From 9b455fe6f0e5d21e8c428da5bdba7d0f3162aef7 Mon Sep 17 00:00:00 2001 From: bogdanvlviv Date: Tue, 28 Aug 2018 09:20:18 +0300 Subject: Prevent leaking of user's DB credentials on `rails db:create` failure Issue #27852 reports that when `rails db:create` fails, it causes leaking of user's DB credentials to $stderr. We print a DB's configuration hash in order to help users more quickly to figure out what could be wrong with his configuration. This commit changes message from "Couldn't create database for #{configuration.inspect}" to "Couldn't create '#{configuration['database']}' database. Please check your configuration.". There are two PRs that fixing it #27878, #27879, but they need a bit more work. I decided help to finish this and added Author of those PRs credit in this commit. Since it is a security issue, I think we should backport it to `5-2-stable`, and `5-1-stable`. Guided by https://edgeguides.rubyonrails.org/maintenance_policy.html#security-issues Fixes #27852 Closes #27879 Related to #27878 [Alexander Marrs & bogdanvlviv] --- railties/test/application/rake/dbs_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'railties/test') diff --git a/railties/test/application/rake/dbs_test.rb b/railties/test/application/rake/dbs_test.rb index 0594236b1f..56423356bb 100644 --- a/railties/test/application/rake/dbs_test.rb +++ b/railties/test/application/rake/dbs_test.rb @@ -93,7 +93,7 @@ module ApplicationTests test "db:create failure because bad permissions" do with_bad_permissions do output = rails("db:create", allow_failure: true) - assert_match(/Couldn't create database/, output) + assert_match("Couldn't create '#{database_url_db_name}' database. Please check your configuration.", output) assert_equal 1, $?.exitstatus end end -- cgit v1.2.3