Skip to content

Commit

Permalink
Improved user validation and munging
Browse files Browse the repository at this point in the history
We want to make sure we are validating the entire user parameter (and
validating it consistently between mysql_user and mysql_grant).
Additionally, for munging we do not want to do anything that could
truncate the username.
  • Loading branch information
Morgan Haskel committed Sep 18, 2015
1 parent 1d82477 commit 542c43e
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 5 deletions.
9 changes: 7 additions & 2 deletions lib/puppet/type/mysql_grant.rb
Original file line number Diff line number Diff line change
Expand Up @@ -65,10 +65,10 @@ def initialize(*args)
# If at least one special char is used, string must be quoted

# http://stackoverflow.com/questions/8055727/negating-a-backreference-in-regular-expressions/8057827#8057827
if matches = /^(['`"])((?!\1).)*\1@([\w%\.:\-]+)/.match(value)
if matches = /^(['`"])((?!\1).)*\1@([\w%\.:\-\/]+)$/.match(value)
user_part = matches[2]
host_part = matches[3]
elsif matches = /^([0-9a-zA-Z$_]*)@([\w%\.:\-]+)/.match(value)
elsif matches = /^([0-9a-zA-Z$_]*)@([\w%\.:\-\/]+)$/.match(value)
user_part = matches[1]
host_part = matches[2]
elsif matches = /^((?!['`"]).*[^0-9a-zA-Z$_].*)@(.+)$/.match(value)
Expand All @@ -87,6 +87,11 @@ def initialize(*args)
end
end
end

munge do |value|
matches = /^((['`"]?).*\2)@(.+)$/.match(value)
"#{matches[1]}@#{matches[3].downcase}"
end
end

newproperty(:options, :array_matching => :all) do
Expand Down
6 changes: 3 additions & 3 deletions lib/puppet/type/mysql_user.rb
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,10 @@
# If at least one special char is used, string must be quoted

# http://stackoverflow.com/questions/8055727/negating-a-backreference-in-regular-expressions/8057827#8057827
if matches = /^(['`"])((?:(?!\1).)*)\1@([\w%\.:\-]+)/.match(value)
if matches = /^(['`"])((?:(?!\1).)*)\1@([\w%\.:\-\/]+)$/.match(value)
user_part = matches[2]
host_part = matches[3]
elsif matches = /^([0-9a-zA-Z$_]*)@([\w%\.:\-]+)/.match(value)
elsif matches = /^([0-9a-zA-Z$_]*)@([\w%\.:\-\/]+)$/.match(value)
user_part = matches[1]
host_part = matches[2]
elsif matches = /^((?!['`"]).*[^0-9a-zA-Z$_].*)@(.+)$/.match(value)
Expand All @@ -38,7 +38,7 @@
end

munge do |value|
matches = /^((['`"]?).*\2)@([\w%\.:\-]+)/.match(value)
matches = /^((['`"]?).*\2)@(.+)$/.match(value)
"#{matches[1]}@#{matches[3].downcase}"
end
end
Expand Down
10 changes: 10 additions & 0 deletions spec/unit/puppet/type/mysql_user_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,16 @@
end
end

context 'using [email protected]/255.255.255.0' do
before :each do
@user = Puppet::Type.type(:mysql_user).new(:name => '[email protected]/255.255.255.0', :password_hash => 'pass')
end

it 'should create the user with the netmask' do
expect(@user[:name]).to eq('[email protected]/255.255.255.0')
end
end

context 'using allo_wed$char@localhost' do
before :each do
@user = Puppet::Type.type(:mysql_user).new(:name => 'allo_wed$char@localhost', :password_hash => 'pass')
Expand Down

0 comments on commit 542c43e

Please sign in to comment.