Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Harden service class #1486

Merged
merged 1 commit into from
Aug 22, 2022
Merged

Harden service class #1486

merged 1 commit into from
Aug 22, 2022

Conversation

chelnak
Copy link
Contributor

@chelnak chelnak commented Aug 19, 2022

Prior to this PR the variable mysqlsocket was passed to the exec resource in such a way that could allow unsafe executions on the remote host.

This commit fixes the above by properly parameterizing the arguments passed to the command and unless parameters of the exec resource.

The variable is also wrapped with a shell_escape for good measure.

@chelnak
Harden service class
cdaa839 
Prior to this commit the variable `mysqlsocket` was passed to the `exec` resource
in such a way that could allow unsafe executions on the remote host.

This commit fixes the above by properly parameterizing the arguments passed
to the `command` and `unless` parameters of the `exec` resource.

The variable is also wrapped with a `shell_escape` for good measure.
@chelnak chelnak added the bugfix label Aug 19, 2022
@chelnak chelnak requested review from binford2k and a team August 19, 2022 11:20
@chelnak chelnak requested a review from a team as a code owner August 19, 2022 11:20
@puppet-community-rangefinder
Copy link

mysql::server::service is a class

that may have no external impact to Forge modules.

This module is declared in 140 of 579 indexed public Puppetfiles.

These results were generated with Rangefinder, a tool that helps predict the downstream impact of breaking changes to elements used in Puppet modules. You can run this on the command line to get a full report.

Exact matches are those that we can positively identify via namespace and the declaring modules' metadata. Non-namespaced items, such as Puppet 3.x functions, will always be reported as near matches only.

@chelnak chelnak self-assigned this Aug 19, 2022
@chelnak chelnak merged commit 6f531ad into main Aug 22, 2022
@chelnak chelnak deleted the maint-harden_service_class branch August 22, 2022 08:17
@apoleon apoleon mentioned this pull request Oct 30, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@binford2k binford2k binford2k approved these changes

@LivingInSyn LivingInSyn LivingInSyn approved these changes

Assignees

@chelnak chelnak

Labels
bugfix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@chelnak @binford2k @LivingInSyn