From 0897b2f0feb64c449c6d16f14a8d050562d81a7a Mon Sep 17 00:00:00 2001 From: "R. Tyler Croy" Date: Sun, 11 Oct 2015 14:15:54 -0700 Subject: [PATCH] Use shellquote to properly escape the username/password for jenkins-slave defaults References #374 Fixes #371 --- manifests/slave.pp | 5 ++++- spec/classes/jenkins_slave_spec.rb | 19 +++++++++++++++++++ templates/jenkins-slave-defaults.erb | 6 +++--- 3 files changed, 26 insertions(+), 4 deletions(-) diff --git a/manifests/slave.pp b/manifests/slave.pp index 537da056f..5624ff3d8 100644 --- a/manifests/slave.pp +++ b/manifests/slave.pp @@ -77,7 +77,7 @@ $slave_name = undef, $description = undef, $masterurl = undef, - $autodiscoveryaddress = undef, + $autodiscoveryaddress = undef, $ui_user = undef, $ui_pass = undef, $version = $jenkins::params::swarm_version, @@ -99,6 +99,9 @@ $client_jar = "swarm-client-${version}-jar-with-dependencies.jar" $client_url = "http://maven.jenkins-ci.org/content/repositories/releases/org/jenkins-ci/plugins/swarm-client/${version}/" + $quoted_ui_user = shellquote($ui_user) + $quoted_ui_pass = shellquote($ui_pass) + if $install_java and ($::osfamily != 'Darwin') { # Currently the puppetlabs/java module doesn't support installing Java on diff --git a/spec/classes/jenkins_slave_spec.rb b/spec/classes/jenkins_slave_spec.rb index f183080d4..5d8e47e2c 100644 --- a/spec/classes/jenkins_slave_spec.rb +++ b/spec/classes/jenkins_slave_spec.rb @@ -44,6 +44,25 @@ with_content(/--toolLocation Python-2.7=\/usr\/bin\/python2.7/). with_content(/--toolLocation Java-1.8=\/usr\/bin\/java/) } end + + describe 'with a UI user/password' do + let(:user) { '"frank"' } + let(:password) { "abignale's" } + let(:params) do + { + :ui_user => user, + :ui_pass => password, + } + end + + it 'should escape the user' do + should contain_file(slave_runtime_file).with_content(/^JENKINS_USERNAME='#{user}'$/) + end + + it 'should escape the password' do + should contain_file(slave_runtime_file).with_content(/^JENKINS_PASSWORD="#{password}"$/) + end + end end shared_examples 'using slave_name' do diff --git a/templates/jenkins-slave-defaults.erb b/templates/jenkins-slave-defaults.erb index fc55de0f0..0144441af 100644 --- a/templates/jenkins-slave-defaults.erb +++ b/templates/jenkins-slave-defaults.erb @@ -52,9 +52,9 @@ FSROOT="<%= @slave_home -%>" DESCRIPTION="<%= @description -%>" -# credentials should be single quoted -JENKINS_USERNAME="'<%= @ui_user.gsub!(/^\'|\'?$/, '') -%>'" -JENKINS_PASSWORD="'<%= @ui_pass.gsub!(/^\'|\'?$/, '') -%>'" +# credentials should be sinjle quoted +JENKINS_USERNAME=<%= @quoted_ui_user %> +JENKINS_PASSWORD=<%= @quoted_ui_pass %> OTHER_ARGS="<%= '-disableSslVerification' if @disable_ssl_verification -%>"