From 5b297b7507af6608756d3c89e4383fff68592eed Mon Sep 17 00:00:00 2001
From: "tembo-io[bot]" <208362400+tembo-io[bot]@users.noreply.github.com>
Date: Sat, 28 Jun 2025 08:46:52 +0000
Subject: [PATCH] fix: prevent SQL injection by using format() with
 placeholders

---
 roles/alter_user_with_random_password.psql  | 14 +++++++-------
 roles/create_user_with_random_password.psql |  9 +++++----
 2 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/roles/alter_user_with_random_password.psql b/roles/alter_user_with_random_password.psql
index f951c87..2f7bf59 100644
--- a/roles/alter_user_with_random_password.psql
+++ b/roles/alter_user_with_random_password.psql
@@ -43,17 +43,17 @@ begin
     j := int4(random() * allowed_len);
     pwd := pwd || substr(allowed, j+1, 1);
   end loop;
-  sql := 'alter role ' || current_setting('postgres_dba.username')::text || ' password ''' || pwd || ''';';
+  sql := format('alter role %I password %L', current_setting('postgres_dba.username')::text, pwd);
   raise debug 'SQL: %', sql;
   execute sql;
-  sql := 'alter role ' || current_setting('postgres_dba.username')::text
-    || (case when lower(current_setting('postgres_dba.is_superuser')::text) not in ('0', '', 'no', 'false', 'n', 'f') then ' superuser' else '' end)
-    || ';';
+  sql := format('alter role %I%s', 
+    current_setting('postgres_dba.username')::text,
+    (case when lower(current_setting('postgres_dba.is_superuser')::text) not in ('0', '', 'no', 'false', 'n', 'f') then ' superuser' else '' end));
   raise debug 'SQL: %', sql;
   execute sql;
-  sql := 'alter role ' || current_setting('postgres_dba.username')::text
-    || (case when lower(current_setting('postgres_dba.login')::text) not in ('0', '', 'no', 'false', 'n', 'f') then ' login' else '' end)
-    || ';';
+  sql := format('alter role %I%s', 
+    current_setting('postgres_dba.username')::text,
+    (case when lower(current_setting('postgres_dba.login')::text) not in ('0', '', 'no', 'false', 'n', 'f') then ' login' else '' end));
   raise debug 'SQL: %', sql;
   execute sql;
   raise debug 'User % altered, password: %', current_setting('postgres_dba.username')::text, pwd;
diff --git a/roles/create_user_with_random_password.psql b/roles/create_user_with_random_password.psql
index a5257a3..3d3f42a 100644
--- a/roles/create_user_with_random_password.psql
+++ b/roles/create_user_with_random_password.psql
@@ -43,10 +43,11 @@ begin
     j := int4(random() * allowed_len);
     pwd := pwd || substr(allowed, j+1, 1);
   end loop;
-  sql := 'create role ' || current_setting('postgres_dba.username')::text
-    || (case when lower(current_setting('postgres_dba.is_superuser')::text) not in ('0', '', 'no', 'false', 'n', 'f') then ' superuser' else '' end)
-    || (case when lower(current_setting('postgres_dba.login')::text) not in ('0', '', 'no', 'false', 'n', 'f') then ' login' else '' end)
-    || ' password ''' || pwd || ''';';
+  sql := format('create role %I%s%s password %L', 
+    current_setting('postgres_dba.username')::text,
+    (case when lower(current_setting('postgres_dba.is_superuser')::text) not in ('0', '', 'no', 'false', 'n', 'f') then ' superuser' else '' end),
+    (case when lower(current_setting('postgres_dba.login')::text) not in ('0', '', 'no', 'false', 'n', 'f') then ' login' else '' end),
+    pwd);
   raise debug 'SQL: %', sql;
   execute sql;
   raise info 'User % created, password: %', current_setting('postgres_dba.username')::text, pwd;