Skip to content

fix: do not leak pg password to command line #560

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 11, 2025
Merged

fix: do not leak pg password to command line #560

merged 2 commits into from
Jun 11, 2025

Conversation

liambuchanan
Copy link
Contributor

@liambuchanan liambuchanan commented Jun 11, 2025
edited
Loading

Description

Ensure that postgresql password is not included in command line params and is instead passed via the PGPASSWORD env var.

Notes

  • We noticed this when we had a backup fail and the email sent to settings.ADMINS included the full database password
  • I've tried to do this in a way that results in the smallest changeset possible
  • I initially tried to use django.db.backends.postgresql.client.DatabaseClient.settings_to_cmd_args_env but it generates params that are not compatible with pg_restore

Checklist

Please update this checklist as you complete each item:

  • Tests have been developed for bug fixes or new functionality.
  • The changelog has been updated, if necessary.
  • Documentation has been updated, if necessary.
  • GitHub Issues closed by this PR have been linked.

By submitting this pull request I agree that all contributions comply with this project's open source license(s).

@liambuchanan
Copy link
Contributor Author

#384

@codecov Codecov
Copy link

codecov bot commented Jun 11, 2025

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 91.52%. Comparing base (8f1307e) to head (893ad7d).
Report is 28 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master     #560      +/-   ##
==========================================
+ Coverage   91.40%   91.52%   +0.11%     
==========================================
  Files          19       19              
  Lines         873      932      +59     
  Branches      157      161       +4     
==========================================
+ Hits          798      853      +55     
- Misses         40       43       +3     
- Partials       35       36       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@Archmonger
Copy link
Owner

There appears to be a draft PR that is related: #385

Can you voice your opinion on this other implementation?

@liambuchanan
Copy link
Contributor Author

Looks like it'd probably be fine but I haven't tried/tested it. imo advantages of this PR are:

  1. makes minimal viable code change
  2. adds tests for new functionality
  3. ensures all existing tests pass
  4. I've end-to-end tested locally
  5. it's based on the most recent commit in the repo

Archmonger
Archmonger requested changes Jun 11, 2025
View reviewed changes
Copy link
Owner

@Archmonger Archmonger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can be merged after adding a changelog entry.

@liambuchanan liambuchanan requested a review from Archmonger June 11, 2025 13:04
@Archmonger Archmonger merged commit 21aa05c into Archmonger:master Jun 11, 2025
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Archmonger Archmonger Archmonger approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@liambuchanan @Archmonger