Merge pull request #45 from joshcooper/CVE-2017-2295-4.10.x

(PUP-7483) Reject all fact formats except PSON
puppetlabs · Apr 28, 2017 · 8342e1e · 8342e1e
2 parents 18a7feb + 06d8c51
commit 8342e1e
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 6 deletions.
diff --git a/lib/puppet/indirector/catalog/compiler.rb b/lib/puppet/indirector/catalog/compiler.rb
@@ -25,9 +25,11 @@ def extract_facts_from_request(request)
       # in Network::HTTP::Handler will automagically deserialize the value.
       if text_facts.is_a?(Puppet::Node::Facts)
         facts = text_facts
-      else
+      elsif format == 'pson'
         # We unescape here because the corresponding code in Puppet::Configurer::FactHandler escapes
-        facts = Puppet::Node::Facts.convert_from(format, CGI.unescape(text_facts))
+        facts = Puppet::Node::Facts.convert_from('pson', CGI.unescape(text_facts))
+      else
+        raise ArgumentError, "Unsupported facts format"
       end
 
       unless facts.name == request.key

diff --git a/spec/unit/indirector/catalog/compiler_spec.rb b/spec/unit/indirector/catalog/compiler_spec.rb
@@ -255,10 +255,10 @@
       @facts = Puppet::Node::Facts.new('hostname', "fact" => "value", "architecture" => "i386")
     end
 
-    def a_request_that_contains(facts)
+    def a_request_that_contains(facts, format = :pson)
       request = Puppet::Indirector::Request.new(:catalog, :find, "hostname", nil)
-      request.options[:facts_format] = "pson"
-      request.options[:facts] = CGI.escape(facts.render(:pson))
+      request.options[:facts_format] = format.to_s
+      request.options[:facts] = CGI.escape(facts.render(format))
       request
     end
 
@@ -277,7 +277,7 @@ def a_request_that_contains(facts)
       expect(facts.timestamp).to eq(time)
     end
 
-    it "should convert the facts into a fact instance and save it" do
+    it "accepts PSON facts" do
       request = a_request_that_contains(@facts)
 
       options = {
@@ -289,6 +289,34 @@ def a_request_that_contains(facts)
 
       @compiler.extract_facts_from_request(request)
     end
+
+    it "rejects YAML facts" do
+      request = a_request_that_contains(@facts, :yaml)
+
+      options = {
+        :environment => request.environment,
+        :transaction_uuid => request.options[:transaction_uuid],
+      }
+
+      expect {
+        @compiler.extract_facts_from_request(request)
+      }.to raise_error(ArgumentError, /Unsupported facts format/)
+    end
+
+    it "rejects unknown fact formats" do
+      request = a_request_that_contains(@facts)
+      request.options[:facts_format] = 'unknown-format'
+
+      options = {
+        :environment => request.environment,
+        :transaction_uuid => request.options[:transaction_uuid],
+      }
+
+      expect {
+        @compiler.extract_facts_from_request(request)
+      }.to raise_error(ArgumentError, /Unsupported facts format/)
+    end
+
   end
 
   describe "when finding nodes" do