From ae8c9707ddeb133f949e6a1efea99064a520ac7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nils=20Norman=20Hauk=C3=A5s?= Date: Tue, 9 Sep 2014 10:20:47 +0200 Subject: [PATCH 1/3] make sure that database password gets escaped properly to avoid confusing bash. --- tasks/lib/util.js | 6 +++++- test/deployments_test.js | 6 +++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/tasks/lib/util.js b/tasks/lib/util.js index 41ddb72..2386b66 100644 --- a/tasks/lib/util.js +++ b/tasks/lib/util.js @@ -138,10 +138,14 @@ exports.init = function (grunt) { /* Commands generators */ exports.mysqldump_cmd = function(config) { + function escape (str) { + return str.replace(/(\(|\))/g, "\\$1"); + } + var cmd = grunt.template.process(tpls.mysqldump, { data: { user: config.user, - pass: config.pass, + pass: escape(config.pass), database: config.database, host: config.host } diff --git a/test/deployments_test.js b/test/deployments_test.js index 8036dec..22320c9 100644 --- a/test/deployments_test.js +++ b/test/deployments_test.js @@ -108,18 +108,18 @@ module.exports = { var config = { user: 'john', - pass: 'pass', + pass: "pas(s))", database: 'test', host: 'localhost' }; var cmd1 = util.mysqldump_cmd(config); - test.equal(cmd1, "mysqldump -h localhost -ujohn -ppass test", 'Local mysqldump command.'); + test.equal(cmd1, "mysqldump -h localhost -ujohn -ppas\\(s\\)\\) test", 'Local mysqldump command.'); config.ssh_host = '127.0.0.1'; var cmd2 = util.mysqldump_cmd(config); - test.equal(cmd2, "ssh 127.0.0.1 'mysqldump -h localhost -ujohn -ppass test'", 'SSH remote mysqldump command.'); + test.equal(cmd2, "ssh 127.0.0.1 'mysqldump -h localhost -ujohn -ppas\\(s\\)\\) test'", 'SSH remote mysqldump command.'); test.done(); }, From 61f3415defa4452b5a0d4a3bb7cd5dfe78fed7ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nils=20Norman=20Hauk=C3=A5s?= Date: Tue, 9 Sep 2014 10:54:40 +0200 Subject: [PATCH 2/3] escape password when uploading database to server. --- tasks/lib/util.js | 9 +++++---- test/deployments_test.js | 6 +++--- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/tasks/lib/util.js b/tasks/lib/util.js index 2386b66..bdcad03 100644 --- a/tasks/lib/util.js +++ b/tasks/lib/util.js @@ -136,11 +136,12 @@ exports.init = function (grunt) { return string.replace(regexp, replace); }; + function escape (str) { + return str.replace(/(\(|\))/g, "\\$1"); + } + /* Commands generators */ exports.mysqldump_cmd = function(config) { - function escape (str) { - return str.replace(/(\(|\))/g, "\\$1"); - } var cmd = grunt.template.process(tpls.mysqldump, { data: { @@ -171,7 +172,7 @@ exports.init = function (grunt) { data: { host: config.host, user: config.user, - pass: config.pass, + pass: escape(config.pass), database: config.database, path: src } diff --git a/test/deployments_test.js b/test/deployments_test.js index 22320c9..dfde3ac 100644 --- a/test/deployments_test.js +++ b/test/deployments_test.js @@ -129,19 +129,19 @@ module.exports = { var config = { host: 'localhost', user: 'john', - pass: 'pass', + pass: 'pas(s))', database: 'test', }; var src = '/aaa/bbb'; var cmd1 = util.mysql_cmd(config, src); - test.equal(cmd1, "mysql -h localhost -u john -ppass test < /aaa/bbb", 'Local Mysql import command.'); + test.equal(cmd1, "mysql -h localhost -u john -ppas\\(s\\)\\) test < /aaa/bbb", 'Local Mysql import command.'); config.ssh_host = '127.0.0.1'; var cmd2 = util.mysql_cmd(config, src); - test.equal(cmd2, "ssh 127.0.0.1 'mysql -h localhost -u john -ppass test' < /aaa/bbb", 'Remote Mysql import command.'); + test.equal(cmd2, "ssh 127.0.0.1 'mysql -h localhost -u john -ppas\\(s\\)\\) test' < /aaa/bbb", 'Remote Mysql import command.'); test.done(); }, From 72756cfc66e3b10d88cf9c6434597455f57e6746 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nils=20Norman=20Hauk=C3=A5s?= Date: Wed, 12 Nov 2014 19:34:50 +0100 Subject: [PATCH 3/3] The db.adapt() function now also strips away password warnings from the db dump so that it will be able to import it. Added test for it. --- tasks/lib/util.js | 8 ++++++++ test/deployments_test.js | 11 +++++++++++ 2 files changed, 19 insertions(+) diff --git a/tasks/lib/util.js b/tasks/lib/util.js index bdcad03..3a6be23 100644 --- a/tasks/lib/util.js +++ b/tasks/lib/util.js @@ -87,6 +87,7 @@ exports.init = function (grunt) { var content = grunt.file.read(file); var output = exports.replace_urls(old_url, new_url, content); + output = exports.remove_password_warning(output); grunt.file.write(file, output); }; @@ -136,6 +137,13 @@ exports.init = function (grunt) { return string.replace(regexp, replace); }; + exports.remove_password_warning = function (string) { + var splitStr = string.split("\n"); + if (splitStr[0].indexOf("Warning: Using a password on the command line interface can be insecure.") != -1) { + return splitStr.slice(1).join("\n"); + } else {return string}; + }; + function escape (str) { return str.replace(/(\(|\))/g, "\\$1"); } diff --git a/test/deployments_test.js b/test/deployments_test.js index dfde3ac..9288f5e 100644 --- a/test/deployments_test.js +++ b/test/deployments_test.js @@ -103,6 +103,17 @@ module.exports = { test.done(); }, + remove_password_warning: function(test) { + test.expect(1); + var warningStr = "Warning: Using a password on the command line interface can be insecure." + "\n" + + "-- MySQL dump 10.13 Distrib 5.6.17, for Linux (x86_64)" + "\n" + + "yet another test string"; + test.equal(util.remove_password_warning(warningStr), + "-- MySQL dump 10.13 Distrib 5.6.17, for Linux (x86_64)" + "\n" + + "yet another test string"); + test.done(); + }, + mysqldump_cmd: function(test) { test.expect(2);