Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: brianc/node-postgres
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: pg@8.4.1
Choose a base ref
...
head repository: brianc/node-postgres
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: pg@8.4.2
Choose a head ref
  • 4 commits
  • 8 files changed
  • 3 contributors

Commits on Oct 20, 2020

  1. Security: simplify defineProperty non-enumerables 

    * `password` already has this set, but was a little long considering we only want to override default of one property
* `ssl.key` was showing up in tracebacks
    @Lewiscowles1986 @brianc
    Lewiscowles1986 authored and brianc committed Oct 20, 2020
    Copy the full SHA
    fd2c356 View commit details

  2. Tests

    @Lewiscowles1986 @brianc
    Lewiscowles1986 authored and brianc committed Oct 20, 2020
    Copy the full SHA
    e82137e View commit details

  3. Update packages/pg-pool/index.js 

    Co-authored-by: Charmander <~@charmander.me>
    @Lewiscowles1986 @charmander @brianc
    2 people authored and brianc committed Oct 20, 2020
    2
    Copy the full SHA
    80c500f View commit details

Commits on Oct 26, 2020

  1. Publish 

     - pg-cursor@2.4.2
 - pg-pool@3.2.2
 - pg-query-stream@3.3.2
 - pg@8.4.2
    @brianc
    brianc committed Oct 26, 2020
    Copy the full SHA
    b6d69d5 View commit details
4 changes: 2 additions & 2 deletions packages/pg-cursor/package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "pg-cursor",
"version": "2.4.1",
"version": "2.4.2",
"description": "Query cursor extension for node-postgres",
"main": "index.js",
"directories": {
@@ -17,6 +17,6 @@
"license": "MIT",
"devDependencies": {
"mocha": "^7.1.2",
"pg": "^8.4.1"
"pg": "^8.4.2"
}
}
7 changes: 7 additions & 0 deletions packages/pg-pool/index.js
View file
Original file line number Diff line number Diff line change
@@ -73,6 +73,13 @@ class Pool extends EventEmitter {
value: options.password,
})
}
if (options != null && options.ssl && options.ssl.key) {
// "hiding" the ssl->key so it doesn't show up in stack traces
// or if the client is console.logged
Object.defineProperty(this.options.ssl, 'key', {
enumerable: false,
})
}

this.options.max = this.options.max || this.options.poolSize || 10
this.options.maxUses = this.options.maxUses || Infinity
2 changes: 1 addition & 1 deletion packages/pg-pool/package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "pg-pool",
"version": "3.2.1",
"version": "3.2.2",
"description": "Connection pool for node-postgres",
"main": "index.js",
"directories": {
6 changes: 3 additions & 3 deletions packages/pg-query-stream/package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "pg-query-stream",
"version": "3.3.1",
"version": "3.3.2",
"description": "Postgres query result returned as readable stream",
"main": "index.js",
"scripts": {
@@ -26,12 +26,12 @@
"concat-stream": "~1.0.1",
"eslint-plugin-promise": "^3.5.0",
"mocha": "^7.1.2",
"pg": "^8.4.1",
"pg": "^8.4.2",
"stream-spec": "~0.3.5",
"stream-tester": "0.0.5",
"through": "~2.3.4"
},
"dependencies": {
"pg-cursor": "^2.4.1"
"pg-cursor": "^2.4.2"
}
}
9 changes: 9 additions & 0 deletions packages/pg/lib/client.js
View file
Original file line number Diff line number Diff line change
@@ -57,6 +57,15 @@ class Client extends EventEmitter {
this.processID = null
this.secretKey = null
this.ssl = this.connectionParameters.ssl || false
// As with Password, make SSL->Key (the private key) non-enumerable.
// It won't show up in stack traces
// or if the client is console.logged
if (this.ssl && this.ssl.key) {
Object.defineProperty(this.ssl, 'key', {
enumerable: false,
})
}

this._connectionTimeoutMillis = c.connectionTimeoutMillis || 0
}

5 changes: 5 additions & 0 deletions packages/pg/lib/connection-parameters.js
View file
Original file line number Diff line number Diff line change
@@ -84,6 +84,11 @@ class ConnectionParameters {
if (this.ssl === 'no-verify') {
this.ssl = { rejectUnauthorized: false }
}
if (this.ssl && this.ssl.key) {
Object.defineProperty(this.ssl, 'key', {
enumerable: false,
})
}

this.client_encoding = val('client_encoding', config)
this.replication = val('replication', config)
4 changes: 2 additions & 2 deletions packages/pg/package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "pg",
"version": "8.4.1",
"version": "8.4.2",
"description": "PostgreSQL client - pure javascript & libpq with the same API",
"keywords": [
"database",
@@ -22,7 +22,7 @@
"buffer-writer": "2.0.0",
"packet-reader": "1.0.0",
"pg-connection-string": "^2.4.0",
"pg-pool": "^3.2.1",
"pg-pool": "^3.2.2",
"pg-protocol": "^1.3.0",
"pg-types": "^2.1.0",
"pgpass": "1.x"
47 changes: 47 additions & 0 deletions packages/pg/test/integration/gh-issues/2303-tests.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
'use strict'
const helper = require('./../test-helper')
const assert = require('assert')
const util = require('util')

const suite = new helper.Suite()

const secret_value = 'FAIL THIS TEST'

suite.test('SSL Key should not exist in toString() output', () => {
const pool = new helper.pg.Pool({ ssl: { key: secret_value } })
const client = new helper.pg.Client({ ssl: { key: secret_value } })
assert(pool.toString().indexOf(secret_value) === -1)
assert(client.toString().indexOf(secret_value) === -1)
})

suite.test('SSL Key should not exist in util.inspect output', () => {
const pool = new helper.pg.Pool({ ssl: { key: secret_value } })
const client = new helper.pg.Client({ ssl: { key: secret_value } })
const depth = 20
assert(util.inspect(pool, { depth }).indexOf(secret_value) === -1)
assert(util.inspect(client, { depth }).indexOf(secret_value) === -1)
})

suite.test('SSL Key should not exist in json.stringfy output', () => {
const pool = new helper.pg.Pool({ ssl: { key: secret_value } })
const client = new helper.pg.Client({ ssl: { key: secret_value } })
const depth = 20
assert(JSON.stringify(pool).indexOf(secret_value) === -1)
assert(JSON.stringify(client).indexOf(secret_value) === -1)
})

suite.test('SSL Key should exist for direct access', () => {
const pool = new helper.pg.Pool({ ssl: { key: secret_value } })
const client = new helper.pg.Client({ ssl: { key: secret_value } })
assert(pool.options.ssl.key === secret_value)
assert(client.connectionParameters.ssl.key === secret_value)
})

suite.test('SSL Key should exist for direct access even when non-enumerable custom config', () => {
const config = { ssl: { key: secret_value } }
Object.defineProperty(config.ssl, 'key', { enumerable: false })
const pool = new helper.pg.Pool(config)
const client = new helper.pg.Client(config)
assert(pool.options.ssl.key === secret_value)
assert(client.connectionParameters.ssl.key === secret_value)
})