X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/3857519629ca8fbcf3466c3fc761a5bb6ed32d53..7b162fc84e202a16b89fa11224737ffbdd240bc8:/test/confs/2610 diff --git a/test/confs/2610 b/test/confs/2610 index 3f75d44a2..71a3f4284 100644 --- a/test/confs/2610 +++ b/test/confs/2610 @@ -14,7 +14,7 @@ acl_not_smtp = check_notsmtp PARTIAL = 127.0.0.1::PORT_N SSPEC = PARTIAL/test/root/pass -mysql_servers = SSPEC +hide mysql_servers = SSPEC # ----- ACL ----- @@ -25,27 +25,30 @@ check_recipient: # Tainted-data checks warn # taint only in lookup string, properly quoted - set acl_m0 = ok: ${lookup mysql {select name from them where id = '${quote_mysql:$local_part}'}} + set acl_m0 = ok: ${lookup mysql {select name from them where id = '${quote_mysql:$local_part}'}} # taint only in lookup string, but not quoted - set acl_m0 = FAIL: ${lookup mysql,no_rd {select name from them where id = '$local_part'}} + set acl_m0 = FAIL1: ${lookup mysql,no_rd {select name from them where id = '$local_part'}} warn # option on lookup type unaffected - set acl_m0 = ok: ${lookup mysql,servers=SSPEC {select name from them where id = '${quote_mysql:$local_part}'}} + set acl_m0 = ok: ${lookup mysql,servers=SSPEC {select name from them where id = '${quote_mysql:$local_part}'}} # partial server-spec, indexing main-option, works - set acl_m0 = ok: ${lookup mysql,servers=PARTIAL {select name from them where id = '${quote_mysql:$local_part}'}} + set acl_m0 = ok: ${lookup mysql,servers=PARTIAL {select name from them where id = '${quote_mysql:$local_part}'}} # oldstyle server spec, prepended to lookup string, fails with taint - set acl_m0 = FAIL: ${lookup mysql {servers=SSPEC; select name from them where id = '${quote_mysql:$local_part}'}} + set acl_m0 = FAIL2: ${lookup mysql {servers=SSPEC; select name from them where id = '${quote_mysql:$local_part}'}} + # oldstyle partial server spec, prepended to lookup string, indexing main-option, but not quoted + warn set acl_m0 = FAIL3: ${lookup mysql {servers=PARTIAL; select name from them where id = '$local_part'}} # In list-style lookup, tainted lookup string is ok if server spec comes from main-option - warn set acl_m0 = ok: hostlist + warn set acl_m0 = ok: hostlist hosts = net-mysql;select * from them where id='${quote_mysql:$local_part}' + # ... but setting a per-query servers spec fails due to the taint - warn set acl_m0 = FAIL: hostlist + warn set acl_m0 = FAIL4: hostlist hosts = <& net-mysql;servers=SSPEC; select * from them where id='${quote_mysql:$local_part}' # The newer server-list-as-option-to-lookup-type is not a solution to tainted data in the lookup, because # string-expansion is done before list-expansion so the taint contaminates the entire list. - warn set acl_m0 = FAIL: hostlist + warn set acl_m0 = FAIL5: hostlist hosts = <& net-mysql,servers=SSPEC; select * from them where id='${quote_mysql:$local_part}' accept domains = +local_domains