Improved user validation and munging

Morgan Haskel · Morgan Haskel · commit 542c43eda5cb · 2015-09-17T17:29:00.000-07:00
We want to make sure we are validating the entire user parameter (and
validating it consistently between mysql_user and mysql_grant).
Additionally, for munging we do not want to do anything that could
truncate the username.
diff --git a/lib/puppet/type/mysql_grant.rb b/lib/puppet/type/mysql_grant.rb
@@ -65,10 +65,10 @@ def initialize(*args)
       # If at least one special char is used, string must be quoted
 
       # http://stackoverflow.com/questions/8055727/negating-a-backreference-in-regular-expressions/8057827#8057827
-      if matches = /^(['`"])((?!\1).)*\1@([\w%\.:\-]+)/.match(value)
+      if matches = /^(['`"])((?!\1).)*\1@([\w%\.:\-\/]+)$/.match(value)
         user_part = matches[2]
         host_part = matches[3]
-      elsif matches = /^([0-9a-zA-Z$_]*)@([\w%\.:\-]+)/.match(value)
+      elsif matches = /^([0-9a-zA-Z$_]*)@([\w%\.:\-\/]+)$/.match(value)
         user_part = matches[1]
         host_part = matches[2]
       elsif matches = /^((?!['`"]).*[^0-9a-zA-Z$_].*)@(.+)$/.match(value)
@@ -87,6 +87,11 @@ def initialize(*args)
         end
       end
     end
+
+    munge do |value|
+      matches = /^((['`"]?).*\2)@(.+)$/.match(value)
+      "#{matches[1]}@#{matches[3].downcase}"
+    end
   end
 
   newproperty(:options, :array_matching => :all) do
diff --git a/lib/puppet/type/mysql_user.rb b/lib/puppet/type/mysql_user.rb
@@ -14,10 +14,10 @@
       # If at least one special char is used, string must be quoted
 
       # http://stackoverflow.com/questions/8055727/negating-a-backreference-in-regular-expressions/8057827#8057827
-      if matches = /^(['`"])((?:(?!\1).)*)\1@([\w%\.:\-]+)/.match(value)
+      if matches = /^(['`"])((?:(?!\1).)*)\1@([\w%\.:\-\/]+)$/.match(value)
         user_part = matches[2]
         host_part = matches[3]
-      elsif matches = /^([0-9a-zA-Z$_]*)@([\w%\.:\-]+)/.match(value)
+      elsif matches = /^([0-9a-zA-Z$_]*)@([\w%\.:\-\/]+)$/.match(value)
         user_part = matches[1]
         host_part = matches[2]
       elsif matches = /^((?!['`"]).*[^0-9a-zA-Z$_].*)@(.+)$/.match(value)
@@ -38,7 +38,7 @@
     end
 
     munge do |value|
-      matches = /^((['`"]?).*\2)@([\w%\.:\-]+)/.match(value)
+      matches = /^((['`"]?).*\2)@(.+)$/.match(value)
       "#{matches[1]}@#{matches[3].downcase}"
     end
   end
diff --git a/spec/unit/puppet/type/mysql_user_spec.rb b/spec/unit/puppet/type/mysql_user_spec.rb
@@ -51,6 +51,16 @@
     end
   end
 
+  context 'using foo@192.168.1.0/255.255.255.0' do
+    before :each do
+      @user = Puppet::Type.type(:mysql_user).new(:name => 'foo@192.168.1.0/255.255.255.0', :password_hash => 'pass')
+    end
+
+    it 'should create the user with the netmask' do
+      expect(@user[:name]).to eq('foo@192.168.1.0/255.255.255.0')
+    end
+  end
+
   context 'using allo_wed$char@localhost' do
     before :each do
       @user = Puppet::Type.type(:mysql_user).new(:name => 'allo_wed$char@localhost', :password_hash => 'pass')
