Issue #5481 has been reported by Garrett Honeycutt.
----------------------------------------
Refactor #5481: generate is too safe
https://projects.puppetlabs.com/issues/5481
Author: Garrett Honeycutt
Status: Needs design decision
Priority: Normal
Assignee: Nigel Kersten
Category:
Target version:
Affected Puppet version:
Branch:
The generate[1] function is too safe. We should encourage people to do safe
things and perhaps log warnings when they do not, but we should not keep people
from running commands that _we_ deem to be unsafe.
example code and output
<pre>
$output = generate("/usr/bin/uptime")
notify { "output is $output": }
</pre>
<pre>
# puppet apply rvalue.pp -v
info: Applying configuration version '1291844128'
notice: output is 16:35:28 up 14:35, 3 users, load average: 0.02, 0.01, 0.00
notice: /Stage[main]//Notify[output is 16:35:28 up 14:35, 3 users, load
average: 0.02, 0.01, 0.00
]/message: defined 'message' as 'output is 16:35:28 up 14:35, 3 users, load
average: 0.02, 0.01, 0.00
'
</pre>
I would expect this to work and would like to see it throw a warning, such as
"It is recommended for security purposes that generators only contain
alphanumerics, file separators, and dashes"
<pre>
$output = generate("/usr/bin/uptime | /usr/bin/awk '{print $3}' | cut -d, -f1")
notify { "output is $output": }
</pre>
<pre>
# puppet apply rvalue.pp -v
Generators can only contain alphanumerics, file separators, and dashes at
/etc/puppet/manifests/rvalue.pp:2 on node puppet.puppetlabs.lan
</pre>
[1] - http://docs.puppetlabs.com/references/stable/function.html#generate
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
