Puppet Function: sudo::safe_wildcard_cmd

Defined in:
modules/sudo/functions/safe_wildcard_cmd.pp
Function type:
Puppet Language

Summary

this function takes a command and a path containing a wildcard and returns a sudo command spec with additional negations to avoid path traversal

Overview

sudo::safe_wildcard_cmd(Stdlib::Unixpath $cmd, Stdlib::Unixpath $wildpath)Any

SPDX-License-Identifier: Apache-2.0

Parameters:

  • $cmd

    the sudo command to run

  • $wildpath

    a unixpath containing a wildcard to expand

  • cmd (Stdlib::Unixpath)
  • wildpath (Stdlib::Unixpath)

Returns:

  • (Any)

    an sudo safe command spec of the form “$cmd $wildpath, !$cmd $wildpath *, !$cmd $wildpath..*



8
9
10
11
12
13
14
15
16
 
# File 'modules/sudo/functions/safe_wildcard_cmd.pp', line 8

function sudo::safe_wildcard_cmd(Stdlib::Unixpath $cmd, Stdlib::Unixpath $wildpath) {
    if $wildpath !~ /\*$/ {
        "${cmd} ${wildpath}"
    } else {
        [' *', '..*'].reduce("${cmd} ${wildpath}") |$memo, $value| {
            "${memo}, !${cmd} ${wildpath}${value}"
        }
    }
}