From 5386e8f1a90dd9b63566230b182eb04dafef16b5 Mon Sep 17 00:00:00 2001 From: =?utf8?q?=C5=81ukasz=20Czapli=C5=84ski?= Date: Wed, 5 Aug 2020 17:13:44 +0200 Subject: [PATCH] Fix problem with parsing rules without quotes --- lib/puppet/provider/firewall/iptables.rb | 2 +- spec/fixtures/iptables/conversion_hash.rb | 19 ++++++++++++------- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb index ee5daae..76dc990 100644 --- a/lib/puppet/provider/firewall/iptables.rb +++ b/lib/puppet/provider/firewall/iptables.rb @@ -465,7 +465,7 @@ Puppet::Type.type(:firewall).provide :iptables, parent: Puppet::Provider::Firewa ind = values.index('-m comment --comment') comments = values.scan(%r{-m comment --comment "((?:\\"|[^"])*)"}) comments += values.scan(%r{-m comment --comment ([^"\s]+)\b}) - values = values.gsub(%r{-m comment --comment (".*?[^\\"]"|[^ ].*)( |$)}, '') + values = values.gsub(%r{-m comment --comment (".*?[^\\"]")( |$)}, '') values = values.gsub(%r{-m comment --comment ([^"].*?)[ $]}, '') values.insert(ind, "-m comment --comment \"#{comments.join(';')}\" ") end diff --git a/spec/fixtures/iptables/conversion_hash.rb b/spec/fixtures/iptables/conversion_hash.rb index 89ba685..25e67bf 100644 --- a/spec/fixtures/iptables/conversion_hash.rb +++ b/spec/fixtures/iptables/conversion_hash.rb @@ -234,38 +234,43 @@ ARGS_TO_HASH = { }, }, 'comment_string_character_validation' => { - line: '-A INPUT -s 192.168.0.1/32 -m comment --comment "000 allow from 192.168.0.1, please"', + line: '-A INPUT -s 192.168.0.1/32 -m comment --comment "000 allow from 192.168.0.1, please" -j ACCEPT', table: 'filter', params: { source: '192.168.0.1/32', + action: 'accept', }, }, 'multiple_comments' => { - line: '-A INPUT -s 192.168.0.1/32 -m comment --comment "000 allow from 192.168.0.1, please" -m comment --comment "another comment"', + line: '-A INPUT -s 192.168.0.1/32 -m comment --comment "000 allow from 192.168.0.1, please" -m comment --comment "another comment" -j ACCEPT', table: 'filter', params: { name: '000 allow from 192.168.0.1, please;another comment', + action: 'accept', }, }, - 'comments_without_quotes' => { - line: '-A INPUT -s 192.168.0.1/32 -m comment --comment comment_without_quotes', + 'comments_without_quotes_with_underscores' => { + line: '-A INPUT -s 192.168.0.1/32 -m comment --comment comment_without_quotes -j ACCEPT', table: 'filter', params: { name: '9000 comment_without_quotes', + action: 'accept', }, }, - 'comments_without_quotes' => { - line: '-A INPUT -s 192.168.0.1/32 -m comment --comment 100-comment_without-quotes', + 'comments_without_quotes_with_dashes' => { + line: '-A INPUT -s 192.168.0.1/32 -m comment --comment 100-comment_without-quotes -j ACCEPT', table: 'filter', params: { name: '100-comment_without-quotes', + action: 'accept', }, }, 'string_escape_sequences' => { - line: '-A INPUT -m comment --comment "000 parse escaped \\"s, \\"s, \\\'s, \\\'s, \\\\s and \\\\s"', + line: '-A INPUT -m comment --comment "000 parse escaped \\"s, \\"s, \\\'s, \\\'s, \\\\s and \\\\s" -j ACCEPT', table: 'filter', params: { name: '000 parse escaped "s, "s, \'s, \'s, \\s and \\s', + action: 'accept', }, }, 'log_level_debug' => { -- 2.45.2