database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-06-01 14:21:49 +03:00
Code

Refactor test_escape.c for additional ways of testing.

Browse Source 
Start the file with static functions not specific to pe_test_vectors
tests.  This way, new tests can use them without disrupting the file's
layout.  Change report_result() PQExpBuffer arguments to plain strings.
Back-patch to v13 (all supported versions), for the next commit.

Reviewed-by: Masahiko Sawada <sawada.mshk@gmail.com>
Backpatch-through: 13
Security: CVE-2025-4207
This commit is contained in:
Noah Misch 2025-05-05 04:52:04 -07:00
parent 18c4fff640
commit 5be213caaa
1 changed files with 82 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

162
src/test/modules/test_escape/test_escape.c
View File

@ -31,6 +31,8 @@ typedef struct pe_test_config
int failure_count;
} pe_test_config;
#define NEVER_ACCESS_STR "\xff never-to-be-touched"
/*
* An escape function to be tested by this test.
@ -86,6 +88,82 @@ static const PsqlScanCallbacks test_scan_callbacks = {
};
/*
* Print the string into buf, making characters outside of plain ascii
* somewhat easier to recognize.
*
* The output format could stand to be improved significantly, it's not at all
* unambiguous.
*/
static void
escapify(PQExpBuffer buf, const char *str, size_t len)
{
for (size_t i = 0; i < len; i++)
{
char c = *str;
if (c == '\n')
appendPQExpBufferStr(buf, "\\n");
else if (c == '\0')
appendPQExpBufferStr(buf, "\\0");
else if (c < ' ' || c > '~')
appendPQExpBuffer(buf, "\\x%2x", (uint8_t) c);
else
appendPQExpBufferChar(buf, c);
str++;
}
}
static void
report_result(pe_test_config *tc,
bool success,
const char *testname,
const char *details,
const char *subname,
const char *resultdesc)
{
int test_id = ++tc->test_count;
bool print_details = true;
bool print_result = true;
if (success)
{
if (tc->verbosity <= 0)
print_details = false;
if (tc->verbosity < 0)
print_result = false;
}
else
tc->failure_count++;
if (print_details)
printf("%s", details);
if (print_result)
printf("%s %d - %s: %s: %s\n",
success ? "ok" : "not ok",
test_id, testname,
subname,
resultdesc);
}
/*
* Return true for encodings in which bytes in a multi-byte character look
* like valid ascii characters.
*/
static bool
encoding_conflicts_ascii(int encoding)
{
/*
* We don't store this property directly anywhere, but whether an encoding
* is a client-only encoding is a good proxy.
*/
if (encoding > PG_ENCODING_BE_LAST)
return true;
return false;
}
static bool
escape_literal(PGconn *conn, PQExpBuffer target,
const char *unescaped, size_t unescaped_len,
@ -380,81 +458,6 @@ static pe_test_vector pe_test_vectors[] =
};
/*
* Print the string into buf, making characters outside of plain ascii
* somewhat easier to recognize.
*
* The output format could stand to be improved significantly, it's not at all
* unambiguous.
*/
static void
escapify(PQExpBuffer buf, const char *str, size_t len)
{
for (size_t i = 0; i < len; i++)
{
char c = *str;
if (c == '\n')
appendPQExpBufferStr(buf, "\\n");
else if (c == '\0')
appendPQExpBufferStr(buf, "\\0");
else if (c < ' ' || c > '~')
appendPQExpBuffer(buf, "\\x%2x", (uint8_t) c);
else
appendPQExpBufferChar(buf, c);
str++;
}
}
static void
report_result(pe_test_config *tc,
bool success,
PQExpBuffer testname,
PQExpBuffer details,
const char *subname,
const char *resultdesc)
{
int test_id = ++tc->test_count;
bool print_details = true;
bool print_result = true;
if (success)
{
if (tc->verbosity <= 0)
print_details = false;
if (tc->verbosity < 0)
print_result = false;
}
else
tc->failure_count++;
if (print_details)
printf("%s", details->data);
if (print_result)
printf("%s %d - %s: %s: %s\n",
success ? "ok" : "not ok",
test_id, testname->data,
subname,
resultdesc);
}
/*
* Return true for encodings in which bytes in a multi-byte character look
* like valid ascii characters.
*/
static bool
encoding_conflicts_ascii(int encoding)
{
/*
* We don't store this property directly anywhere, but whether an encoding
* is a client-only encoding is a good proxy.
*/
if (encoding > PG_ENCODING_BE_LAST)
return true;
return false;
}
static const char *
scan_res_s(PsqlScanResult res)
{
@ -529,7 +532,7 @@ test_psql_parse(pe_test_config *tc, PQExpBuffer testname,
else
resdesc = "ok";
report_result(tc, !test_fails, testname, details,
report_result(tc, !test_fails, testname->data, details->data,
"psql parse",
resdesc);
}
@ -614,7 +617,6 @@ test_one_vector_escape(pe_test_config *tc, const pe_test_vector *tv, const pe_te
*/
appendBinaryPQExpBuffer(raw_buf, tv->escape, tv->escape_len);
#define NEVER_ACCESS_STR "\xff never-to-be-touched"
if (ef->supports_input_length)
{
/*
@ -668,7 +670,7 @@ test_one_vector_escape(pe_test_config *tc, const pe_test_vector *tv, const pe_te
* here, but that's not available everywhere.
*/
contains_never = strstr(escape_buf->data, NEVER_ACCESS_STR) == NULL;
report_result(tc, contains_never, testname, details,
report_result(tc, contains_never, testname->data, details->data,
"escaped data beyond end of input",
contains_never ? "no" : "all secrets revealed");
}
@ -711,7 +713,7 @@ test_one_vector_escape(pe_test_config *tc, const pe_test_vector *tv, const pe_te
resdesc = "valid input failed to escape, due to zero byte";
}
report_result(tc, ok, testname, details,
report_result(tc, ok, testname->data, details->data,
"input validity vs escape success",
resdesc);
}
@ -741,7 +743,7 @@ test_one_vector_escape(pe_test_config *tc, const pe_test_vector *tv, const pe_te
resdesc = "invalid input produced valid output";
}
report_result(tc, ok, testname, details,
report_result(tc, ok, testname->data, details->data,
"input and escaped encoding validity",
resdesc);
}