From ec9e5b24dfd589946b93b8c583bbf6be203c6832 Mon Sep 17 00:00:00 2001
From: Xavier Chotard <xchotard@talentsoft.com>
Date: Thu, 11 Aug 2022 11:13:00 +0200
Subject: [PATCH] protect update_pgpass command

---
 manifests/database/postgresql.pp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/manifests/database/postgresql.pp b/manifests/database/postgresql.pp
index 15fb822a3..c3ccd56ee 100644
--- a/manifests/database/postgresql.pp
+++ b/manifests/database/postgresql.pp
@@ -65,9 +65,9 @@
   }
 
   exec { 'update_pgpass':
-    command => "echo ${database_host}:5432:${database_name}:${database_user}:${database_password} >> /root/.pgpass",
+    command => "echo ${database_host}:5432:${database_name}:${database_user}:${shell_escape($database_password)} >> /root/.pgpass",
     path    => "/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:${database_path}",
-    unless  => "grep \"${database_host}:5432:${database_name}:${database_user}:${database_password}\" /root/.pgpass",
+    unless  => "grep ${database_host}:5432:${database_name}:${database_user}:${shell_escape($database_password)} /root/.pgpass",
     require => File['/root/.pgpass'],
   }