You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@brooklyn.apache.org by he...@apache.org on 2015/08/18 13:06:01 UTC

[03/24] incubator-brooklyn git commit: escape user input to sql

escape user input to sql


Project: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/commit/ac82d23e
Tree: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/tree/ac82d23e
Diff: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/diff/ac82d23e

Branch: refs/heads/master
Commit: ac82d23e49cdeb0ecbb3e77872bb26c0322c02d9
Parents: 9458e15
Author: Robert Moss <ro...@gmail.com>
Authored: Mon Aug 17 14:54:43 2015 +0100
Committer: Robert Moss <ro...@gmail.com>
Committed: Mon Aug 17 14:54:43 2015 +0100

----------------------------------------------------------------------
 .../entity/database/postgresql/PostgreSqlSshDriver.java      | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/ac82d23e/software/database/src/main/java/brooklyn/entity/database/postgresql/PostgreSqlSshDriver.java
----------------------------------------------------------------------
diff --git a/software/database/src/main/java/brooklyn/entity/database/postgresql/PostgreSqlSshDriver.java b/software/database/src/main/java/brooklyn/entity/database/postgresql/PostgreSqlSshDriver.java
index 18dc9a4..0242af1 100644
--- a/software/database/src/main/java/brooklyn/entity/database/postgresql/PostgreSqlSshDriver.java
+++ b/software/database/src/main/java/brooklyn/entity/database/postgresql/PostgreSqlSshDriver.java
@@ -62,6 +62,7 @@ import brooklyn.util.task.ssh.SshTasks;
 import brooklyn.util.task.ssh.SshTasks.OnFailingTask;
 import brooklyn.util.task.system.ProcessTaskWrapper;
 import brooklyn.util.text.Identifiers;
+import brooklyn.util.text.StringEscapes;
 import brooklyn.util.text.StringFunctions;
 import brooklyn.util.text.Strings;
 
@@ -297,12 +298,13 @@ public class PostgreSqlSshDriver extends AbstractSoftwareProcessSshDriver implem
         DynamicTasks.waitForLast();
         String createUserCommand = String.format(
                 "\"CREATE USER %s WITH PASSWORD '%s'; \"",
-                entity.getConfig(PostgreSqlNode.USERNAME), getUserPassword()
+                StringEscapes.escapeSql(entity.getConfig(PostgreSqlNode.USERNAME)), 
+                StringEscapes.escapeSql(getUserPassword())
         );
         String createDatabaseCommand = String.format(
                 "\"CREATE DATABASE %s OWNER %s\"",
-                entity.getConfig(PostgreSqlNode.DATABASE),
-                entity.getConfig(PostgreSqlNode.USERNAME));
+                StringEscapes.escapeSql(entity.getConfig(PostgreSqlNode.DATABASE)),
+                StringEscapes.escapeSql(entity.getConfig(PostgreSqlNode.USERNAME)));
         newScript("initializing user and database")
         .body.append(
                 "cd " + getInstallDir(),