(PUP-11326) Make regsubst() sensitive-aware

puppetlabs · Jan 17, 2022 · 4ec8679 · 4ec8679
1 parent a5a7760
commit 4ec8679
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 3 deletions.
diff --git a/lib/puppet/functions/regsubst.rb b/lib/puppet/functions/regsubst.rb
@@ -30,7 +30,7 @@
   #   $i3 = regsubst($ipaddress,'^(\\d+)\\.(\\d+)\\.(\\d+)\\.(\\d+)$','\\3')
   #   ```
   dispatch :regsubst_string do
-    param          'Variant[Array[String],String]',       :target
+    param          'Variant[Array[Variant[String,Sensitive[String]]],Variant[String,Sensitive[String]]]', :target
     param          'String',                              :pattern
     param          'Variant[String,Hash[String,String]]', :replacement
     optional_param 'Optional[Pattern[/^[GEIM]*$/]]',      :flags
@@ -67,7 +67,7 @@
   #   $x = regsubst($ipaddress, /([0-9]+)/, '<\\1>', 'G')
   #   ```
   dispatch :regsubst_regexp do
-    param          'Variant[Array[String],String]',       :target
+    param          'Variant[Array[Variant[String,Sensitive[String]]],Variant[String,Sensitive[String]]]', :target
     param          'Variant[Regexp,Type[Regexp]]',        :pattern
     param          'Variant[String,Hash[String,String]]', :replacement
     optional_param 'Pattern[/^G?$/]',                     :flags
@@ -95,7 +95,27 @@ def regsubst_regexp(target, pattern, replacement, flags = nil)
   end
 
   def inner_regsubst(target, re, replacement, op)
-    target.respond_to?(op) ? target.send(op, re, replacement) : target.collect { |e| e.send(op, re, replacement) }
+    if target.respond_to?(:map)
+      # this is an Array
+      target.map do |item|
+        if item.respond_to?(:unwrap)
+          item = item.unwrap
+          Puppet::Pops::Types::PSensitiveType::Sensitive.new(
+            item.respond_to?(op) ? item.send(op, re, replacement) : item.collect { |e| e.send(op, re, replacement) }
+          )
+        else
+          item.respond_to?(op) ? item.send(op, re, replacement) : item.collect { |e| e.send(op, re, replacement) }
+        end
+      end
+    elsif target.respond_to?(:unwrap)
+      # this is a Sensitive
+      target = target.unwrap
+      target = target.respond_to?(op) ? target.send(op, re, replacement) : target.collect { |e| e.send(op, re, replacement) }
+      Puppet::Pops::Types::PSensitiveType::Sensitive.new(target)
+    else
+      # this should be a String
+      target.respond_to?(op) ? target.send(op, re, replacement) : target.collect { |e| e.send(op, re, replacement) }
+    end
   end
   private :inner_regsubst
 end
diff --git a/spec/unit/functions/regsubst_spec.rb b/spec/unit/functions/regsubst_spec.rb
@@ -111,4 +111,19 @@ def regsubst(*args)
     end
 
   end
+
+  context 'when using a Target of Type sensitive String' do
+    it 'should process it' do
+      expect(regsubst(Puppet::Pops::Types::PSensitiveType::Sensitive.new('very secret'), 'very', 'top')).to be_a(Puppet::Pops::Types::PSensitiveType::Sensitive)
+    end
+  end
+
+  context 'when using a Target of Type Array with mixed String and sensitive String' do
+    it 'should process it' do
+      my_array = ['very down', Puppet::Pops::Types::PSensitiveType::Sensitive.new('very secret')]
+      expect(regsubst(my_array, 'very', 'top')).to be_a(Array)
+      expect(regsubst(my_array, 'very', 'top')[0]).to eq('top down')
+      expect(regsubst(my_array, 'very', 'top')[1]).to  be_a(Puppet::Pops::Types::PSensitiveType::Sensitive)
+    end
+  end
 end