diff --git a/pgroonga/migrations/0001_enable.py b/pgroonga/migrations/0001_enable.py index 9c0797e1ef..2e5f645a93 100644 --- a/pgroonga/migrations/0001_enable.py +++ b/pgroonga/migrations/0001_enable.py @@ -11,8 +11,9 @@ class Migration(migrations.Migration): database_setting = settings.DATABASES["default"] if "postgres" in database_setting["ENGINE"]: operations = [ - migrations.RunSQL(""" -ALTER ROLE %(USER)s SET search_path TO %(SCHEMA)s,public,pgroonga,pg_catalog; + migrations.RunSQL([(""" +DO $$BEGIN +EXECUTE format('ALTER ROLE %%I SET search_path TO %%L,public,pgroonga,pg_catalog', %(USER)s, %(SCHEMA)s); SET search_path = %(SCHEMA)s,public,pgroonga,pg_catalog; @@ -23,8 +24,10 @@ ALTER TABLE zerver_message ADD COLUMN search_pgroonga text; -- Django 1.10 may solve the problem. CREATE INDEX zerver_message_search_pgroonga ON zerver_message USING pgroonga(search_pgroonga pgroonga.text_full_text_search_ops); -""" % database_setting, - """ +END$$ +""", database_setting)], + [(""" +DO $$BEGIN SET search_path = %(SCHEMA)s,public,pgroonga,pg_catalog; DROP INDEX zerver_message_search_pgroonga; @@ -32,8 +35,9 @@ ALTER TABLE zerver_message DROP COLUMN search_pgroonga; SET search_path = %(SCHEMA)s,public; -ALTER ROLE %(USER)s SET search_path TO %(SCHEMA)s,public; -""" % database_setting), +EXECUTE format('ALTER ROLE %%I SET search_path TO %%L,public', %(USER)s, %(SCHEMA)s); +END$$ +""", database_setting)]), ] else: operations = [] diff --git a/tools/semgrep.yml b/tools/semgrep.yml index 77123f831c..94982715ed 100644 --- a/tools/semgrep.yml +++ b/tools/semgrep.yml @@ -72,6 +72,8 @@ rules: - pattern: ... .execute("...".format(...)) - pattern: psycopg2.sql.SQL(... % ...) - pattern: psycopg2.sql.SQL(... .format(...)) + - pattern: django.db.migrations.RunSQL(..., ... % ..., ...) + - pattern: django.db.migrations.RunSQL(..., "..." .format(...), ...) severity: ERROR message: "Do not write a SQL injection vulnerability please"