From dd2cc1eb26d4e50b58738503b8342a0ed94abe1a Mon Sep 17 00:00:00 2001
From: Lukas Audzevicius <laudzevicius24@hotmail.com>
Date: Tue, 8 Nov 2022 13:54:22 +0000
Subject: [PATCH] (CONT-5) Codebase hardening

Prior to this commit, and after the work perform in CONT-256, there were
a few commands in the module that were not properly sanitised according
to our current standards.

This PR aims to implement some changes that ensure no malformed commands
are passed through to the system. Primarily, the commands targeted were
the ones related to Open3 and exec.
---
 manifests/linux/redhat.pp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/manifests/linux/redhat.pp b/manifests/linux/redhat.pp
index 902dd99..27370c7 100644
--- a/manifests/linux/redhat.pp
+++ b/manifests/linux/redhat.pp
@@ -74,7 +74,10 @@ class firewall::linux::redhat (
 
   if ($::operatingsystem != 'Amazon') {
     if $ensure == 'running' {
+      $running_command = ['/usr/bin/systemctl', 'daemon-reload']
+
       exec { '/usr/bin/systemctl daemon-reload':
+        command     => $running_command,
         require     => Package[$package_name],
         before      => Service[$service_name, $service_name_v6],
         subscribe   => Package[$package_name],
-- 
2.45.2