Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(PUP-11326) Make regsubst() sensitive-aware #8799

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

(PUP-11326) Make regsubst() sensitive-aware #8799

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 16 additions & 3 deletions lib/puppet/functions/regsubst.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@
# $i3 = regsubst($ipaddress,'^(\\d+)\\.(\\d+)\\.(\\d+)\\.(\\d+)$','\\3')
# ```
dispatch :regsubst_string do
param 'Variant[Array[String],String]', :target
param 'Variant[Array[Variant[String,Sensitive[String]]],Variant[String,Sensitive[String]]]', :target
Copy link
Contributor

@ciprianbadescu ciprianbadescu Jan 4, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change allows you also to call the function with an array of mixed strings and sensitive data.
I think that the change from inner_regsubst implements only Variant[Array[String],Sensitive[String],String], which I think could be enough, if it matches your use case.

Copy link
Contributor Author

@cocker-cc cocker-cc Jan 17, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are right, this does not fit together. I refined the Function and amended the Commit. Also I added some basic Tests.

param 'String', :pattern
param 'Variant[String,Hash[String,String]]', :replacement
optional_param 'Optional[Pattern[/^[GEIM]*$/]]', :flags
Expand Down Expand Up @@ -69,7 +69,7 @@
# $x = regsubst($ipaddress, /([0-9]+)/, '<\\1>', 'G')
# ```
dispatch :regsubst_regexp do
param 'Variant[Array[String],String]', :target
param 'Variant[Array[Variant[String,Sensitive[String]]],Variant[String,Sensitive[String]]]', :target
param 'Variant[Regexp,Type[Regexp]]', :pattern
param 'Variant[String,Hash[String,String]]', :replacement
optional_param 'Pattern[/^G?$/]', :flags
Expand Down Expand Up @@ -97,7 +97,20 @@ def regsubst_regexp(target, pattern, replacement, flags = nil)
end

def inner_regsubst(target, re, replacement, op)
target.respond_to?(op) ? target.send(op, re, replacement) : target.collect { |e| e.send(op, re, replacement) }
if target.is_a?(Array)
# this is an Array
target.map do |item|
inner_regsubst(item, re, replacement, op)
end
elsif target.respond_to?(:unwrap)
# this is a Sensitive
target = target.unwrap
target = target.respond_to?(op) ? target.send(op, re, replacement) : target.map { |e| e.send(op, re, replacement) }
Puppet::Pops::Types::PSensitiveType::Sensitive.new(target)
else
# this should be a String
target.respond_to?(op) ? target.send(op, re, replacement) : target.collect { |e| e.send(op, re, replacement) }
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
target.respond_to?(op) ? target.send(op, re, replacement) : target.collect { |e| e.send(op, re, replacement) }
target.respond_to?(op) ? target.send(op, re, replacement) : target.map { |e| e.send(op, re, replacement) }

end
end
private :inner_regsubst
end
15 changes: 15 additions & 0 deletions spec/unit/functions/regsubst_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,4 +111,19 @@ def regsubst(*args)
end

end

context 'when using a Target of Type sensitive String' do
it 'should process it' do
expect(regsubst(Puppet::Pops::Types::PSensitiveType::Sensitive.new('very secret'), 'very', 'top')).to be_a(Puppet::Pops::Types::PSensitiveType::Sensitive)
end
end

context 'when using a Target of Type Array with mixed String and sensitive String' do
it 'should process it' do
my_array = ['very down', Puppet::Pops::Types::PSensitiveType::Sensitive.new('very secret')]
expect(regsubst(my_array, 'very', 'top')).to be_a(Array)
expect(regsubst(my_array, 'very', 'top')[0]).to eq('top down')
expect(regsubst(my_array, 'very', 'top')[1]).to be_a(Puppet::Pops::Types::PSensitiveType::Sensitive)
end
end
end