puppet 7.11.0-universal-darwin → 7.14.0-universal-darwin

data/lib/puppet/file_system/path_pattern.rb

@@ -5,10 +5,9 @@ module Puppet::FileSystem
   class PathPattern
     class InvalidPattern < Puppet::Error; end
 
-    TRAVERSAL = /^\.\.$/
+    DOTDOT = '..'.freeze
     ABSOLUTE_UNIX = /^\//
     ABSOLUTE_WINDOWS = /^[a-z]:/i
-    #ABSOLUT_VODKA #notappearinginthisclass
     CURRENT_DRIVE_RELATIVE_WINDOWS = /^\\/
 
     def self.relative(pattern)
@@ -32,11 +31,11 @@ module Puppet::FileSystem
     end
 
     def glob
-      Dir.glob(pathname.to_s)
+      Dir.glob(@pathstr)
     end
 
     def to_s
-      pathname.to_s
+      @pathstr
     end
 
     protected
@@ -46,13 +45,9 @@ module Puppet::FileSystem
     private
 
     def validate
-      @pathname.each_filename do |e|
-        if e =~ TRAVERSAL
-          raise(InvalidPattern, _("PathPatterns cannot be created with directory traversals."))
-        end
-      end
-      case @pathname.to_s
-      when CURRENT_DRIVE_RELATIVE_WINDOWS
+      if @pathstr.split(Pathname::SEPARATOR_PAT).any? { |f| f == DOTDOT }
+        raise(InvalidPattern, _("PathPatterns cannot be created with directory traversals."))
+      elsif @pathstr.match?(CURRENT_DRIVE_RELATIVE_WINDOWS)
         raise(InvalidPattern, _("A PathPattern cannot be a Windows current drive relative path."))
       end
     end
@@ -60,6 +55,7 @@ module Puppet::FileSystem
     def initialize(pattern)
       begin
         @pathname = Pathname.new(pattern.strip)
+        @pathstr = @pathname.to_s
       rescue ArgumentError => error
         raise InvalidPattern.new(_("PathPatterns cannot be created with a zero byte."), error)
       end
@@ -74,10 +70,9 @@ module Puppet::FileSystem
 
     def validate
       super
-      case @pathname.to_s
-      when ABSOLUTE_WINDOWS
+      if @pathstr.match?(ABSOLUTE_WINDOWS)
         raise(InvalidPattern, _("A relative PathPattern cannot be prefixed with a drive."))
-      when ABSOLUTE_UNIX
+      elsif @pathstr.match?(ABSOLUTE_UNIX)
         raise(InvalidPattern, _("A relative PathPattern cannot be an absolute path."))
       end
     end
@@ -90,7 +85,7 @@ module Puppet::FileSystem
 
     def validate
       super
-      if @pathname.to_s !~ ABSOLUTE_UNIX and @pathname.to_s !~ ABSOLUTE_WINDOWS
+      if !@pathstr.match?(ABSOLUTE_UNIX) && !@pathstr.match?(ABSOLUTE_WINDOWS)
         raise(InvalidPattern, _("An absolute PathPattern cannot be a relative path."))
       end
     end

data/lib/puppet/file_system/uniquefile.rb

@@ -127,7 +127,7 @@ class Puppet::FileSystem::Uniquefile < DelegateClass(File)
     tmpdir ||= tmpdir()
     n = nil
     begin
-      path = File.expand_path(make_tmpname(basename, n), tmpdir)
+      path = File.join(tmpdir, make_tmpname(basename, n))
       yield(path, n, *opts)
     rescue Errno::EEXIST
       n ||= 0

data/lib/puppet/file_system/windows.rb

@@ -123,7 +123,7 @@ class Puppet::FileSystem::Windows < Puppet::FileSystem::Posix
   LOCK_VIOLATION = 33
 
   def replace_file(path, mode = nil)
-    if Puppet::FileSystem.directory?(path)
+    if directory?(path)
       raise Errno::EISDIR, _("Is a directory: %{directory}") % { directory: path }
     end
 
@@ -159,14 +159,14 @@ class Puppet::FileSystem::Windows < Puppet::FileSystem::Posix
       end
 
       set_dacl(tempfile.path, dacl) if dacl
-      File.rename(tempfile.path, Puppet::FileSystem.path_string(path))
+      ::File.rename(tempfile.path, path_string(path))
     ensure
       tempfile.close!
     end
   rescue Puppet::Util::Windows::Error => e
     case e.code
     when ACCESS_DENIED, SHARING_VIOLATION, LOCK_VIOLATION
-      raise Errno::EACCES.new(Puppet::FileSystem.path_string(path), e)
+      raise Errno::EACCES.new(path_string(path), e)
     else
       raise SystemCallError.new(e.message)
     end
@@ -193,7 +193,7 @@ class Puppet::FileSystem::Windows < Puppet::FileSystem::Posix
   end
 
   def get_dacl_from_file(path)
-    sd = Puppet::Util::Windows::Security.get_security_descriptor(Puppet::FileSystem.path_string(path))
+    sd = Puppet::Util::Windows::Security.get_security_descriptor(path_string(path))
     sd.dacl
   rescue Puppet::Util::Windows::Error => e
     raise e unless e.code == FILE_NOT_FOUND

data/lib/puppet/file_system.rb

@@ -345,7 +345,8 @@ module Puppet::FileSystem
   # value ~ will be expanded to something like /Users/Foo
   #
   # This method exists primarlily to resolve a Ruby deficiency where
-  # File.expand_path doesn't handle ~ in each segment on a Windows path
+  # File.expand_path doesn't convert short paths to long paths, which is
+  # important when resolving the path to load.
   #
   # @param path [Object] a path handle produced by {#pathname}
   # @return [String] a string representation of the path
@@ -396,7 +397,7 @@ module Puppet::FileSystem
   # @api public
   #
   def self.chmod(mode, path)
-    @impl.chmod(mode, path)
+    @impl.chmod(mode, assert_path(path))
   end
 
   # Replace the contents of a file atomically, creating the file if necessary.

data/lib/puppet/functions/versioncmp.rb

@@ -8,6 +8,9 @@ require_relative '../../puppet/util/package'
 #
 # Where a and b are arbitrary version strings.
 #
+# Optional parameter ignore_trailing_zeroes is used to ignore unnecessary
+# trailing version numbers like .0 or .0.00
+#
 # This function returns:
 #
 # * `1` if version a is greater than version b
@@ -28,9 +31,10 @@ Puppet::Functions.create_function(:versioncmp) do
   dispatch :versioncmp do
     param 'String', :a
     param 'String', :b
+    optional_param 'Boolean', :ignore_trailing_zeroes
   end
 
-  def versioncmp(a, b)
-    Puppet::Util::Package.versioncmp(a, b)
+  def versioncmp(a, b, ignore_trailing_zeroes = false)
+    Puppet::Util::Package.versioncmp(a, b, ignore_trailing_zeroes)
   end
 end

data/lib/puppet/generate/type.rb

@@ -134,6 +134,9 @@ module Puppet
         inputs.sort_by! { |input| input.path }
       end
 
+      def self.bad_input?
+        @bad_input
+      end
       # Generates files for the given inputs.
       # If a file is up to date (newer than input) it is kept.
       # If a file is out of date it is regenerated.
@@ -170,6 +173,8 @@ module Puppet
         }
 
         up_to_date = true
+        @bad_input = false
+
         Puppet.notice _('Generating Puppet resource types.')
         inputs.each do |input|
           if !force && input.up_to_date?(outputdir)
@@ -187,6 +192,7 @@ module Puppet
             raise
           rescue Exception => e
             # Log the exception and move on to the next input
+            @bad_input = true
             Puppet.log_exception(e, _("Failed to load custom type '%{type_name}' from '%{input}': %{message}") % { type_name: type_name, input: input, message: e.message })
             next
           end
@@ -205,6 +211,7 @@ module Puppet
           begin
             model = Models::Type::Type.new(type)
           rescue Exception => e
+            @bad_input = true
             # Move on to the next input
             Puppet.log_exception(e, "#{input}: #{e.message}")
             next
@@ -214,6 +221,7 @@ module Puppet
           begin
             result = model.render(templates[input.template_path])
           rescue Exception => e
+            @bad_input = true
             Puppet.log_exception(e)
             raise
           end
@@ -227,6 +235,7 @@ module Puppet
               file.write(result)
             end
           rescue Exception => e
+            @bad_input = true
             Puppet.log_exception(e, _("Failed to generate '%{effective_output_path}': %{message}") % { effective_output_path: effective_output_path, message: e.message })
             # Move on to the next input
             next

data/lib/puppet/graph/simple_graph.rb

@@ -38,11 +38,12 @@ class Puppet::Graph::SimpleGraph
     @downstream_from.clear
   end
 
-  # Which resources depend upon the given resource.
+  # Which resources the given resource depends on.
   def dependencies(resource)
     vertex?(resource) ? upstream_from_vertex(resource).keys : []
   end
 
+  # Which resources depend upon the given resource.
   def dependents(resource)
     vertex?(resource) ? downstream_from_vertex(resource).keys : []
   end

data/lib/puppet/http/client.rb

@@ -346,7 +346,7 @@ class Puppet::HTTP::Client
 
     while !done do
       connect(request.uri, options: options) do |http|
-        apply_auth(request, basic_auth)
+        apply_auth(request, basic_auth) if redirects.zero?
 
         # don't call return within the `request` block
         http.request(request) do |nethttp|

data/lib/puppet/http/redirector.rb

@@ -49,6 +49,11 @@ class Puppet::HTTP::Redirector
     new_request = request.class.new(url)
     new_request.body = request.body
     request.each do |header, value|
+      unless Puppet[:location_trusted]
+        # skip adding potentially sensitive header to other hosts
+        next if header.casecmp('Authorization').zero? && request.uri.host.casecmp(location.host) != 0
+        next if header.casecmp('Cookie').zero? && request.uri.host.casecmp(location.host) != 0
+      end
       new_request[header] = value
     end
 

data/lib/puppet/node.rb

@@ -89,7 +89,7 @@ class Puppet::Node
     unless @environment.nil?
       # always set the environment parameter. It becomes top scope $environment for a manifest during catalog compilation.
       @parameters[ENVIRONMENT] = @environment.name.to_s
-      self.environment_name = @environment.name if instance_variable_defined?(:@environment_name)
+      self.environment_name = @environment.name
     end
     @environment
   end

data/lib/puppet/parser/resource.rb

@@ -13,7 +13,7 @@ class Puppet::Parser::Resource < Puppet::Resource
 
   attr_accessor :source, :scope, :collector_id
   attr_accessor :virtual, :override, :translated, :catalog, :evaluated
-  attr_accessor :file, :line
+  attr_accessor :file, :line, :kind
 
   attr_reader :exported, :parameters
 

data/lib/puppet/pops/evaluator/closure.rb

@@ -219,16 +219,15 @@ class Closure < CallableSignature
   def call_with_scope(scope, args)
     variable_bindings = combine_values_with_parameters(scope, args)
 
-    tc = Types::TypeCalculator.singleton
-    final_args = tc.infer_set(parameters.reduce([]) do |tmp_args, param|
+    final_args = parameters.reduce([]) do |tmp_args, param|
       if param.captures_rest
         tmp_args.concat(variable_bindings[param.name])
       else
         tmp_args << variable_bindings[param.name]
       end
-    end)
+    end
 
-    if type.callable?(final_args)
+    if type.callable_with?(final_args, block_type)
       result = catch(:next) do
         @evaluator.evaluate_block_with_bindings(scope, variable_bindings, @model.body)
       end
@@ -236,7 +235,9 @@ class Closure < CallableSignature
         "value returned from #{closure_name}"
       end
     else
-      raise ArgumentError, Types::TypeMismatchDescriber.describe_signatures(closure_name, [self], final_args)
+      tc = Types::TypeCalculator.singleton
+      args_type = tc.infer_set(final_args)
+      raise ArgumentError, Types::TypeMismatchDescriber.describe_signatures(closure_name, [self], args_type)
     end
   end
 
@@ -309,6 +310,7 @@ class Closure < CallableSignature
       to += param_range[1]
     end
     param_types = Types::PTupleType.new(types, Types::PIntegerType.new(from, to))
+    # The block_type for a Closure is always nil for now, see comment in block_name above
     Types::PCallableType.new(param_types, nil, return_type)
   end
 

data/lib/puppet/pops/evaluator/runtime3_resource_support.rb

@@ -40,6 +40,7 @@ module Runtime3ResourceSupport
           :parameters => evaluated_parameters,
           :file => file,
           :line => line,
+          :kind => Puppet::Resource.to_kind(resolved_type),
           :exported => exported,
           :virtual => virtual,
           # WTF is this? Which source is this? The file? The name of the context ?

data/lib/puppet/pops/parser/code_merger.rb

@@ -11,17 +11,17 @@ class Puppet::Pops::Parser::CodeMerger
     # PUP-5299, some sites have thousands of entries, and run out of stack when evaluating - the logic
     # below maps the logic as flatly as possible.
     #
-    children = parse_results.select {|x| !x.nil? && x.code}.reduce([]) do |memo, parsed_class|
+    children = parse_results.select {|x| !x.nil? && x.code}.flat_map do |parsed_class|
       case parsed_class.code
       when Puppet::Parser::AST::BlockExpression
         # the BlockExpression wraps a single 4x instruction that is most likely wrapped in a Factory
-        memo + parsed_class.code.children.map {|c| c.is_a?(Puppet::Pops::Model::Factory) ? c.model : c }
+        parsed_class.code.children.map {|c| c.is_a?(Puppet::Pops::Model::Factory) ? c.model : c }
       when Puppet::Pops::Model::Factory
         # If it is a 4x instruction wrapped in a Factory
-        memo + parsed_class.code.model
+        parsed_class.code.model
       else
         # It is the instruction directly
-        memo << parsed_class.code
+        parsed_class.code
       end
     end
     Puppet::Parser::AST::BlockExpression.new(:children => children)

data/lib/puppet/pops/parser/egrammar.ra

@@ -863,6 +863,8 @@ keyword
   | ATTR
   | FUNCTION
   | PRIVATE
+  | PLAN
+  | APPLY
 
 nil
   : { result = nil}