diff options
| author | Thom May <thom@may.lt> | 2017-02-01 17:32:02 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-02-01 17:32:02 +0000 |
| commit | 71629035eee1905a7324e0c2e6ba4bc3cecd2926 (patch) | |
| tree | 6292502d40d55048c623e5fef05691499a64ade5 | |
| parent | 757b84b0fbb2e835414919a22b5c98c7590ea085 (diff) | |
| parent | f8e19c924cef965e62eeb0d8ffee39aecc9f26af (diff) | |
| download | chef-71629035eee1905a7324e0c2e6ba4bc3cecd2926.tar.gz | |
Merge pull request #5704 from ceneo/knife-upload-too-short-control-escape
Core: Ensure paths are correctly escaped when syntax checking
| -rw-r--r-- | lib/chef/cookbook/syntax_check.rb | 2 | ||||
| -rw-r--r-- | spec/unit/cookbook/syntax_check_spec.rb | 10 |
2 files changed, 9 insertions, 3 deletions
diff --git a/lib/chef/cookbook/syntax_check.rb b/lib/chef/cookbook/syntax_check.rb index f8559433dc..8d0d636bd2 100644 --- a/lib/chef/cookbook/syntax_check.rb +++ b/lib/chef/cookbook/syntax_check.rb @@ -110,7 +110,7 @@ class Chef end def remove_uninteresting_ruby_files(file_list) - file_list.reject { |f| f =~ %r{#{cookbook_path}/(files|templates)/} } + file_list.reject { |f| f =~ %r{#{Regexp.quote(cookbook_path)}/(files|templates)/} } end def ruby_files diff --git a/spec/unit/cookbook/syntax_check_spec.rb b/spec/unit/cookbook/syntax_check_spec.rb index 228f695106..aa6fe49eb9 100644 --- a/spec/unit/cookbook/syntax_check_spec.rb +++ b/spec/unit/cookbook/syntax_check_spec.rb @@ -25,6 +25,7 @@ describe Chef::Cookbook::SyntaxCheck do end let(:cookbook_path) { File.join(CHEF_SPEC_DATA, "cookbooks", "openldap") } + let(:unsafe_cookbook_path) { 'C:\AGENT-HOME\xml-data\build-dir\76808194-76906499\artifact\cookbooks/java' } let(:syntax_check) { Chef::Cookbook::SyntaxCheck.new(cookbook_path) } let(:open_ldap_cookbook_files) do @@ -53,7 +54,7 @@ describe Chef::Cookbook::SyntaxCheck do @recipes = %w{default.rb gigantor.rb one.rb return.rb}.map { |f| File.join(cookbook_path, "recipes", f) } @spec_files = [ File.join(cookbook_path, "spec", "spec_helper.rb") ] @ruby_files = @attr_files + @libr_files + @defn_files + @recipes + @spec_files + [File.join(cookbook_path, "metadata.rb")] - basenames = %w{ helpers_via_partial_test.erb + @basenames = %w{ helpers_via_partial_test.erb helper_test.erb helpers.erb openldap_stuff.conf.erb @@ -64,7 +65,7 @@ describe Chef::Cookbook::SyntaxCheck do some_windows_line_endings.erb all_windows_line_endings.erb no_windows_line_endings.erb } - @template_files = basenames.map { |f| File.join(cookbook_path, "templates", "default", f) } + @template_files = @basenames.map { |f| File.join(cookbook_path, "templates", "default", f) } end after do @@ -94,6 +95,11 @@ describe Chef::Cookbook::SyntaxCheck do end end + it "safely handles a path containing control characters" do + syntax_check = Chef::Cookbook::SyntaxCheck.new(unsafe_cookbook_path) + expect { syntax_check.remove_uninteresting_ruby_files(@basenames) }.not_to raise_error + end + describe "when first created" do it "has the path to the cookbook to syntax check" do expect(syntax_check.cookbook_path).to eq(cookbook_path) |