coerce paths to be safer for docker::run

garethr · Jun 25, 2014 · 4d1454a · 4d1454a
1 parent 13dc200
commit 4d1454a
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 7 deletions.
diff --git a/manifests/run.pp b/manifests/run.pp
@@ -45,26 +45,28 @@
   $links_array = any2array($links)
   $lxc_conf_array = any2array($lxc_conf)
 
+  $sanitised_title = regsubst($title, '[^0-9A-Za-z.\-]', '-')
+
   $provider = $::operatingsystem ? {
     'Ubuntu' => 'upstart',
     default  => undef,
   }
 
   $notify = str2bool($restart_service) ? {
-    true    => Service["docker-${title}"],
+    true    => Service["docker-${sanitised_title}"],
     default => undef,
   }
 
   case $::osfamily {
     'Debian': {
-      $initscript = "/etc/init/docker-${title}.conf"
+      $initscript = "/etc/init/docker-${sanitised_title}.conf"
       $init_template = 'docker/etc/init/docker-run.conf.erb'
       $hasstatus  = true
       $hasrestart = false
       $mode = '0644'
     }
     'RedHat': {
-      $initscript = "/etc/init.d/docker-${title}"
+      $initscript = "/etc/init.d/docker-${sanitised_title}"
       $init_template = 'docker/etc/init.d/docker-run.erb'
       $hasstatus  = undef
       $hasrestart = undef
@@ -82,7 +84,7 @@
     notify  => $notify,
   }
 
-  service { "docker-${title}":
+  service { "docker-${sanitised_title}":
     ensure     => $running,
     enable     => true,
     hasstatus  => $hasstatus,
@@ -92,10 +94,10 @@
   }
 
   if str2bool($restart_service) {
-    File[$initscript] ~> Service["docker-${title}"]
+    File[$initscript] ~> Service["docker-${sanitised_title}"]
   }
   else {
-    File[$initscript] -> Service["docker-${title}"]
+    File[$initscript] -> Service["docker-${sanitised_title}"]
   }
 }
 
diff --git a/spec/defines/run_spec.rb b/spec/defines/run_spec.rb
@@ -105,7 +105,7 @@
       let(:params) { {'command' => 'command', 'image' => 'base', 'dns' => '8.8.8.8'} }
       it { should contain_file(initscript).with_content(/--dns 8.8.8.8/) }
     end
-    
+
     context 'when disabling network' do
       let(:params) { {'command' => 'command', 'image' => 'base', 'disable_network' => true} }
       it { should contain_file(initscript).with_content(/-n false/) }
@@ -133,6 +133,20 @@
       it { should contain_file(initscript).with_content(/--net host/) }
     end
 
+    context 'with an title that will not format into a path' do
+      let(:title) { 'this/that' }
+      let(:params) { {'image' => 'base'} }
+
+      if osfamily == 'Debian'
+        new_initscript = '/etc/init/docker-this-that.conf'
+      else
+        new_initscript = '/etc/init.d/docker-this-that'
+      end
+
+      it { should contain_service('docker-this-that') }
+      it { should contain_file(new_initscript) }
+    end
+
     context 'with an invalid title' do
       let(:title) { 'with spaces' }
       it do