aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2018-09-18(maint) Consolidate translated stringsMelissa Stone
2018-07-16(maint) Move array parser logic into a util moduleJacob Helwig
2018-07-12(MODULE-7443) Safely deserialize stringified arrayJacob Helwig
This ports PUP-8974, and the related follow-up maintenance commits from the Puppet repo. The augeas provider used Kernel#eval to convert stringified arrays to Ruby arrays. For example, it extracted the array part of the "clause" below: onlyif => 'values HostKey == ["/etc/ssh/ssh_host_rsa_key"]' and called Kernel#eval with '["/etc/ssh/ssh_host_rsa_key"]'. Using eval is bad because it executes arbitrary code. This commit changes the provider to convert the comma delimited string to a Ruby array. This mostly maintains the functionality of the original Kernel#eval (minus running arbitrary code) except for no longer handling the \M-x, \M-\C-x, \M-\cx, \c\M-x, \c?, and \C-? escape sequences in double-quoted strings, and \u{nnnn ...} is more lenient about whitespace.
2018-06-28Don't eval stringsJosh Cooper
Previously we were using eval to convert stringified arrays from the manifest into a ruby array. Use JSON instead, and ensure values are double quoted as required by JSON.
2018-06-28Use loop with breakJosh Cooper
See https://github.com/rubocop-hq/ruby-style-guide/commit/df933c0f9b3a805c00e5ef81889992b1aec787a7
2018-06-27Use guard clause and avoid assignment in conditionalJosh Cooper
2018-06-27Automatic update of rubocop violationsJosh Cooper
Add exclusions for: Layout/IndentHeredoc, Metrics/BlockNesting: Metrics/LineLength: Style/AccessorMethodName: Style/DoubleNegation: Style/MultipleComparison: Style/NumericPredicate: Style/PredicateName: Style/SignalException: Style/VariableName: SignalException is disabled because Puppet::Type#fail overrides Kernel#fail, and we really do want fail and not raise.
2018-06-27Initial augeas import from puppet#2b83deb189Josh Cooper