voxpupuli / puppet-staging

⛔️ Deprecated in favor of puppet-archive
https://forge.puppet.com/puppet/archive
Apache License 2.0
51 stars 109 forks source link

File source using https with username/password fails with certain password character sequences #79

Closed bryancornies closed 8 years ago

bryancornies commented 9 years ago

When a password used with an https file source has characters that contain special meaning to the shell, various errors can occur. For example, if the char sequence !2 exists in a password (which it happened to for mine) bash interprets that as the 2nd command in my history and interpolates that into the curl command.

Sample Puppet code:

staging::file { 'somefile':
    source => 'https://host/path/to/file',
    username => 'myuser',
    password => 'password!2',
    target   => '/tmp/myfile',
}

Executing this will result in one of two results, depending on whether you have run at least 2 shell commands prior to executing Puppet. I've only sampled the resulting curl commands in the examples here.

[root@rpilproxy vagrant]# curl  -f -L -o /tmp/myfile -u user:password!2 https://host/path/to/file
bash: !2: event not found

...or it will output the following if ls -la happened to be the 15th command in my history...

[root@rpilproxy vagrant]# curl  -f -L -o /tmp/myfile -u user:password!15 https://host/path/to/file
curl  -f -L -o /tmp/myfile -u user:passwordls -la https://host/path/to/file

curl: (6) Couldn't resolve host 'host' # <- this particular error isn't significant, the curl command will still attempt to run the new command with the history interpolation

I believe the solution to be simply wrapping the username:password in the curl request with single quotes.

juniorsysadmin commented 8 years ago

Fixed by #80