Code Review / puppet-modules / puppetlabs-apt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 4b12e7b) | patch
Harden PPA defined type
authorCraig Gumbley <craiggumbley@gmail.com>
Thu, 11 Aug 2022 15:20:36 +0000 (15:20 +0000)
committerCraig Gumbley <craiggumbley@gmail.com>
Thu, 18 Aug 2022 07:28:14 +0000 (07:28 +0000)
commitc26ad2a54f318b4d6fbe55f837b00cd6afd9f1eb
treef153246dcd4196961d9cc250e2f7bb3566df421atree | snapshot
parent4b12e7b33263abffe5f1369b4a73272daf4e5248commit | diff
Harden PPA defined type

Prior to this commit there was a possibility that malformed strings
could be passed as the resources name. This could lead to unsafe
executions on a remote system.

This was also a possibility for the options parameter as it was
constrained to a string.

In addition, commands were not properly broken out in to arrays of
arguments when passed to the exec resource.

This commit fixes the above by adding validation to the resource name
ensuring that the given ppa name conforms to expectation. Also, commands
are now broken down in to arrays of arguments appropriately. This ensures
safer execution on the remote system.

Given that the options parameter, passed as a raw string, could lead to
unsafe code execution it was reasonable to change the accepted type to
an `Optional[Array[String]]. This means that an array of options can now
be passed to the exec resource inside the original command.
examples/ppa.pp diff | blob | history
lib/facter/apt_sources.rb [new file with mode: 0644] blob
manifests/init.pp diff | blob | history
manifests/params.pp diff | blob | history
manifests/ppa.pp diff | blob | history
templates/add-apt-repository.sh.epp [new file with mode: 0644] blob