Issue #5481 has been updated by Nigel Kersten. Status changed from Needs design decision to Investigating
---------------------------------------- Refactor #5481: generate is too safe https://projects.puppetlabs.com/issues/5481 Author: Garrett Honeycutt Status: Investigating Priority: Normal Assignee: Nigel Kersten Category: Target version: Affected Puppet version: Branch: The generate[1] function is too safe. We should encourage people to do safe things and perhaps log warnings when they do not, but we should not keep people from running commands that _we_ deem to be unsafe. example code and output <pre> $output = generate("/usr/bin/uptime") notify { "output is $output": } </pre> <pre> # puppet apply rvalue.pp -v info: Applying configuration version '1291844128' notice: output is 16:35:28 up 14:35, 3 users, load average: 0.02, 0.01, 0.00 notice: /Stage[main]//Notify[output is 16:35:28 up 14:35, 3 users, load average: 0.02, 0.01, 0.00 ]/message: defined 'message' as 'output is 16:35:28 up 14:35, 3 users, load average: 0.02, 0.01, 0.00 ' </pre> I would expect this to work and would like to see it throw a warning, such as "It is recommended for security purposes that generators only contain alphanumerics, file separators, and dashes" <pre> $output = generate("/usr/bin/uptime | /usr/bin/awk '{print $3}' | cut -d, -f1") notify { "output is $output": } </pre> <pre> # puppet apply rvalue.pp -v Generators can only contain alphanumerics, file separators, and dashes at /etc/puppet/manifests/rvalue.pp:2 on node puppet.puppetlabs.lan </pre> [1] - http://docs.puppetlabs.com/references/stable/function.html#generate -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
