puppet 2.7.21 → 2.7.22

data/lib/puppet/vendor/safe_yaml/Gemfile

@@ -0,0 +1,11 @@
+source "https://rubygems.org"
+
+gemspec
+
+group :development do
+  gem "hashie"
+  gem "heredoc_unindent"
+  gem "rake"
+  gem "rspec"
+  gem "travis-lint"
+end

data/lib/puppet/vendor/safe_yaml/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Dan Tao
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/lib/puppet/vendor/safe_yaml/README.md

@@ -0,0 +1,179 @@
+SafeYAML
+========
+
+[![Build Status](https://travis-ci.org/dtao/safe_yaml.png)](http://travis-ci.org/dtao/safe_yaml)
+
+The **SafeYAML** gem provides an alternative implementation of `YAML.load` suitable for accepting user input in Ruby applications. Unlike Ruby's built-in implementation of `YAML.load`, SafeYAML's version will not expose apps to arbitrary code execution exploits (such as [the ones discovered](http://www.reddit.com/r/netsec/comments/167c11/serious_vulnerability_in_ruby_on_rails_allowing/) [in Rails in early 2013](http://www.h-online.com/open/news/item/Rails-developers-close-another-extremely-critical-flaw-1793511.html)).
+
+**If you encounter any issues with SafeYAML, check out the 'Common Issues' section below.** If you don't see anything that addresses the problem you're experiencing, by all means, [create an issue](https://github.com/dtao/safe_yaml/issues/new)!
+
+Installation
+------------
+
+Add this line to your application's Gemfile:
+
+    gem "safe_yaml"
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install safe_yaml
+
+Configuration
+-------------
+
+Configuring SafeYAML should be quick. In most cases, you will probably only have to think about two things:
+
+1. What do you want the `YAML` module's *default* behavior to be? Set the `SafeYAML::OPTIONS[:default_mode]` option to either `:safe` or `:unsafe` to control this. If you do neither, SafeYAML will default to `:safe` mode but will issue a warning the first time you call `YAML.load`.
+2. Do you want to allow symbols by default? Set the `SafeYAML::OPTIONS[:deserialize_symbols]` option to `true` or `false` to control this. The default is `false`, which means that SafeYAML will deserialize symbols in YAML documents as strings.
+
+For more information on these and other options, see the "Usage" section down below.
+
+Explanation
+-----------
+
+Suppose your application were to use a popular open source library which contained code like this:
+
+```ruby
+class ClassBuilder
+  def []=(key, value)
+    @class ||= Class.new
+
+    @class.class_eval <<-EOS
+      def #{key}
+        #{value}
+      end
+    EOS
+  end
+
+  def create
+    @class.new
+  end
+end
+```
+
+Now, if you were to use `YAML.load` on user input anywhere in your application without the SafeYAML gem installed, an attacker who suspected you were using this library could send a request with a carefully-crafted YAML string to execute arbitrary code (yes, including `system("unix command")`) on your servers.
+
+This simple example demonstrates the vulnerability:
+
+```ruby
+yaml = <<-EOYAML
+--- !ruby/hash:ClassBuilder
+"foo; end; puts %(I'm in yr system!); def bar": "baz"
+EOYAML
+```
+
+    > YAML.load(yaml)
+    I'm in yr system!
+    => #<ClassBuilder:0x007fdbbe2e25d8 @class=#<Class:0x007fdbbe2e2510>>
+
+With SafeYAML, the same attacker would be thwarted:
+
+    > require "safe_yaml"
+    => true
+    > YAML.load(yaml, :safe => true)
+    => {"foo; end; puts %(I'm in yr system!); def bar"=>"baz"}
+
+Usage
+-----
+
+When you require the safe_yaml gem in your project, `YAML.load` is patched to accept one additional (optional) `options` parameter. This changes the method signature as follows:
+
+- for Syck and Psych prior to Ruby 1.9.3: `YAML.load(yaml, options={})`
+- for Psych in 1.9.3 and later: `YAML.load(yaml, filename=nil, options={})`
+
+The most important option is the `:safe` option (default: `true`), which controls whether or not to deserialize arbitrary objects when parsing a YAML document. The other options, along with explanations, are as follows.
+
+- `:deserialize_symbols` (default: `false`): Controls whether or not YAML will deserialize symbols. It is probably best to only enable this option where necessary, e.g. to make trusted libraries work. Symbols receive special treatment in Ruby and are not garbage collected, which means deserializing them indiscriminately may render your site vulnerable to a DOS attack (hence `false` as a default value).
+
+- `:whitelisted_tags`: Accepts an array of YAML tags that designate trusted types, e.g., ones that can be deserialized without worrying about any resulting security vulnerabilities. When any of the given tags are encountered in a YAML document, the associated data will be parsed by the underlying YAML engine (Syck or Psych) for the version of Ruby you are using. See the "Whitelisting Trusted Types" section below for more information.
+
+- `:custom_initializers`: Similar to the `:whitelisted_tags` option, but allows you to provide your own initializers for specified tags rather than using Syck or Psyck. Accepts a hash with string tags for keys and lambdas for values.
+
+- `:raise_on_unknown_tag` (default: `false`): Represents the highest possible level of paranoia (not necessarily a bad thing); if the YAML engine encounters any tag other than ones that are automatically trusted by SafeYAML or that you've explicitly whitelisted, it will raise an exception. This may be a good choice if you expect to always be dealing with perfectly safe YAML and want your application to fail loudly upon encountering questionable data.
+
+All of the above options can be set at the global level via `SafeYAML::OPTIONS`. You can also set each one individually per call to `YAML.load`; an option explicitly passed to `load` will take precedence over an option specified globally.
+
+Supported Types
+---------------
+
+The way that SafeYAML works is by restricting the kinds of objects that can be deserialized via `YAML.load`. More specifically, only the following types of objects can be deserialized by default:
+
+- Hashes
+- Arrays
+- Strings
+- Numbers
+- Dates
+- Times
+- Booleans
+- Nils
+
+Again, deserialization of symbols can be enabled globally by setting `SafeYAML::OPTIONS[:deserialize_symbols] = true`, or in a specific call to `YAML.load([some yaml], :deserialize_symbols => true)`.
+
+Whitelisting Trusted Types
+--------------------------
+
+SafeYAML supports whitelisting certain YAML tags for trusted types. This is handy when your application uses YAML to serialize and deserialize certain types not listed above, which you know to be free of any deserialization-related vulnerabilities.
+
+The easiest way to whitelist types is by calling `SafeYAML.whitelist!`, which can accept a variable number of safe types, e.g.:
+
+```ruby
+SafeYAML.whitelist!(FrobDispenser, GobbleFactory)
+```
+
+You can also whitelist YAML *tags* via the `:whitelisted_tags` option:
+
+```ruby
+# Using Syck
+SafeYAML::OPTIONS[:whitelisted_tags] = ["tag:ruby.yaml.org,2002:object:OpenStruct"]
+
+# Using Psych
+SafeYAML::OPTIONS[:whitelisted_tags] = ["!ruby/object:OpenStruct"]
+```
+
+And in case you were wondering: no, this feature will *not* allow would-be attackers to embed untrusted types within trusted types:
+
+```ruby
+yaml = <<-EOYAML
+--- !ruby/object:OpenStruct 
+table: 
+  :backdoor: !ruby/hash:ClassBuilder 
+    "foo; end; puts %(I'm in yr system!); def bar": "baz"
+EOYAML
+```
+
+    > YAML.safe_load(yaml)
+    => #<OpenStruct :backdoor={"foo; end; puts %(I'm in yr system!); def bar"=>"baz"}>
+
+Known Issues
+------------
+
+If you add SafeYAML to your project and start seeing any errors about missing keys, or you notice mysterious strings that look like `":foo"` (i.e., start with a colon), it's likely you're seeing errors from symbols being saved in YAML format. If you are able to modify the offending code, you might want to consider changing your YAML content to use plain vanilla strings instead of symbols. If not, you may need to set the `:deserialize_symbols` option to `true`, either in calls to `YAML.load` or--as a last resort--globally, with `SafeYAML::OPTIONS[:deserialize_symbols]`.
+
+Also be aware that some Ruby libraries, particularly those requiring inter-process communication, leverage YAML's object deserialization functionality and therefore may break or otherwise be impacted by SafeYAML. The following list includes known instances of SafeYAML's interaction with other Ruby gems:
+
+- [**ActiveRecord**](https://github.com/rails/rails/tree/master/activerecord): uses YAML to control serialization of model objects using the `serialize` class method. If you find that accessing serialized properties on your ActiveRecord models is causing errors, chances are you may need to:
+  1. set the `:deserialize_symbols` option to `true`,
+  2. whitelist some of the types in your serialized data via `SafeYAML.whitelist!` or the `:whitelisted_tags` option, or
+  3. both
+- [**Guard**](https://github.com/guard/guard): Uses YAML as a serialization format for notifications. The data serialized uses symbolic keys, so setting `SafeYAML::OPTIONS[:deserialize_symbols] = true` is necessary to allow Guard to work.
+- [**sidekiq**](https://github.com/mperham/sidekiq): Uses a YAML configiuration file with symbolic keys, so setting `SafeYAML::OPTIONS[:deserialize_symbols] = true` should allow it to work.
+
+The above list will grow over time, as more issues are discovered.
+
+Caveat
+------
+
+My intention is to eventually adopt [semantic versioning](http://semver.org/) with this gem, if it ever gets to version 1.0 (i.e., doesn't become obsolete by then). Since it isn't there yet, that means that API may well change from one version to the next. Please keep that in mind if you are using it in your application.
+
+To be clear: my *goal* is for SafeYAML to make it as easy as possible to protect existing applications from object deserialization exploits. Any and all feedback is more than welcome!
+
+Requirements
+------------
+
+SafeYAML requires Ruby 1.8.7 or newer and works with both [Syck](http://www.ruby-doc.org/stdlib-1.8.7/libdoc/yaml/rdoc/YAML.html) and [Psych](http://github.com/tenderlove/psych).
+
+If you are using a version of Ruby where Psych is the default YAML engine (e.g., 1.9.3) but you want to use Syck, be sure to set `YAML::ENGINE.yamler = "syck"` **before** requiring the safe_yaml gem.

data/lib/puppet/vendor/safe_yaml/Rakefile

@@ -0,0 +1,6 @@
+require "rspec/core/rake_task"
+
+desc "Run specs"
+RSpec::Core::RakeTask.new(:spec) do |t|
+  t.rspec_opts = %w(--color)
+end

data/lib/puppet/vendor/safe_yaml/lib/safe_yaml.rb

@@ -0,0 +1,253 @@
+require "yaml"
+
+# This needs to be defined up front in case any internal classes need to base
+# their behavior off of this.
+module SafeYAML
+  YAML_ENGINE = defined?(YAML::ENGINE) ? YAML::ENGINE.yamler : "syck"
+end
+
+require "set"
+require "safe_yaml/deep"
+require "safe_yaml/parse/hexadecimal"
+require "safe_yaml/parse/sexagesimal"
+require "safe_yaml/parse/date"
+require "safe_yaml/transform/transformation_map"
+require "safe_yaml/transform/to_boolean"
+require "safe_yaml/transform/to_date"
+require "safe_yaml/transform/to_float"
+require "safe_yaml/transform/to_integer"
+require "safe_yaml/transform/to_nil"
+require "safe_yaml/transform/to_symbol"
+require "safe_yaml/transform"
+require "safe_yaml/resolver"
+require "safe_yaml/syck_hack" if defined?(JRUBY_VERSION)
+
+module SafeYAML
+  MULTI_ARGUMENT_YAML_LOAD = YAML.method(:load).arity != 1
+
+  DEFAULT_OPTIONS = Deep.freeze({
+    :default_mode         => nil,
+    :suppress_warnings    => false,
+    :deserialize_symbols  => false,
+    :whitelisted_tags     => [],
+    :custom_initializers  => {},
+    :raise_on_unknown_tag => false
+  })
+
+  OPTIONS = Deep.copy(DEFAULT_OPTIONS)
+
+  module_function
+  def restore_defaults!
+    OPTIONS.clear.merge!(Deep.copy(DEFAULT_OPTIONS))
+  end
+
+  def tag_safety_check!(tag, options)
+    return if tag.nil? || tag == "!"
+    if options[:raise_on_unknown_tag] && !options[:whitelisted_tags].include?(tag) && !tag_is_explicitly_trusted?(tag)
+      raise "Unknown YAML tag '#{tag}'"
+    end
+  end
+
+  def whitelist!(*classes)
+    classes.each do |klass|
+      whitelist_class!(klass)
+    end
+  end
+
+  def whitelist_class!(klass)
+    raise "#{klass} not a Class" unless klass.is_a?(::Class)
+
+    klass_name = klass.name
+    raise "#{klass} cannot be anonymous" if klass_name.nil? || klass_name.empty?
+
+    # Whitelist any built-in YAML tags supplied by Syck or Psych.
+    predefined_tag = predefined_tags[klass]
+    if predefined_tag
+      OPTIONS[:whitelisted_tags] << predefined_tag
+      return
+    end
+
+    # Exception is exceptional (har har).
+    tag_class  = klass < Exception ? "exception" : "object"
+
+    tag_prefix = case YAML_ENGINE
+                 when "psych" then "!ruby/#{tag_class}"
+                 when "syck"  then "tag:ruby.yaml.org,2002:#{tag_class}"
+                 else raise "unknown YAML_ENGINE #{YAML_ENGINE}"
+                 end
+    OPTIONS[:whitelisted_tags] << "#{tag_prefix}:#{klass_name}"
+  end
+
+  def predefined_tags
+    if @predefined_tags.nil?
+      @predefined_tags = {}
+
+      if YAML_ENGINE == "syck"
+        YAML.tagged_classes.each do |tag, klass|
+          @predefined_tags[klass] = tag
+        end
+
+      else
+        # Special tags appear to be hard-coded in Psych:
+        # https://github.com/tenderlove/psych/blob/v1.3.4/lib/psych/visitors/to_ruby.rb
+        # Fortunately, there aren't many that SafeYAML doesn't already support.
+        @predefined_tags.merge!({
+          Exception => "!ruby/exception",
+          Range     => "!ruby/range",
+          Regexp    => "!ruby/regexp",
+        })
+      end
+    end
+
+    @predefined_tags
+  end
+
+  if YAML_ENGINE == "psych"
+    def tag_is_explicitly_trusted?(tag)
+      false
+    end
+
+  else
+    TRUSTED_TAGS = Set.new([
+      "tag:yaml.org,2002:binary",
+      "tag:yaml.org,2002:bool#no",
+      "tag:yaml.org,2002:bool#yes",
+      "tag:yaml.org,2002:float",
+      "tag:yaml.org,2002:float#fix",
+      "tag:yaml.org,2002:int",
+      "tag:yaml.org,2002:map",
+      "tag:yaml.org,2002:null",
+      "tag:yaml.org,2002:seq",
+      "tag:yaml.org,2002:str",
+      "tag:yaml.org,2002:timestamp",
+      "tag:yaml.org,2002:timestamp#ymd"
+    ]).freeze
+
+    def tag_is_explicitly_trusted?(tag)
+      TRUSTED_TAGS.include?(tag)
+    end
+  end
+end
+
+module YAML
+  def self.load_with_options(yaml, *original_arguments)
+    filename, options = filename_and_options_from_arguments(original_arguments)
+    safe_mode = safe_mode_from_options("load", options)
+    arguments = [yaml]
+
+    if safe_mode == :safe
+      arguments << filename if SafeYAML::YAML_ENGINE == "psych"
+      arguments << options_for_safe_load(options)
+      safe_load(*arguments)
+    else
+      arguments << filename if SafeYAML::MULTI_ARGUMENT_YAML_LOAD
+      unsafe_load(*arguments)
+    end
+  end
+
+  def self.load_file_with_options(file, options={})
+    safe_mode = safe_mode_from_options("load_file", options)
+    if safe_mode == :safe
+      safe_load_file(file, options_for_safe_load(options))
+    else
+      unsafe_load_file(file)
+    end
+  end
+
+  if SafeYAML::YAML_ENGINE == "psych"
+    require "safe_yaml/psych_handler"
+    require "safe_yaml/psych_resolver"
+    require "safe_yaml/safe_to_ruby_visitor"
+
+    def self.safe_load(yaml, filename=nil, options={})
+      # If the user hasn't whitelisted any tags, we can go with this implementation which is
+      # significantly faster.
+      if (options && options[:whitelisted_tags] || SafeYAML::OPTIONS[:whitelisted_tags]).empty?
+        safe_handler = SafeYAML::PsychHandler.new(options)
+        arguments_for_parse = [yaml]
+        arguments_for_parse << filename if SafeYAML::MULTI_ARGUMENT_YAML_LOAD
+        Psych::Parser.new(safe_handler).parse(*arguments_for_parse)
+        return safe_handler.result || false
+
+      else
+        safe_resolver = SafeYAML::PsychResolver.new(options)
+        tree = SafeYAML::MULTI_ARGUMENT_YAML_LOAD ?
+          Psych.parse(yaml, filename) :
+          Psych.parse(yaml)
+        return safe_resolver.resolve_node(tree)
+      end
+    end
+
+    def self.safe_load_file(filename, options={})
+      File.open(filename, 'r:bom|utf-8') { |f| self.safe_load(f, filename, options) }
+    end
+
+    def self.unsafe_load_file(filename)
+      if SafeYAML::MULTI_ARGUMENT_YAML_LOAD
+        # https://github.com/tenderlove/psych/blob/v1.3.2/lib/psych.rb#L296-298
+        File.open(filename, 'r:bom|utf-8') { |f| self.unsafe_load(f, filename) }
+      else
+        # https://github.com/tenderlove/psych/blob/v1.2.2/lib/psych.rb#L231-233
+        self.unsafe_load File.open(filename)
+      end
+    end
+
+  else
+    require "safe_yaml/syck_resolver"
+    require "safe_yaml/syck_node_monkeypatch"
+
+    def self.safe_load(yaml, options={})
+      resolver = SafeYAML::SyckResolver.new(SafeYAML::OPTIONS.merge(options || {}))
+      tree = YAML.parse(yaml)
+      return resolver.resolve_node(tree)
+    end
+
+    def self.safe_load_file(filename, options={})
+      File.open(filename) { |f| self.safe_load(f, options) }
+    end
+
+    def self.unsafe_load_file(filename)
+      # https://github.com/indeyets/syck/blob/master/ext/ruby/lib/yaml.rb#L133-135
+      File.open(filename) { |f| self.unsafe_load(f) }
+    end
+  end
+
+  class << self
+    alias_method :unsafe_load, :load
+    alias_method :load, :load_with_options
+    alias_method :load_file, :load_file_with_options
+
+    private
+    def filename_and_options_from_arguments(arguments)
+      if arguments.count == 1
+        if arguments.first.is_a?(String)
+          return arguments.first, {}
+        else
+          return nil, arguments.first || {}
+        end
+
+      else
+        return arguments.first, arguments.last || {}
+      end
+    end
+
+    def safe_mode_from_options(method, options={})
+      if options[:safe].nil?
+        safe_mode = SafeYAML::OPTIONS[:default_mode] || :safe
+        if SafeYAML::OPTIONS[:default_mode].nil? && !SafeYAML::OPTIONS[:suppress_warnings]
+          Kernel.warn "Called '#{method}' without the :safe option -- defaulting to #{safe_mode} mode."
+          SafeYAML::OPTIONS[:suppress_warnings] = true
+        end
+        return safe_mode
+      end
+
+      options[:safe] ? :safe : :unsafe
+    end
+
+    def options_for_safe_load(base_options)
+      options = base_options.dup
+      options.delete(:safe)
+      options
+    end
+  end
+end