You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Affected Puppet, Ruby, OS and module versions/distributions
Puppet: 6.27.1-1focal
Ruby: 2.5.9p229
Distribution: Ubuntu 20.04
Module version: master (currently v9.2.0)
How to reproduce (e.g Puppet code you use)
Use Postgresql and set a custom password with special characters such as &.
class { 'apache':
mpm_module => 'prefork',
}
class { 'apache::mod::php': }
class { 'postgresql::server': }
class { 'zabbix':
zabbix_url => 'zabbix.example.com',
database_password => 'secret&password',
}
What are you seeing
Error: sh: 1: password: not found
localhost:5432:zabbix_server:zabbix_server:secret
Error: /Stage[main]/Zabbix::Database::Postgresql/Exec[update_pgpass]/returns: change from 'notrun' to ['0'] failed: sh: 1: password: not found
localhost:5432:zabbix_server:zabbix_server:secret
Affected Puppet, Ruby, OS and module versions/distributions
How to reproduce (e.g Puppet code you use)
Use Postgresql and set a custom password with special characters such as
&.What are you seeing
What behaviour did you expect instead
Output log
Any additional information you'd like to impart
The
Exec[update_pgpass]is defined here: https://github.com/voxpupuli/puppet-zabbix/blob/master/manifests/database/postgresql.pp#L67command => "echo ${database_host}:5432:${database_name}:${database_user}:${database_password} >> /root/.pgpass",As we can see, the echoed string is not protected/escaped, resulting in some characters breaking the command.
Workaround:
command => "echo \"${database_host}:5432:${database_name}:${database_user}:${database_password}\" >> /root/.pgpass",It is interesting to note that the
unless =>argument was already protected/escaped.The text was updated successfully, but these errors were encountered: