From 16cfbdce2ab9d05de12beadc5a89e3e09b3fa213 Mon Sep 17 00:00:00 2001 From: Doug Knight Date: Wed, 22 Apr 2015 16:31:50 -0800 Subject: [PATCH] (MODULES-1967) Parse escape sequences from iptables --- lib/puppet/provider/firewall/iptables.rb | 12 ++++++++++-- spec/fixtures/iptables/conversion_hash.rb | 7 +++++++ 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb index 089689cdf..b6ec22dc5 100644 --- a/lib/puppet/provider/firewall/iptables.rb +++ b/lib/puppet/provider/firewall/iptables.rb @@ -364,8 +364,16 @@ def self.rule_to_hash(line, table, counter) values.slice!('-A') keys << :chain - # Here we generate the main hash - keys.zip(values.scan(/"[^"]*"|\S+/).reverse) { |f, v| hash[f] = v.gsub(/"/, '') } + # Here we generate the main hash by scanning arguments off the values + # string, handling any quoted characters present in the value, and then + # zipping the values with the array of keys. + keys.zip(values.scan(/("([^"\\]|\\.)*"|\S+)/).transpose[0].reverse) do |f, v| + if v =~ /^".*"$/ then + hash[f] = v.sub(/^"(.*)"$/, '\1').gsub(/\\(\\|'|")/, '\1') + else + hash[f] = v.dup + end + end ##################### # POST PARSE CLUDGING diff --git a/spec/fixtures/iptables/conversion_hash.rb b/spec/fixtures/iptables/conversion_hash.rb index e33a2e13c..b555eea8a 100644 --- a/spec/fixtures/iptables/conversion_hash.rb +++ b/spec/fixtures/iptables/conversion_hash.rb @@ -231,6 +231,13 @@ :source => '192.168.0.1/32', }, }, + 'string_escape_sequences' => { + :line => '-A INPUT -m comment --comment "000 parse escaped \\"s, \\\'s, and \\\\s"', + :table => 'filter', + :params => { + :name => '000 parse escaped "s, \'s, and \\s', + }, + }, 'log_level_debug' => { :line => '-A INPUT -m comment --comment "956 INPUT log-level" -m state --state NEW -j LOG --log-level 7', :table => 'filter',