Merge pull request #660 from bpo/allowlist-regex

Support regular expressions in allowlist
DatabaseCleaner · Oct 9, 2020 · f7b9246 · f7b9246
2 parents 661fe7e + e4a1fe7
commit f7b9246
Show file tree

Hide file tree

Showing 4 changed files with 44 additions and 3 deletions.
diff --git a/History.rdoc b/History.rdoc
@@ -2,6 +2,7 @@
 
 === Changes
   * Rename `url_whitelist` to `url_allowlist`
+  * Allowlist now supports regular expressions
   * Fixed Ruby 2.7 deprecation warnings
 
 === Breaking changes

diff --git a/README.markdown b/README.markdown
@@ -349,6 +349,15 @@ to one of the values specified in the url allowlist like so:
 DatabaseCleaner.url_allowlist = ['postgres://postgres@localhost', 'postgres://foo@bar']
 ```
 
+Allowlist elements are matched with case equality (`===`), so regular expressions or procs may be used:
+
+```ruby
+DatabaseCleaner.url_allowlist = [
+  %r{^postgres://postgres@localhost},         # match any db with this prefix
+  proc {|uri| URI.parse(uri).user == "test" } # match any db authenticating with the 'test' user
+]
+```
+
 ## COPYRIGHT
 
 See [LICENSE](LICENSE) for details.
diff --git a/lib/database_cleaner/safeguard.rb b/lib/database_cleaner/safeguard.rb
@@ -29,7 +29,7 @@ def run
       private
 
         def database_url_not_allowed?
-          !DatabaseCleaner.url_allowlist.include?(ENV['DATABASE_URL'])
+          !DatabaseCleaner.url_allowlist.any? {|allowed| allowed === ENV['DATABASE_URL'] }
         end
 
         def skip?

diff --git a/spec/database_cleaner/safeguard_spec.rb b/spec/database_cleaner/safeguard_spec.rb
@@ -86,11 +86,27 @@ module DatabaseCleaner
           describe 'A remote url is not on the allowlist' do
             let(:database_url) { 'postgress://bar.baz' }
 
-            it 'raises a allowlist error' do
+            it 'raises a not allowed error' do
+              expect { cleaner.start }.to raise_error(Safeguard::Error::UrlNotAllowed)
+            end
+          end
+
+          describe 'A similar url not explicitly matched as a pattern' do
+            let(:database_url) { 'postgres://foo.bar?pool=8' }
+
+            it 'raises a not allowed error' do
               expect { cleaner.start }.to raise_error(Safeguard::Error::UrlNotAllowed)
             end
           end
 
+          describe 'A remote url matches a pattern on the allowlist' do
+            let(:database_url) { 'postgres://bar.baz?pool=16' }
+
+            it 'does not raise' do
+              expect { cleaner.start }.to_not raise_error
+            end
+          end
+
           describe 'A local url is on the allowlist' do
             let(:database_url) { 'postgres://postgres@localhost' }
 
@@ -106,9 +122,24 @@ module DatabaseCleaner
               expect { cleaner.start }.to raise_error(Safeguard::Error::UrlNotAllowed)
             end
           end
+
+          describe 'A url that matches a proc' do
+            let(:database_url) { 'redis://test:[email protected]' }
+
+            it 'does not raise' do
+              expect { cleaner.start }.to_not raise_error
+            end
+          end
         end
 
-        let(:url_allowlist) { ['postgres://postgres@localhost', 'postgres://foo.bar'] }
+        let(:url_allowlist) do
+          [
+            'postgres://postgres@localhost',
+            'postgres://foo.bar',
+            %r{^postgres://bar.baz},
+            proc { |x| URI.parse(x).user == 'test' }
+          ]
+        end
 
         describe 'url_allowlist' do
           before { DatabaseCleaner.url_allowlist = url_allowlist }