diff options
| author | Josh Cooper <josh@puppet.com> | 2018-06-28 11:16:45 -0700 |
|---|---|---|
| committer | Josh Cooper <josh@puppet.com> | 2018-06-28 11:16:45 -0700 |
| commit | 31d0eeeaec6e6745fc831ea2da53c9db83d72602 (patch) | |
| tree | 3a50ae97c241392d36b7530624f9fe426e3cc1ca /lib | |
| parent | 3f7335673485221c012f712b603ff9fde9dcf512 (diff) | |
| download | puppet-augeas_core-31d0eeeaec6e6745fc831ea2da53c9db83d72602.tar.gz puppet-augeas_core-31d0eeeaec6e6745fc831ea2da53c9db83d72602.tar.bz2 | |
Don't eval strings
Previously we were using eval to convert stringified arrays from the
manifest into a ruby array. Use JSON instead, and ensure values are
double quoted as required by JSON.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/puppet/provider/augeas/augeas.rb | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/lib/puppet/provider/augeas/augeas.rb b/lib/puppet/provider/augeas/augeas.rb index 17879d3..05183e5 100644 --- a/lib/puppet/provider/augeas/augeas.rb +++ b/lib/puppet/provider/augeas/augeas.rb @@ -18,6 +18,7 @@ require 'strscan' require 'puppet/util' require 'puppet/util/diff' require 'puppet/util/package' +require 'json' Puppet::Type.type(:augeas).provide(:augeas) do include Puppet::Util @@ -280,7 +281,7 @@ Puppet::Type.type(:augeas).provide(:augeas) do when '==' begin arg = clause_array.shift - new_array = eval arg + new_array = to_array(arg) return_value = (values == new_array) rescue fail(_('Invalid array in command: %{cmd}') % { cmd: cmd_array.join(' ') }) @@ -288,7 +289,7 @@ Puppet::Type.type(:augeas).provide(:augeas) do when '!=' begin arg = clause_array.shift - new_array = eval arg + new_array = to_array(arg) return_value = (values != new_array) rescue fail(_('Invalid array in command: %{cmd}') % { cmd: cmd_array.join(' ') }) @@ -336,7 +337,7 @@ Puppet::Type.type(:augeas).provide(:augeas) do when '==' begin arg = clause_array.shift - new_array = eval arg + new_array = to_array(arg) return_value = (result == new_array) rescue fail(_('Invalid array in command: %{cmd}') % { cmd: cmd_array.join(' ') }) @@ -344,7 +345,7 @@ Puppet::Type.type(:augeas).provide(:augeas) do when '!=' begin arg = clause_array.shift - new_array = eval arg + new_array = to_array(arg) return_value = (result != new_array) rescue fail(_('Invalid array in command: %{cmd}') % { cmd: cmd_array.join(' ') }) @@ -571,4 +572,9 @@ Puppet::Type.type(:augeas).provide(:augeas) do end end # rubocop:enable Style/GuardClause + + def to_array(string) + JSON.parse(string.tr("'", '"')) + end + private :to_array end |