foo@localhost')
3939
end
40+
end
4041

42+
context 'using allo_wed$char@localhost' do
43+
before :each do
44+
@user = Puppet::Type.type(:mysql_user).new(:name => 'allo_wed$char@localhost', :password_hash => 'pass')
45+
end
46+
47+
it 'should accept a user name' do
48+
expect(@user[:name]).to eq('allo_wed$char@localhost')
49+
end
50+
end
51+
52+
context 'using in-valid@localhost' do
53+
it 'should fail with an unquotted username with special char' do
54+
expect {
55+
Puppet::Type.type(:mysql_user).new(:name => 'in-valid@localhost', :password_hash => 'pass')
56+
}.to raise_error /Database user in-valid@localhost must be quotted/
57+
end
4158
end
4259
end

0 commit comments

Comments
 (0)