(MODULES-1967) Parse escape sequences from iptables

diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb
index 089689cdf329d5447fa77e85960ad35aaaa447f4..b6ec22dc5dc256f1bddac6f5274644931a4e070b 100644 (file)
--- a/lib/puppet/provider/firewall/iptables.rb
+++ b/lib/puppet/provider/firewall/iptables.rb
@@ -364,8 +364,16 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir
     values.slice!('-A')
     keys << :chain
 
-    # Here we generate the main hash
-    keys.zip(values.scan(/"[^"]*"|\S+/).reverse) { |f, v| hash[f] = v.gsub(/"/, '') }
+    # Here we generate the main hash by scanning arguments off the values
+    # string, handling any quoted characters present in the value, and then
+    # zipping the values with the array of keys.
+    keys.zip(values.scan(/("([^"\\]|\\.)*"|\S+)/).transpose[0].reverse) do |f, v|
+      if v =~ /^".*"$/ then
+        hash[f] = v.sub(/^"(.*)"$/, '\1').gsub(/\\(\\|'|")/, '\1')
+      else
+        hash[f] = v.dup
+      end
+    end
 
     #####################
     # POST PARSE CLUDGING

diff --git a/spec/fixtures/iptables/conversion_hash.rb b/spec/fixtures/iptables/conversion_hash.rb
index e33a2e13c5e9255fc8385f2dbe380145d31ae67c..b555eea8ab06e36a9f67c939c0e4d2e3bf572628 100644 (file)
--- a/spec/fixtures/iptables/conversion_hash.rb
+++ b/spec/fixtures/iptables/conversion_hash.rb
@@ -231,6 +231,13 @@ ARGS_TO_HASH = {
       :source => '192.168.0.1/32',
     },
   },
+  'string_escape_sequences' => {
+    :line => '-A INPUT -m comment --comment "000 parse escaped \\"s, \\\'s, and \\\\s"',
+    :table => 'filter',
+    :params => {
+      :name => '000 parse escaped "s, \'s, and \\s',
+    },
+  },
   'log_level_debug' => {
     :line => '-A INPUT -m comment --comment "956 INPUT log-level" -m state --state NEW -j LOG --log-level 7',
     :table => 'filter',