The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com
https://tickets.puppetlabs.com. See the following page for information on filing tickets with JIRA:
Bug #14093
variable called $string in scope prevents templates from working
| Status: | Closed | Start date: | 04/19/2012 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% | |
| Category: | templates | |||
| Target version: | 3.1.1 | |||
| Affected Puppet version: | 0.24.7 | Branch: | https://github.com/puppetlabs/puppet/pull/1446 | |
| Keywords: | ||||
We've Moved!Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com |
||||
Description
% FACTER_string="foo" puppet -e 'notice(inline_template("<%= Time.now %>"))'
notice: Scope(Class[main]): foo
Probably because https://github.com/puppetlabs/puppet/blob/master/lib/puppet/parser/templatewrapper.rb#L90-99 will overwrite the @string in the class
tested against 2.6.x and master
History
#1 Updated by Anonymous about 4 years ago
- Status changed from Unreviewed to Accepted
#2
Updated by eric sorenson about 3 years ago
- Status changed from Accepted to Duplicate
Dup of the next sequential bug, which is a more complete description of the problem.
#3 Updated by Anonymous about 3 years ago
- Status changed from Duplicate to In Topic Branch Pending Review
- Branch set to https://github.com/puppetlabs/puppet/pull/1445
Although this looks like the same thing as #14094, it is actually a different problem. This bug means that the actual template used is wrong (it ends up coming from the $string variable), whereas the other bug points out that there are unanticipated effects from collisions between ruby methods and variables.
A fix for this one can be found in https://github.com/puppetlabs/puppet/pull/1445
I mis-named my branch when I had the wrong bug number.
#4 Updated by Anonymous about 3 years ago
- Branch changed from https://github.com/puppetlabs/puppet/pull/1445 to https://github.com/puppetlabs/puppet/pull/1446
Mislabeled the previous PR. It was marked for #14094, but does not address that. It only addresses this bug.
#5 Updated by Anonymous about 3 years ago
- Category set to templates
- Status changed from In Topic Branch Pending Review to Merged - Pending Release
- Target version set to 3.2.0
Merged into master as 432850fb74813eded3036f861e05d9266289c16c.
This should be released in 3.2.0.
Thanks again for the contribution!
-Jeff
#6
Updated by Josh Cooper about 3 years ago
- Private changed from No to Yes
merged in security/3.1.0 in b26af91
merged in security/2.7.20 in 00756ae
merged in secuirty/2.6.17 in 7207951
#7
Updated by Josh Cooper about 3 years ago
- Affected Puppet version set to 0.24.7
This issue was introduced in 0.24.7 in commit cc45c435
#8
Updated by Josh Cooper about 3 years ago
- Target version changed from 3.2.0 to 3.1.1
#9
Updated by Matthaus Owens about 3 years ago
- Status changed from Merged - Pending Release to Closed
Released in Puppet 3.1.1, 2.7.21, 2.6.18
#10
Updated by Matthaus Owens about 3 years ago
- Private changed from Yes to No
#11
Updated by konrad rzentarzewski about 3 years ago
altough attack surface is limited to authenticated agents (usually root is required on agent, but there may be many root accounts on development boxes) remote code exploit is quite trivial and you might consider keeping it private unless people patch themselves.