[Pkg-puppet-devel] [SCM] Puppet packaging for Debian branch, master, updated. debian/0.24.7-1-98-gf19c0e5

Wed Apr 8 21:48:16 UTC 2009

The following commit has been merged in the master branch:
commit d758f45a14057f0b9517a1905d575d6b28b90bc2
Author: Luke Kanies <luke at madstop.com>
Date:   Tue Feb 17 12:26:58 2009 -0600

    Fixing #1871 once and for all - contents are never printed
    
    They were still being printed in noop mode.
    
    The fix was to use is_to_s and should_to_s methods,
    rather than 'change_to_s'.
    
    Signed-off-by: Luke Kanies <luke at madstop.com>

diff --git a/CHANGELOG b/CHANGELOG
index 187e36c..74219a0 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,4 +1,6 @@
 0.24.8
+    Fixed #1871 - Sensitive information leaked in log reports
+
     Fixed #1956 - Cleaned up variable names to be more sane, clarified error messages 
     and fixed incorrect use of 'value' variable rather than 'member'.
     
diff --git a/lib/puppet/type/file/content.rb b/lib/puppet/type/file/content.rb
index 1eb1423..00a5984 100755
--- a/lib/puppet/type/file/content.rb
+++ b/lib/puppet/type/file/content.rb
@@ -22,14 +22,17 @@ module Puppet
             This attribute is especially useful when used with
             `PuppetTemplating templating`:trac:."
 
-        def change_to_s(currentvalue, newvalue)
-            newvalue = "{md5}" + Digest::MD5.hexdigest(newvalue)
-            if currentvalue == :absent
-                return "created file with contents %s" % newvalue
-            else
-                currentvalue = "{md5}" + Digest::MD5.hexdigest(currentvalue)
-                return "changed file contents from %s to %s" % [currentvalue, newvalue]
-            end
+        def string_as_checksum(string)
+            return "absent" if string == :absent
+            "{md5}" + Digest::MD5.hexdigest(string)
+        end
+
+        def should_to_s(should)
+            string_as_checksum(should)
+        end
+
+        def is_to_s(is)
+            string_as_checksum(is)
         end
 
         # Override this method to provide diffs if asked for.
diff --git a/spec/unit/type/file/content.rb b/spec/unit/type/file/content.rb
new file mode 100755
index 0000000..8bcac8a
--- /dev/null
+++ b/spec/unit/type/file/content.rb
@@ -0,0 +1,30 @@
+#!/usr/bin/env ruby
+
+Dir.chdir(File.dirname(__FILE__)) { (s = lambda { |f| File.exist?(f) ? require(f) : Dir.chdir("..") { s.call(f) } }).call("spec/spec_helper.rb") }
+
+property = Puppet::Type.type(:file).attrclass(:content)
+
+describe property do
+    before do
+        @resource = stub 'resource', :line => "foo", :file => "bar", :replace? => true
+        @resource.stubs(:[]).returns "foo"
+        @resource.stubs(:[]).with(:path).returns "/my/file"
+        @content = property.new :resource => @resource
+    end
+
+    it "should not include current contents when producing a change log" do
+        @content.change_to_s("current_content", "desired").should_not be_include("current_content")
+    end
+
+    it "should not include desired contents when producing a change log" do
+        @content.change_to_s("current", "desired_content").should_not be_include("desired_content")
+    end
+
+    it "should not include the content when converting current content to a string" do
+        @content.is_to_s("my_content").should_not be_include("my_content")
+    end
+
+    it "should not include the content when converting desired content to a string" do
+        @content.should_to_s("my_content").should_not be_include("my_content")
+    end
+end

-- 
Puppet packaging for Debian

