CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-06-13 05:39:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix init-users.sh password escaping for special characters

Browse Source 
Use format() with %L for SQL literal escaping instead of raw
string interpolation. Also ALTER ROLE if user already exists
to keep password in sync with pillar.
This commit is contained in:
Mike Reeves
2026-04-09 21:52:20 -04:00
parent 55be1f1119
commit da1045e052
1 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/postgres/files/init-users.sh
+7 -4
View File
@@ -1,13 +1,16 @@
#!/bin/bash #!/bin/bash
set -e set -e
# Create application user for SOC platform access # Create or update application user for SOC platform access
# This script runs on first database initialization only # This script runs on first database initialization via docker-entrypoint-initdb.d
# The password is properly escaped to handle special characters
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
DO \$\$ DO \$\$
BEGIN BEGIN
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = '$SO_POSTGRES_USER') THEN IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = '${SO_POSTGRES_USER}') THEN
CREATE ROLE "$SO_POSTGRES_USER" WITH LOGIN PASSWORD '$SO_POSTGRES_PASS'; EXECUTE format('CREATE ROLE %I WITH LOGIN PASSWORD %L', '${SO_POSTGRES_USER}', '${SO_POSTGRES_PASS}');
ELSE
EXECUTE format('ALTER ROLE %I WITH PASSWORD %L', '${SO_POSTGRES_USER}', '${SO_POSTGRES_PASS}');
END IF; END IF;
END END
\$\$; \$\$;