puppet 2.7.20 → 2.7.21

data/spec/unit/network/formats_spec.rb

@@ -55,15 +55,15 @@ describe "Puppet Network Format" do
       @yaml.render_multiple(instances).should == "foo"
     end
 
-    it "should intern by calling 'YAML.load'" do
+    it "should safely load YAML when interning" do
       text = "foo"
-      YAML.expects(:load).with("foo").returns "bar"
+      YAML.expects(:safely_load).with("foo").returns "bar"
       @yaml.intern(String, text).should == "bar"
     end
 
-    it "should intern multiples by calling 'YAML.load'" do
+    it "should safely load YAML when interning multiples" do
       text = "foo"
-      YAML.expects(:load).with("foo").returns "bar"
+      YAML.expects(:safely_load).with("foo").returns "bar"
       @yaml.intern_multiple(String, text).should == "bar"
     end
   end
@@ -120,10 +120,10 @@ describe "Puppet Network Format" do
       @yaml.intern_multiple(String, text).should == "bar"
     end
 
-    it "should decode by base64 decoding, uncompressing and Yaml loading" do
+    it "should decode by base64 decoding, uncompressing and safely Yaml loading" do
       Base64.expects(:decode64).with("zorg").returns "foo"
       Zlib::Inflate.expects(:inflate).with("foo").returns "baz"
-      YAML.expects(:load).with("baz").returns "bar"
+      YAML.expects(:safely_load).with("baz").returns "bar"
       @yaml.decode("zorg").should == "bar"
     end
 

data/spec/unit/network/http/handler_spec.rb

@@ -125,6 +125,31 @@ describe Puppet::Network::HTTP::Handler do
       @handler.request_format(@request).should == "s"
     end
 
+    it "should deserialize YAML parameters" do
+      params = {'my_param' => [1,2,3].to_yaml}
+
+      decoded_params = @handler.send(:decode_params, params)
+
+      decoded_params.should == {:my_param => [1,2,3]}
+    end
+
+    it "should accept YAML parameters with !ruby/hash tags on Ruby 1.8", :if => RUBY_VERSION =~ /^1\.8/ do
+      params = {'my_param' => "--- !ruby/hash:Array {}"}
+
+      decoded_params = @handler.send(:decode_params, params)
+
+      decoded_params[:my_param].should be_an(Array)
+    end
+
+    # These are only dangerous with Psych, which is Ruby 1.9-only. Since
+    # there's no real way to change the yamler in Puppet, assume that 1.9 means
+    # Psych, especially in tests.
+    it "should fail if YAML parameters have !ruby/hash tags on Ruby 1.9", :unless => RUBY_VERSION =~ /^1\.8/ do
+      params = {'my_param' => "--- !ruby/hash:Array {}"}
+
+      expect { @handler.send(:decode_params, params) }.to raise_error(ArgumentError, /Illegal YAML mapping found/)
+    end
+
     describe "when finding a model instance" do
       before do
         @indirection.stubs(:find).returns @result

data/spec/unit/network/http/rack/rest_spec.rb

@@ -91,6 +91,23 @@ describe "Puppet::Network::HTTP::RackREST", :if => Puppet.features.rack? do
           @handler.set_response(@response, @file, 200)
         end
       end
+
+      it "should ensure the body has been read on success" do
+        req = mk_req('/production/report/foo', :method => 'PUT')
+        req.body.expects(:read).at_least_once
+
+        Puppet::Transaction::Report.stubs(:save)
+
+        @handler.process(req, @response)
+      end
+
+      it "should ensure the body has been partially read on failure" do
+        req = mk_req('/production/report/foo')
+        req.body.expects(:read).with(1)
+        req.stubs(:check_authorization).raises(Exception)
+
+        @handler.process(req, @response)
+      end
     end
 
     describe "and determining the request parameters" do

data/spec/unit/network/http/webrick_spec.rb

@@ -313,6 +313,10 @@ describe Puppet::Network::HTTP::WEBrick do
       @server.setup_ssl[:SSLEnable].should be_true
     end
 
+    it "should reject SSLv2" do
+      @server.setup_ssl[:SSLOptions].should == OpenSSL::SSL::OP_NO_SSLv2
+    end
+
     it "should configure the verification method as 'OpenSSL::SSL::VERIFY_PEER'" do
       @server.setup_ssl[:SSLVerifyClient].should == OpenSSL::SSL::VERIFY_PEER
     end

data/spec/unit/network/http_pool_spec.rb

@@ -79,7 +79,6 @@ describe Puppet::Network::HttpPool do
 
       it                { should be_use_ssl }
       its(:cert)        { should be_nil }
-      its(:cert_store)  { should be_nil }
       its(:ca_file)     { should be_nil }
       its(:key)         { should be_nil }
       its(:verify_mode) { should == OpenSSL::SSL::VERIFY_NONE }

data/spec/unit/network/rest_authconfig_spec.rb

@@ -85,6 +85,9 @@ describe Puppet::Network::RestAuthConfig do
   end
 
   it "should create default ACL entries if no file have been read" do
+    # The singleton instance is stored as an instance variable we don't have
+    # access to, so.. instance_variable_set. Alas.
+    Puppet::Network::RestAuthConfig.instance_variable_set(:@main, nil)
     Puppet::Network::RestAuthConfig.any_instance.stubs(:exists?).returns(false)
 
     Puppet::Network::RestAuthConfig.any_instance.expects(:insert_default_acl)
@@ -122,6 +125,18 @@ describe Puppet::Network::RestAuthConfig do
       @authconfig.insert_default_acl
     end
 
-  end
+    it '(CVE-2013-2275) allows report submission only for the node matching the certname by default' do
+      acl = {
+        :acl => "~ ^\/report\/([^\/]+)$",
+        :method => :save,
+        :allow => '$1',
+        :authenticated => true
+      }
+      @authconfig.rights.stubs(:[]).returns(true)
+      @authconfig.rights.stubs(:[]).with(acl[:acl]).returns(nil)
 
+      @authconfig.expects(:mk_acl).with(acl)
+      @authconfig.insert_default_acl
+    end
+  end
 end

data/spec/unit/parser/functions/inline_template_spec.rb

@@ -58,4 +58,17 @@ describe "the inline_template function", :'fails_on_ruby_1.9.2' => true do
     lambda { @scope.function_inline_template("1") }.should raise_error(Puppet::ParseError)
   end
 
+  it "is not interfered with by a variable called 'string' (#14093)" do
+    @scope.setvar("string", "this is a variable")
+    inline_template("this is a template").should == "this is a template"
+  end
+
+  it "has access to a variable called 'string' (#14093)" do
+    @scope.setvar('string', "this is a variable")
+    inline_template("string was: <%= @string %>").should == "string was: this is a variable"
+  end
+
+  def inline_template(*templates)
+    @scope.function_inline_template(templates)
+  end
 end

data/spec/unit/parser/functions/template_spec.rb

@@ -58,6 +58,16 @@ describe "the template function", :'fails_on_ruby_1.9.2' => true do
     @scope.function_template(["1","2"]).should == "result1result2"
   end
 
+  it "is not interfered with by having a variable named 'string' (#14093)" do
+    @scope.setvar('string', "this output should not be seen")
+    eval_template("some text that is static").should == "some text that is static"
+  end
+
+  it "has access to a variable named 'string' (#14093)" do
+    @scope.setvar('string', "the string value")
+    eval_template("string was: <%= @string %>").should == "string was: the string value"
+  end
+
   it "should raise an error if the template raises an error" do
     tw = stub_everything 'template_wrapper'
     Puppet::Parser::TemplateWrapper.stubs(:new).returns(tw)
@@ -66,4 +76,9 @@ describe "the template function", :'fails_on_ruby_1.9.2' => true do
     lambda { @scope.function_template("1") }.should raise_error(Puppet::ParseError)
   end
 
+  def eval_template(content)
+    File.stubs(:read).with("template").returns(content)
+    Puppet::Parser::Files.stubs(:find_template).returns("template")
+    @scope.function_template(['template'])
+  end
 end

data/spec/unit/parser/templatewrapper_spec.rb

@@ -30,16 +30,14 @@ describe Puppet::Parser::TemplateWrapper do
 
   it "should check template file existance and read its content" do
     Puppet::Parser::Files.expects(:find_template).with("fake_template", @scope.environment.to_s).returns("/tmp/fake_template")
-    File.expects(:read).with("/tmp/fake_template").returns("template content")
 
     @tw.file = @file
   end
 
   it "should mark the file for watching" do
-    Puppet::Parser::Files.expects(:find_template).returns("/tmp/fake_template")
-    File.stubs(:read)
+    full_file_name = given_a_template_file("fake_template", "content")
 
-    @known_resource_types.expects(:watch_file).with("/tmp/fake_template")
+    @known_resource_types.expects(:watch_file).with(full_file_name)
     @tw.file = @file
   end
 
@@ -66,6 +64,13 @@ describe Puppet::Parser::TemplateWrapper do
     @tw.result.should eql("woot!")
   end
 
+  it "provides access to the name of the template via #file" do
+    full_file_name = given_a_template_file("fake_template", "<%= file %>")
+
+    @tw.file = "fake_template"
+    @tw.result.should == full_file_name
+  end
+
   it "should return the processed template contents with a call to result and a string" do
     mock_template
     @tw.result("template contents").should eql("woot!")
@@ -139,4 +144,14 @@ describe Puppet::Parser::TemplateWrapper do
       @tw.instance_variable_get("@one_").should == "foo"
     end
   end
+
+  def given_a_template_file(name, contents)
+    full_name = "/full/path/to/#{name}"
+    Puppet::Parser::Files.stubs(:find_template).
+      with(name, anything()).
+      returns(full_name)
+    File.stubs(:read).with(full_name).returns(contents)
+
+    full_name
+  end
 end

data/spec/unit/ssl/certificate_request_spec.rb

@@ -254,6 +254,7 @@ describe Puppet::SSL::CertificateRequest do
 
         csr = Puppet::SSL::CertificateRequest.new("me")
         terminus = mock 'terminus'
+        terminus.stubs(:validate)
         Puppet::SSL::CertificateRequest.indirection.expects(:prepare).returns(terminus)
         terminus.expects(:save).with { |request| request.instance == csr && request.key == "me" }
 
@@ -267,6 +268,7 @@ describe Puppet::SSL::CertificateRequest do
 
         csr = Puppet::SSL::CertificateRequest.new("me")
         terminus = mock 'terminus'
+        terminus.stubs(:validate)
         Puppet::SSL::CertificateRequest.indirection.expects(:prepare).returns(terminus)
         terminus.expects(:save).with { |request| request.instance == csr && request.key == "me" }
 

data/spec/unit/ssl/host_spec.rb

@@ -495,6 +495,7 @@ describe Puppet::SSL::Host do
       @request.stubs(:generate)
       @request.stubs(:name).returns("myname")
       terminus = stub 'terminus'
+      terminus.stubs(:validate)
       Puppet::SSL::CertificateRequest.indirection.expects(:prepare).returns(terminus)
       terminus.expects(:save).with { |req| req.instance == @request && req.key == "myname" }.raises "eh"
 

data/spec/unit/util/monkey_patches_spec.rb

@@ -179,3 +179,15 @@ describe Range do
     end
   end
 end
+
+describe OpenSSL::SSL::SSLContext do
+  it 'disables SSLv2 via the SSLContext#options bitmask' do
+    (subject.options & OpenSSL::SSL::OP_NO_SSLv2).should == OpenSSL::SSL::OP_NO_SSLv2
+  end
+  it 'has no ciphers with version SSLv2 enabled' do
+    ciphers = subject.ciphers.select do |name, version, bits, alg_bits|
+      /SSLv2/.match(version)
+    end
+    ciphers.should be_empty
+  end
+end

data/test/language/snippets.rb

@@ -494,7 +494,7 @@ class TestSnippets < Test::Unit::TestCase
 
         catalog = nil
         assert_nothing_raised("Could not compile catalog") {
-          catalog = Puppet::Resource::Catalog.indirection.find(node)
+          catalog = Puppet::Resource::Catalog.indirection.find(node.name)
         }
 
         assert_nothing_raised("Could not convert catalog") {

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: puppet
 version: !ruby/object:Gem::Version
-  version: 2.7.20
+  version: 2.7.21
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-11-20 00:00:00.000000000 Z
+date: 2013-03-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: facter
@@ -217,6 +217,7 @@ files:
 - lib/puppet/indirector/couch.rb
 - lib/puppet/indirector/direct_file_server.rb
 - lib/puppet/indirector/envelope.rb
+- lib/puppet/indirector/errors.rb
 - lib/puppet/indirector/exec.rb
 - lib/puppet/indirector/face.rb
 - lib/puppet/indirector/facts/active_record.rb
@@ -277,6 +278,7 @@ files:
 - lib/puppet/indirector/resource/ral.rb
 - lib/puppet/indirector/resource/rest.rb
 - lib/puppet/indirector/resource/store_configs.rb
+- lib/puppet/indirector/resource/validator.rb
 - lib/puppet/indirector/resource_type/parser.rb
 - lib/puppet/indirector/resource_type/rest.rb
 - lib/puppet/indirector/resource_type.rb
@@ -997,16 +999,21 @@ files:
 - ext/packaging/README.md
 - ext/packaging/spec/spec_helper.rb
 - ext/packaging/spec/tasks/00_utils_spec.rb
+- ext/packaging/spec/tasks/build_object_spec.rb
 - ext/packaging/tasks/00_utils.rake
 - ext/packaging/tasks/10_setupvars.rake
 - ext/packaging/tasks/20_setupextravars.rake
+- ext/packaging/tasks/30_metrics.rake
 - ext/packaging/tasks/apple.rake
+- ext/packaging/tasks/build.rake
 - ext/packaging/tasks/clean.rake
 - ext/packaging/tasks/deb.rake
+- ext/packaging/tasks/deb_repos.rake
 - ext/packaging/tasks/doc.rake
 - ext/packaging/tasks/fetch.rake
 - ext/packaging/tasks/gem.rake
 - ext/packaging/tasks/ips.rake
+- ext/packaging/tasks/jenkins.rake
 - ext/packaging/tasks/mock.rake
 - ext/packaging/tasks/pe_deb.rake
 - ext/packaging/tasks/pe_remote.rake
@@ -1014,9 +1021,12 @@ files:
 - ext/packaging/tasks/pe_ship.rake
 - ext/packaging/tasks/pe_sign.rake
 - ext/packaging/tasks/pe_sles.rake
+- ext/packaging/tasks/pe_tar.rake
 - ext/packaging/tasks/release.rake
 - ext/packaging/tasks/remote_build.rake
+- ext/packaging/tasks/retrieve.rake
 - ext/packaging/tasks/rpm.rake
+- ext/packaging/tasks/rpm_repos.rake
 - ext/packaging/tasks/ship.rake
 - ext/packaging/tasks/sign.rake
 - ext/packaging/tasks/tag.rake
@@ -1024,6 +1034,7 @@ files:
 - ext/packaging/tasks/template.rake
 - ext/packaging/tasks/update.rake
 - ext/packaging/tasks/version.rake
+- ext/packaging/tasks/z_data_dump.rake
 - ext/project_data.yaml
 - ext/puppet-load.rb
 - ext/puppet-test