Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Input validation does not raise SaltInvocationError in win_dsc.py #47443
Description of Issue/Question
Browsing the tool LGTM, I saw several errors that are initialized but not raised for input validation in win_dsc.py: https://lgtm.com/projects/g/saltstack/salt/snapshot/cea932162130f65040b889fc4e2f0f3bae98c27d/files/salt/modules/win_dsc.py?sort=name&dir=ASC&mode=heatmap&showExcluded=false#L722
The impact of this is that the powershell command that this code generates could be malformed or have invalid values.
I considered potential security ramifications, but I think there are not any because this would just allow powershell cmd injection on servers where you can already run modules with salt. Please let me know if I have overlooked any security concerns around this.