Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix detection of insecure interpolations in unless parameter #47

Merged
merged 4 commits into from
Apr 26, 2024

Conversation

smortex
Copy link
Contributor

@smortex smortex commented Dec 12, 2023

When using the unless parameter of an exec resource with unsafe string interpolation, the linter should warn about the issue.

It happen that it currently doesn't because unless is also a keyword.

Adjust the linter to cope with this.

Also include:

The rspec-collection_matchers documentation advise to require
rspec-collection_matchers form `spec_helper.rb`.

This fix:

```
Failure/Error: expect(problems).to have(1).problems

NoMethodError:
  undefined method `have' for #<RSpec::ExampleGroups::CheckUnsafeInterpolations::WithFixDisabled::ExecWithUnsafeInterpolationInCommand "detects an unsafe exec command argument" (./spec/puppet-lint/plugins/check_unsafe_interpolations_spec.rb:20)>
```
@smortex smortex requested a review from a team as a code owner December 12, 2023 00:42
smortex added 3 commits April 8, 2024 12:35
We produce 2 errors in this example.  We don't want to check that the
first one is present twice: we want to check that each warning is
present once.
These commands are supposed to be supported, but they are not tested, so
add tests to demonstrate that they work as intended.
When using the `unless` parameter of an `exec` resource with unsafe
string interpolation, the linter should warn about the issue.

It happen that it currently doesn't because unless is also a keyword.

Adjust the linter to cope with this.
@david22swan david22swan merged commit 7b7b42d into puppetlabs:main Apr 26, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants