]> review.fuel-infra Code Review - puppet-modules/puppetlabs-firewall.git/commitdiff
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 0070c25)
(CONT-5) Codebase hardening CONT-5-Codebase_hardening
authorLukas Audzevicius <laudzevicius24@hotmail.com>
Tue, 8 Nov 2022 13:54:22 +0000 (13:54 +0000)
committerLukas Audzevicius <laudzevicius24@hotmail.com>
Tue, 8 Nov 2022 16:51:49 +0000 (16:51 +0000)
Prior to this commit, and after the work perform in CONT-256, there were
a few commands in the module that were not properly sanitised according
to our current standards.

This PR aims to implement some changes that ensure no malformed commands
are passed through to the system. Primarily, the commands targeted were
the ones related to Open3 and exec.

manifests/linux/redhat.pp patch | blob | history

diff --git a/manifests/linux/redhat.pp b/manifests/linux/redhat.pp
index 902dd990f7aeff2f7e786b3fe5b6d0ab2eff33bc..27370c7a82bca5ef8afe3f7a01e3311f71250b72 100644 (file)
--- a/manifests/linux/redhat.pp
+++ b/manifests/linux/redhat.pp
@@ -74,7 +74,10 @@ class firewall::linux::redhat (
 
   if ($::operatingsystem != 'Amazon') {
     if $ensure == 'running' {
+      $running_command = ['/usr/bin/systemctl', 'daemon-reload']
+
       exec { '/usr/bin/systemctl daemon-reload':
+        command     => $running_command,
         require     => Package[$package_name],
         before      => Service[$service_name, $service_name_v6],
         subscribe   => Package[$package_name],