pgadmin-org
/
pgadmin4
mirror of https://github.com/pgadmin-org/pgadmin4.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix an issue in the register server when setting the role, an arbitrary SQL query can be fired. #6253

pull/6256/head
Khushboo Vashi 2023-05-08 11:40:53 +05:30 committed by GitHub
parent d8e00e6586
commit af1c70f192
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
web/pgadmin/utils/driver/psycopg3/connection.py
View File

@ -420,6 +420,7 @@ class Connection(BaseConnection):
"""
is_set_role = False
role = None
status = None
if 'role' in kwargs and kwargs['role']:
is_set_role = True
@ -429,7 +430,16 @@ class Connection(BaseConnection):
role = manager.role
if is_set_role:
status = self._execute(cur, "SET ROLE TO {0}".format(role))
_query = "SELECT usename from pg_user WHERE usename = '{0}'" \
"".format(role)
_status, res = self.execute_scalar(_query)
if res:
status = self._execute(cur, "SET ROLE TO {0}".format(role))
else:
# If role is not found then set the status to role
# for showing the proper error message
status = role
if status is not None:
self.conn.close()
@ -437,7 +447,7 @@ class Connection(BaseConnection):
current_app.logger.error(
"Connect to the database server (#{server_id}) for "
"connection ({conn_id}), but - failed to setup the role "
"with error message as below:{msg}".format(
" {msg}".format(
server_id=self.manager.sid,
conn_id=conn_id,
msg=status
@ -445,7 +455,7 @@ class Connection(BaseConnection):
)
return True, \
_(
"Failed to setup the role with error message:\n{0}"
"Failed to setup the role \n{0}"
).format(status)
return False, ''