Merge pull request #660 from bpo/allowlist-regex

Support regular expressions in allowlist
2020-10-09 13:34:10 -04:00 · 2020-10-09 13:34:10 -04:00 · f7b9246e68
parent 661fe7ef30 e4a1fe7683
commit f7b9246e68
4 changed files with 44 additions and 3 deletions
--- a/History.rdoc
+++ b/History.rdoc
@ -2,6 +2,7 @@

 === Changes
  * Rename `url_whitelist` to `url_allowlist`
+  * Allowlist now supports regular expressions
  * Fixed Ruby 2.7 deprecation warnings

 === Breaking changes
--- a/README.markdown
+++ b/README.markdown
@ -349,6 +349,15 @@ to one of the values specified in the url allowlist like so:
 DatabaseCleaner.url_allowlist = ['postgres://postgres@localhost', 'postgres://foo@bar']
 ```

+Allowlist elements are matched with case equality (`===`), so regular expressions or procs may be used:
+
+```ruby
+DatabaseCleaner.url_allowlist = [
+  %r{^postgres://postgres@localhost},         # match any db with this prefix
+  proc {|uri| URI.parse(uri).user == "test" } # match any db authenticating with the 'test' user
+]
+```
+
 ## COPYRIGHT

 See [LICENSE](LICENSE) for details.
--- a/lib/database_cleaner/safeguard.rb
+++ b/lib/database_cleaner/safeguard.rb
@ -29,7 +29,7 @@ module DatabaseCleaner
      private

        def database_url_not_allowed?
-          !DatabaseCleaner.url_allowlist.include?(ENV['DATABASE_URL'])
+          !DatabaseCleaner.url_allowlist.any? {|allowed| allowed === ENV['DATABASE_URL'] }
        end

        def skip?
--- a/spec/database_cleaner/safeguard_spec.rb
+++ b/spec/database_cleaner/safeguard_spec.rb
@ -86,11 +86,27 @@ module DatabaseCleaner
          describe 'A remote url is not on the allowlist' do
            let(:database_url) { 'postgress://bar.baz' }

-            it 'raises a allowlist error' do
+            it 'raises a not allowed error' do
              expect { cleaner.start }.to raise_error(Safeguard::Error::UrlNotAllowed)
            end
          end

+          describe 'A similar url not explicitly matched as a pattern' do
+            let(:database_url) { 'postgres://foo.bar?pool=8' }
+
+            it 'raises a not allowed error' do
+              expect { cleaner.start }.to raise_error(Safeguard::Error::UrlNotAllowed)
+            end
+          end
+
+          describe 'A remote url matches a pattern on the allowlist' do
+            let(:database_url) { 'postgres://bar.baz?pool=16' }
+
+            it 'does not raise' do
+              expect { cleaner.start }.to_not raise_error
+            end
+          end
+
          describe 'A local url is on the allowlist' do
            let(:database_url) { 'postgres://postgres@localhost' }

@ -106,9 +122,24 @@ module DatabaseCleaner
              expect { cleaner.start }.to raise_error(Safeguard::Error::UrlNotAllowed)
            end
          end
+
+          describe 'A url that matches a proc' do
+            let(:database_url) { 'redis://test:test@foo.bar' }
+
+            it 'does not raise' do
+              expect { cleaner.start }.to_not raise_error
+            end
+          end
        end

-        let(:url_allowlist) { ['postgres://postgres@localhost', 'postgres://foo.bar'] }
+        let(:url_allowlist) do
+          [
+            'postgres://postgres@localhost',
+            'postgres://foo.bar',
+            %r{^postgres://bar.baz},
+            proc { |x| URI.parse(x).user == 'test' }
+          ]
+        end

        describe 'url_allowlist' do
          before { DatabaseCleaner.url_allowlist = url_allowlist }