Diffusion PostgreSQL puppet module 5b14a1208c45

Ensure port is a string in psql command
5b14a1208c45
Actions

Description

Ensure port is a string in psql command

In 841187b0ec29726c0fe39ea2ad710a5ead42d2e0 a shell execution
vulnerability was fixed by passing an array. In my environment (Debian
10, Ruby 2.5, Puppet 5) it was failing because port was an Integer and
command execution only allows Strings. This explicitly converts the port
to a string.

Fixes: 841187b0ec29726c0fe39ea2ad710a5ead42d2e0

Details

Provenance

Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>	Authored on Mar 6 2021, 12:31 PM
olasd	Pushed on Dec 28 2021, 10:47 AM

Parents

rSPPGe582cb057b5d: Merge pull request #1248 from puppetlabs/pdksync_maint/main/perform_pdk_update

Branches

Unknown

Tags

Unknown

Event Timeline

Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl> committed rSPPG5b14a1208c45: Ensure port is a string in psql command (authored by Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>).Mar 6 2021, 12:31 PM

Changes (1)

Path

Size

lib/

puppet/

provider/

postgresql_psql/

ruby.rb

rSPPG5b14a1208c45

View Options

lib/puppet/provider/postgresql_psql/ruby.rb