Revision 216728d0
Added by Sam Kottler over 11 years ago
- ID 216728d09495fe5a2940760df702910642853bca
lib/proxy/puppet.rb | ||
---|---|---|
|
||
|
||
class << self
|
||
require 'open3'
|
||
def run *hosts
|
||
# Search in /opt/ for puppet enterprise users
|
||
default_path = ["/usr/sbin", "/usr/bin", "/opt/puppet/bin"]
|
||
... | ... | |
logger.warn "sudo or puppetrun binary was not found - aborting"
|
||
return false
|
||
end
|
||
# Append kick to the puppet command if we are not using the old puppetca command
|
||
puppetrun << " kick" unless puppetrun.include?('puppetrun')
|
||
|
||
command = %x[#{sudo} #{puppetrun} --host #{hosts.join(" --host ")}]
|
||
unless command =~ /finished with exit code 0/
|
||
logger.warn command
|
||
return false
|
||
puppet_cmd = [puppetrun]
|
||
puppet_cmd += ["kick"] unless puppetrun.include?('puppetrun')
|
||
|
||
# Add a --host argument for each client where a run was requested.
|
||
hosts.map { |h| puppet_cmd += ["--host", escape_for_shell(h)] }
|
||
|
||
# Returns a boolean with whether or not the command executed successfully.
|
||
Open3.popen3(*puppet_cmd) do |stdin, stdout, stderr|
|
||
stdrout = stdout.read
|
||
if stdrout =~ /finished with exit code 0/
|
||
return true
|
||
else
|
||
logger.warn "The attempted puppetrun failed: \n#{stderr.read}\n#{stdrout}"
|
||
return false
|
||
end
|
||
end
|
||
return true
|
||
end
|
||
end
|
||
end
|
lib/proxy/util.rb | ||
---|---|---|
require 'open3'
|
||
require 'shellwords'
|
||
|
||
module Proxy::Util
|
||
|
||
... | ... | |
logger.warn e
|
||
return false
|
||
end
|
||
|
||
def self.escape_for_shell(command)
|
||
# This is a backport for using the core Shellwords#escape that's in 1.9.2
|
||
# when using 1.8.7.
|
||
if RUBY_VERSION < '1.9.2'
|
||
return command.shellescape if command.respond_to? :shellescape
|
||
|
||
# An empty argument will be skipped, so return empty quotes.
|
||
return "''" if command.empty?
|
||
command = command.dup
|
||
|
||
# Process as a single byte sequence because not all shell
|
||
# implementations are multibyte aware.
|
||
command.gsub!(/([^A-Za-z0-9_\-.,:\/@\n])/n, "\\\\\\1")
|
||
command.gsub!(/\n/, "'\n'")
|
||
|
||
return command
|
||
else
|
||
Shellwords.escape(command)
|
||
end
|
||
end
|
||
end
|
test/util_test.rb | ||
---|---|---|
assert Proxy::Util.instance_methods.include? RUBY_VERSION >= '1.9.3' ? :which : "which"
|
||
end
|
||
|
||
def test_util_shell_escape
|
||
assert Proxy::Util.methods.include? RUBY_VERSION >= '1.9.3' ? :escape_for_shell : "escape_for_shell"
|
||
assert_equal Proxy::Util.escape_for_shell("; rm -rf"), '\;\ rm\ -rf'
|
||
assert_equal Proxy::Util.escape_for_shell("vm.test.com,physical.test.com"), "vm.test.com,physical.test.com"
|
||
assert_equal Proxy::Util.escape_for_shell("vm.test.com physical.test.com"), 'vm.test.com\ physical.test.com'
|
||
end
|
||
|
||
def test_commandtask_with_echo_exec
|
||
t = Proxy::Util::CommandTask.new('echo test')
|
||
# ruby 1.9 seems to return nil for $? in open3
|
Also available in: Unified diff
Fixed CVE-2013-0210 and added test for new escape method