Launchpad itself

Merge ~wgrant/launchpad:security.py-numeric-usernames into launchpad:master

  1. Git
  2. lp:~wgrant/launchpad
  3. security.py-numeric-usernames
  4. Merge into master
Proposed by William Grant
Status: Merged
Approved by: William Grant
Approved revision: 5bd94e80d86ee59161202f7c2f11b5b2aa54f7f0
Merge reported by: Otto Co-Pilot
Merged at revision: not available
Proposed branch: ~wgrant/launchpad:security.py-numeric-usernames
Merge into: launchpad:master
Diff against target: 14 lines (+4/-1)
1 file modified
database/schema/security.py (+4/-1)
Reviewer Review Type Date Requested Status
Colin Watson (community) Approve
Review via email: mp+380297@code.launchpad.net

Commit message

Fix security.py to not crash on a role name with digits

Description of the change

PostgreSQL's aclitem putid emits role names unquoted in safe cases, but
security.py's regex didn't use the same safe set so failed to parse
ACLs involving usernames like "abc123".

To post a comment you must log in.
Revision history for this message
Colin Watson (cjwatson) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/database/schema/security.py b/database/schema/security.py
2index 4e0c917..967790d 100755
3--- a/database/schema/security.py
4+++ b/database/schema/security.py
5@@ -49,7 +49,10 @@ POSTGRES_ACL_MAP = {
6 'T': 'TEMPORARY',
7 }
8
9-QUOTED_STRING_RE = '(?:([a-z_]+)|"([^"]*(?:""[^"]*)*)")?'
10+# PostgreSQL's putid emits an unquoted string if every character in the role
11+# name isalnum or is _. Otherwise the name is enclosed in double quotes, and
12+# any embedded double quotes are doubled.
13+QUOTED_STRING_RE = '(?:([A-Za-z0-9_]+)|"([^"]*(?:""[^"]*)*)")?'
14 ACLITEM_RE = re.compile('^%(qs)s=([\w*]*)/%(qs)s$' % {'qs': QUOTED_STRING_RE})
15
16

Subscribers

People subscribed via source and target branches

to status/vote changes: