From 0bf1a6b328010520bfd3d4981793ffaf6196ad16 Mon Sep 17 00:00:00 2001 From: cocker-cc Date: Thu, 13 Jun 2024 22:01:28 +0200 Subject: [PATCH] (PUP-11326) Make regsubst() sensitive-aware This commit updates regsubst() to take in Sensitive type targets. Specifically, regsubst() can now take targets that are either Sensitive String, Sensitive arrays that have a combination of String and/or Sensitive[String], or non-Sensitive arrays that have combination of String and/or Sensitive[String]. Co-authored-by: Henrik Lindberg <563066+hlindberg@users.noreply.github.com> Co-authored-by: Aria Li --- lib/puppet/functions/regsubst.rb | 25 ++++++++++++++++++++--- spec/unit/functions/regsubst_spec.rb | 30 ++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+), 3 deletions(-) diff --git a/lib/puppet/functions/regsubst.rb b/lib/puppet/functions/regsubst.rb index af27fb8777a..6486d942506 100644 --- a/lib/puppet/functions/regsubst.rb +++ b/lib/puppet/functions/regsubst.rb @@ -32,7 +32,7 @@ # $i3 = regsubst($ipaddress,'^(\\d+)\\.(\\d+)\\.(\\d+)\\.(\\d+)$','\\3') # ``` dispatch :regsubst_string do - param 'Variant[Array[String],String]', :target + param 'Variant[Array[Variant[String,Sensitive[String]]],Sensitive[Array[Variant[String,Sensitive[String]]]],Variant[String,Sensitive[String]]]', :target param 'String', :pattern param 'Variant[String,Hash[String,String]]', :replacement optional_param 'Optional[Pattern[/^[GEIM]*$/]]', :flags @@ -69,7 +69,7 @@ # $x = regsubst($ipaddress, /([0-9]+)/, '<\\1>', 'G') # ``` dispatch :regsubst_regexp do - param 'Variant[Array[String],String]', :target + param 'Variant[Array[Variant[String,Sensitive[String]]],Sensitive[Array[Variant[String,Sensitive[String]]]],Variant[String,Sensitive[String]]]', :target param 'Variant[Regexp,Type[Regexp]]', :pattern param 'Variant[String,Hash[String,String]]', :replacement optional_param 'Pattern[/^G?$/]', :flags @@ -97,7 +97,26 @@ def regsubst_regexp(target, pattern, replacement, flags = nil) end def inner_regsubst(target, re, replacement, op) - target.respond_to?(op) ? target.send(op, re, replacement) : target.collect { |e| e.send(op, re, replacement) } + if target.is_a?(Puppet::Pops::Types::PSensitiveType::Sensitive) && target.unwrap.is_a?(Array) + # this is a Sensitive Array + target = target.unwrap + target.map do |item| + inner_regsubst(item, re, replacement, op) + end + elsif target.is_a?(Array) + # this is an Array + target.map do |item| + inner_regsubst(item, re, replacement, op) + end + elsif target.is_a?(Puppet::Pops::Types::PSensitiveType::Sensitive) + # this is a Sensitive + target = target.unwrap + target = target.respond_to?(op) ? target.send(op, re, replacement) : target.map { |e| e.send(op, re, replacement) } + Puppet::Pops::Types::PSensitiveType::Sensitive.new(target) + else + # this should be a String + target.respond_to?(op) ? target.send(op, re, replacement) : target.map { |e| e.send(op, re, replacement) } + end end private :inner_regsubst end diff --git a/spec/unit/functions/regsubst_spec.rb b/spec/unit/functions/regsubst_spec.rb index 593dd0ef0ee..9d72b028507 100644 --- a/spec/unit/functions/regsubst_spec.rb +++ b/spec/unit/functions/regsubst_spec.rb @@ -111,4 +111,34 @@ def regsubst(*args) end end + + context 'when using a Target of Type sensitive String' do + it 'should process it' do + result = regsubst(Puppet::Pops::Types::PSensitiveType::Sensitive.new('very secret'), 'very', 'top') + expect(result).to be_a(Puppet::Pops::Types::PSensitiveType::Sensitive) + expect(result.unwrap).to eq("top secret") + end + end + + context 'when using a Target of Type Array with mixed String and sensitive String' do + it 'should process it' do + my_array = ['very down', Puppet::Pops::Types::PSensitiveType::Sensitive.new('very secret')] + expect(regsubst(my_array, 'very', 'top')).to be_a(Array) + expect(regsubst(my_array, 'very', 'top')[0]).to eq('top down') + result = regsubst(my_array, 'very', 'top')[1] + expect(result).to be_a(Puppet::Pops::Types::PSensitiveType::Sensitive) + expect(result.unwrap).to eq('top secret') + end + end + + context 'when using a Target of Type Sensitive Array with mixed String and sensitive String' do + it 'should process it' do + my_array = Puppet::Pops::Types::PSensitiveType::Sensitive.new(['very down', Puppet::Pops::Types::PSensitiveType::Sensitive.new('very secret')]) + expect(regsubst(my_array, 'very', 'top')).to be_a(Array) + expect(regsubst(my_array, 'very', 'top')[0]).to eq('top down') + result = regsubst(my_array, 'very', 'top')[1] + expect(result).to be_a(Puppet::Pops::Types::PSensitiveType::Sensitive) + expect(result.unwrap).to eq('top secret') + end + end end