Sha256: 855f3c2af57009aef739849259622b507c105756b1433831dd7e6bf46fa13df5
Contents?: true
Size: 1.74 KB
Versions: 2
Compression:
Stored size: 1.74 KB
Contents
---
title: About the postgres_session Resource
---
# postgres_session
Use the `postgres_session` InSpec audit resource to test SQL commands run against a PostgreSQL database.
# Syntax
A `postgres_session` resource block declares the username and password to use for the session, and then the command to be run:
sql = postgres_session('username', 'password')
describe sql.query('SELECT * FROM pg_shadow WHERE passwd IS NULL;') do
its('output') { should eq('') }
end
where
* `sql = postgres_session` declares a username and password with permission to run the query
* `sql.query('')` contains the query to be run
* `its('output') { should eq('') }` compares the results of the query against the expected result in the test
# Matchers
This InSpec audit resource has the following matchers:
## be
<%= partial "/shared/matcher_be" %>
## cmp
<%= partial "/shared/matcher_cmp" %>
## eq
<%= partial "/shared/matcher_eq" %>
## include
<%= partial "/shared/matcher_include" %>
## match
<%= partial "/shared/matcher_match" %>
## output
The `output` matcher tests the results of the query:
its('output') { should eq(/^0/) }
# Examples
The following examples show how to use this InSpec audit resource.
## Test the PostgreSQL shadow password
sql = postgres_session('my_user', 'password')
describe sql.query('SELECT * FROM pg_shadow WHERE passwd IS NULL;') do
its('output') { should eq('') }
end
## Test for risky database entries
describe postgres_session('my_user', 'password').query('SELECT count (*)
FROM pg_language
WHERE lanpltrusted = \'f\'
AND lanname!=\'internal\'
AND lanname!=\'c\';') do
its('output') { should eq '0' }
end
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| inspec-1.0.0 | docs/resources/postgres_session.md.erb |
| inspec-1.0.0.beta3 | docs/resources/postgres_session.md.erb |