diff --git a/.gitignore b/.gitignore index 970fcd4f..1fb195db 100644 --- a/.gitignore +++ b/.gitignore @@ -15,3 +15,6 @@ .venv/ venv/ + +.myclirc +uv.lock diff --git a/changelog.md b/changelog.md index 04387011..2544489b 100644 --- a/changelog.md +++ b/changelog.md @@ -3,7 +3,8 @@ Upcoming (TBD) Features -------- -* Update query processing functions to allow automatic show_warnings to work for more code paths like DDL +* Update query processing functions to allow automatic show_warnings to work for more code paths like DDL. +* Update the default SSL value to connect securely by default. Add a --no-ssl option to disable it. Bug Fixes -------- diff --git a/mycli/main.py b/mycli/main.py index 86dcc5c4..b0422639 100755 --- a/mycli/main.py +++ b/mycli/main.py @@ -1343,7 +1343,9 @@ def get_last_query(self) -> str | None: @click.option("--ssh-key-filename", help="Private key filename (identify file) for the ssh connection.") @click.option("--ssh-config-path", help="Path to ssh configuration.", default=os.path.expanduser("~") + "/.ssh/config") @click.option("--ssh-config-host", help="Host to connect to ssh server reading from ssh configuration.") -@click.option("--ssl", "ssl_enable", is_flag=True, help="Enable SSL for connection (automatically enabled with other flags).") +@click.option( + "--ssl/--no-ssl", "ssl_enable", is_flag=True, default=True, help="Enable SSL for connection (automatically enabled with other flags)." +) @click.option("--ssl-ca", help="CA file in PEM format.", type=click.Path(exists=True)) @click.option("--ssl-capath", help="CA directory.") @click.option("--ssl-cert", help="X509 cert in PEM format.", type=click.Path(exists=True)) diff --git a/test/features/db_utils.py b/test/features/db_utils.py index 5c81b661..4a2813a4 100644 --- a/test/features/db_utils.py +++ b/test/features/db_utils.py @@ -1,5 +1,7 @@ # type: ignore +import ssl + import pymysql @@ -14,8 +16,11 @@ def create_db(hostname="localhost", port=3306, username=None, password=None, dbn :return: """ + ctx = ssl.create_default_context() + ctx.check_hostname = False + ctx.verify_mode = ssl.VerifyMode.CERT_NONE cn = pymysql.connect( - host=hostname, port=port, user=username, password=password, charset="utf8mb4", cursorclass=pymysql.cursors.DictCursor + host=hostname, port=port, user=username, password=password, charset="utf8mb4", cursorclass=pymysql.cursors.DictCursor, ssl=ctx ) with cn.cursor() as cr: @@ -39,8 +44,18 @@ def create_cn(hostname, port, password, username, dbname): :return: psycopg2.connection """ + ctx = ssl.create_default_context() + ctx.check_hostname = False + ctx.verify_mode = ssl.VerifyMode.CERT_NONE cn = pymysql.connect( - host=hostname, port=port, user=username, password=password, db=dbname, charset="utf8mb4", cursorclass=pymysql.cursors.DictCursor + host=hostname, + port=port, + user=username, + password=password, + db=dbname, + charset="utf8mb4", + cursorclass=pymysql.cursors.DictCursor, + ssl=ctx, ) return cn @@ -56,8 +71,18 @@ def drop_db(hostname="localhost", port=3306, username=None, password=None, dbnam :param dbname: string """ + ctx = ssl.create_default_context() + ctx.check_hostname = False + ctx.verify_mode = ssl.VerifyMode.CERT_NONE cn = pymysql.connect( - host=hostname, port=port, user=username, password=password, db=dbname, charset="utf8mb4", cursorclass=pymysql.cursors.DictCursor + host=hostname, + port=port, + user=username, + password=password, + db=dbname, + charset="utf8mb4", + cursorclass=pymysql.cursors.DictCursor, + ssl=ctx, ) with cn.cursor() as cr: