From: Lukas Audzevicius <laudzevicius24@hotmail.com>
Date: Tue, 8 Nov 2022 13:54:22 +0000 (+0000)
Subject: (CONT-5) Codebase hardening
X-Git-Tag: v4.0.0~3^2
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=refs%2Fheads%2FCONT-5-Codebase_hardening;p=puppet-modules%2Fpuppetlabs-firewall.git

(CONT-5) Codebase hardening

Prior to this commit, and after the work perform in CONT-256, there were
a few commands in the module that were not properly sanitised according
to our current standards.

This PR aims to implement some changes that ensure no malformed commands
are passed through to the system. Primarily, the commands targeted were
the ones related to Open3 and exec.
---

diff --git a/manifests/linux/redhat.pp b/manifests/linux/redhat.pp
index 902dd99..27370c7 100644
--- a/manifests/linux/redhat.pp
+++ b/manifests/linux/redhat.pp
@@ -74,7 +74,10 @@ class firewall::linux::redhat (
 
   if ($::operatingsystem != 'Amazon') {
     if $ensure == 'running' {
+      $running_command = ['/usr/bin/systemctl', 'daemon-reload']
+
       exec { '/usr/bin/systemctl daemon-reload':
+        command     => $running_command,
         require     => Package[$package_name],
         before      => Service[$service_name, $service_name_v6],
         subscribe   => Package[$package_name],