From 542c43eda5cbeecad814ad06fce2b006a2b5364e Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 17 Sep 2015 17:06:58 -0700 Subject: [PATCH] Improved user validation and munging We want to make sure we are validating the entire user parameter (and validating it consistently between mysql_user and mysql_grant). Additionally, for munging we do not want to do anything that could truncate the username. --- lib/puppet/type/mysql_grant.rb | 9 +++++++-- lib/puppet/type/mysql_user.rb | 6 +++--- spec/unit/puppet/type/mysql_user_spec.rb | 10 ++++++++++ 3 files changed, 20 insertions(+), 5 deletions(-) diff --git a/lib/puppet/type/mysql_grant.rb b/lib/puppet/type/mysql_grant.rb index e64e5d813..999100a0c 100644 --- a/lib/puppet/type/mysql_grant.rb +++ b/lib/puppet/type/mysql_grant.rb @@ -65,10 +65,10 @@ def initialize(*args) # If at least one special char is used, string must be quoted # http://stackoverflow.com/questions/8055727/negating-a-backreference-in-regular-expressions/8057827#8057827 - if matches = /^(['`"])((?!\1).)*\1@([\w%\.:\-]+)/.match(value) + if matches = /^(['`"])((?!\1).)*\1@([\w%\.:\-\/]+)$/.match(value) user_part = matches[2] host_part = matches[3] - elsif matches = /^([0-9a-zA-Z$_]*)@([\w%\.:\-]+)/.match(value) + elsif matches = /^([0-9a-zA-Z$_]*)@([\w%\.:\-\/]+)$/.match(value) user_part = matches[1] host_part = matches[2] elsif matches = /^((?!['`"]).*[^0-9a-zA-Z$_].*)@(.+)$/.match(value) @@ -87,6 +87,11 @@ def initialize(*args) end end end + + munge do |value| + matches = /^((['`"]?).*\2)@(.+)$/.match(value) + "#{matches[1]}@#{matches[3].downcase}" + end end newproperty(:options, :array_matching => :all) do diff --git a/lib/puppet/type/mysql_user.rb b/lib/puppet/type/mysql_user.rb index 7f2f56e4e..94f36858b 100644 --- a/lib/puppet/type/mysql_user.rb +++ b/lib/puppet/type/mysql_user.rb @@ -14,10 +14,10 @@ # If at least one special char is used, string must be quoted # http://stackoverflow.com/questions/8055727/negating-a-backreference-in-regular-expressions/8057827#8057827 - if matches = /^(['`"])((?:(?!\1).)*)\1@([\w%\.:\-]+)/.match(value) + if matches = /^(['`"])((?:(?!\1).)*)\1@([\w%\.:\-\/]+)$/.match(value) user_part = matches[2] host_part = matches[3] - elsif matches = /^([0-9a-zA-Z$_]*)@([\w%\.:\-]+)/.match(value) + elsif matches = /^([0-9a-zA-Z$_]*)@([\w%\.:\-\/]+)$/.match(value) user_part = matches[1] host_part = matches[2] elsif matches = /^((?!['`"]).*[^0-9a-zA-Z$_].*)@(.+)$/.match(value) @@ -38,7 +38,7 @@ end munge do |value| - matches = /^((['`"]?).*\2)@([\w%\.:\-]+)/.match(value) + matches = /^((['`"]?).*\2)@(.+)$/.match(value) "#{matches[1]}@#{matches[3].downcase}" end end diff --git a/spec/unit/puppet/type/mysql_user_spec.rb b/spec/unit/puppet/type/mysql_user_spec.rb index 49bd13f9c..24530d8a3 100644 --- a/spec/unit/puppet/type/mysql_user_spec.rb +++ b/spec/unit/puppet/type/mysql_user_spec.rb @@ -51,6 +51,16 @@ end end + context 'using foo@192.168.1.0/255.255.255.0' do + before :each do + @user = Puppet::Type.type(:mysql_user).new(:name => 'foo@192.168.1.0/255.255.255.0', :password_hash => 'pass') + end + + it 'should create the user with the netmask' do + expect(@user[:name]).to eq('foo@192.168.1.0/255.255.255.0') + end + end + context 'using allo_wed$char@localhost' do before :each do @user = Puppet::Type.type(:mysql_user).new(:name => 'allo_wed$char@localhost', :password_hash => 'pass')