Skip to content

Commit b3b9f9f

Browse files
committed
fix: Prevent quotes in the tenant name
and simplify the implementation of the connection's injected log method.
1 parent e341128 commit b3b9f9f

File tree

2 files changed

+10
-5
lines changed

2 files changed

+10
-5
lines changed

lib/active_record/tenanted/database_configurations.rb

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,9 @@ def database_tasks?
1111
end
1212

1313
def database_path_for(tenant_name)
14-
raise BadTenantNameError, "Tenant name cannot contain path separators: #{tenant_name.inspect}" if tenant_name.include?("/")
14+
if tenant_name.match?(%r{[/'"`]})
15+
raise BadTenantNameError, "Tenant name contains an invalid character: #{tenant_name.inspect}"
16+
end
1517
sprintf(database, tenant: tenant_name)
1618
end
1719

@@ -41,12 +43,9 @@ def tenant
4143

4244
def new_connection
4345
conn = super
44-
log_addition = " [tenant=#{tenant}]"
4546
conn.class_eval <<~CODE, __FILE__, __LINE__ + 1
4647
private def log(sql, name = "SQL", *args, **kwargs, &block)
47-
name ||= ""
48-
name += "#{log_addition}"
49-
super(sql, name, *args, **kwargs, &block)
48+
super(sql, "\#{name} [tenant=#{tenant}]", *args, **kwargs, &block)
5049
end
5150
CODE
5251
conn

test/unit/database_configurations_test.rb

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,12 @@
3636
test "raises if the tenant name contains a path separator" do
3737
assert_raises(ActiveRecord::Tenanted::BadTenantNameError) { config.database_path_for("foo/bar") }
3838
end
39+
40+
test "raises if the tenant name contains a quote or double-quote or back-quote" do
41+
assert_raises(ActiveRecord::Tenanted::BadTenantNameError) { config.database_path_for("foo'bar") }
42+
assert_raises(ActiveRecord::Tenanted::BadTenantNameError) { config.database_path_for("foo\"bar") }
43+
assert_raises(ActiveRecord::Tenanted::BadTenantNameError) { config.database_path_for("foo`bar") }
44+
end
3945
end
4046

4147
for_each_scenario do

0 commit comments

Comments
 (0)