Skip to content

Commit 2f7aa5d

Browse files
evgeniekohl
authored andcommitted
Set user and password last when constructing an URI
To fix CVE-2025-27221, the `uri` gem started invalidating the set username and password when the host of an URI changes. To still correctly construct the URI in our case, set username and password last, which will correctly preserve it.
1 parent a9b0fcd commit 2f7aa5d

1 file changed

Lines changed: 2 additions & 2 deletions

File tree

templates/plugin/container_gateway.yml.erb

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,11 +13,11 @@
1313
case scope.lookupvar('foreman_proxy::plugin::container_gateway::database_backend')
1414
when 'postgres'
1515
uri = URI("postgres://")
16-
uri.user = scope.lookupvar('foreman_proxy::plugin::container_gateway::postgresql_user')
17-
uri.password = scope.lookupvar('foreman_proxy::plugin::container_gateway::postgresql_password')
1816
uri.host = scope.lookupvar('foreman_proxy::plugin::container_gateway::postgresql_host')
1917
uri.port = scope.lookupvar('foreman_proxy::plugin::container_gateway::postgresql_port')
2018
uri.path = "/#{scope.lookupvar('foreman_proxy::plugin::container_gateway::postgresql_database')}"
19+
uri.user = scope.lookupvar('foreman_proxy::plugin::container_gateway::postgresql_user')
20+
uri.password = scope.lookupvar('foreman_proxy::plugin::container_gateway::postgresql_password')
2121
when 'sqlite'
2222
uri = "sqlite://#{scope.lookupvar('foreman_proxy::plugin::container_gateway::sqlite_db_path')}"
2323
end

0 commit comments

Comments
 (0)