From a7677b32d8d7b83dfeb40fab8becdd14bf88e876 Mon Sep 17 00:00:00 2001
From: Michal 'vorner' Vaner <michal.vaner@nic.cz>
Date: Thu, 18 Feb 2016 12:33:03 +0100
Subject: [PATCH] fake: Make sure the name and passwords are properly escaped

These fields are byte arrays and we have strings, python needs to be
told explicitly to convert/use different escaping.
---
 src/master/fake_plugin.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/master/fake_plugin.py b/src/master/fake_plugin.py
index cfa498a9..99fd86aa 100644
--- a/src/master/fake_plugin.py
+++ b/src/master/fake_plugin.py
@@ -25,6 +25,7 @@ import activity
 import socket
 import protocol
 import database
+import psycopg2
 
 logger = logging.getLogger(name='fake')
 
@@ -61,10 +62,14 @@ def store_logs(message, client, now, version):
 		for i in range(0, info_count):
 			(kind_i,) = struct.unpack('!B', message[0])
 			(content, message) = protocol.extract_string(message[1:])
+			# Twisted gives us the message as a string. The name and password
+			# columns are bytea in postgres. This needs to be resolved by
+			# a conversion wrapper (because python seems to use escaping, not
+			# bound params)
 			if kind_i == 0:
-				name = content
+				name = psycopg2.Binary(content)
 			elif kind_i == 1:
-				passwd = content
+				passwd = psycopg2.Binary(content)
 			elif kind_i == 2:
 				reason = content
 		values.append((now, age, tp, rem_address, loc_address, rem_port, name, passwd, reason, client, code))
-- 
GitLab