Closed chelnak closed 1 year ago
that may have no external impact to Forge modules.
Puppetfiles
.These results were generated with Rangefinder, a tool that helps predict the downstream impact of breaking changes to elements used in Puppet modules. You can run this on the command line to get a full report.
Exact matches are those that we can positively identify via namespace and the declaring modules' metadata. Non-namespaced items, such as Puppet 3.x functions, will always be reported as near matches only.
Prior to this PR the title parameter of this defined type was not properly validated. This means that it could have been possible to use a resource title outside of the normal bounds of a package name.
Additionally the
onlyif
andcommand
parameter values were interpolated strings meaning that it may have been possible to execute unsafe code on the remote system.This PR fixes the above issues by adding a regex to check that the resource title is a valid apt package name and also breaks out the
onlyif
andcommand
parameter values in to arrays of args.By doing this we are ensuring that the commands executed in a safe manor on the remote system.
The exception to this is the
unless_cmd
.This has not been broken out in to an array of args due to the requirement of the command (explained in more detail in mark.pp:20).
Using an interpolated string here is a reasonable trade off however, due to the fact that action is created from known enum values and title would be pre-validated by the regular expression.