From 8a163776b01ea73dbf7acf352649e15db1bc6493 Mon Sep 17 00:00:00 2001 From: Fdall Date: Fri, 10 Jan 2025 10:54:10 +0100 Subject: [PATCH] Fixes #26151: UTF-8 chars are HTML escaped when used in policy variables --- policies/rudderc/src/backends/windows.rs | 38 +++++----- policies/rudderc/src/ir/value.rs | 56 +++++++-------- .../cases/general/escaping/technique.ps1 | 70 +++++++++---------- .../tests/cases/general/ntp/technique.ps1 | 8 +-- .../general/param_in_condition/technique.ps1 | 8 +-- .../cases/general/variables/technique.ps1 | 16 ++--- 6 files changed, 98 insertions(+), 98 deletions(-) diff --git a/policies/rudderc/src/backends/windows.rs b/policies/rudderc/src/backends/windows.rs index c3b6f564691..005e0b59390 100644 --- a/policies/rudderc/src/backends/windows.rs +++ b/policies/rudderc/src/backends/windows.rs @@ -377,22 +377,22 @@ mod tests { assert_eq!(res, r); let c = "${var}"; - let r = "([Rudder.Condition]::canonify([Rudder.Datastate]::Render('{{' + @'\n\ + let r = "([Rudder.Condition]::canonify([Rudder.Datastate]::Render('{{{' + @'\n\ vars.var\n\ - '@ + '}}')))"; + '@ + '}}}')))"; let res = canonify_condition(c).unwrap(); assert_eq!(res, r); let c = "${my_cond}.debian|${sys.${plouf}}"; - let r = r#"([Rudder.Condition]::canonify(([Rudder.Datastate]::Render('{{' + @' + let r = r#"([Rudder.Condition]::canonify(([Rudder.Datastate]::Render('{{{' + @' vars.my_cond -'@ + '}}')) + @' +'@ + '}}}')) + @' .debian| -'@ + ([Rudder.Datastate]::Render('{{' + @' +'@ + ([Rudder.Datastate]::Render('{{{' + @' vars.sys. -'@ + [Rudder.Datastate]::Render('{{' + @' +'@ + [Rudder.Datastate]::Render('{{{' + @' vars.plouf -'@ + '}}') + '}}'))))"#; +'@ + '}}}') + '}}}'))))"#; let res = canonify_condition(c).unwrap(); assert_eq!(res, r); } @@ -463,9 +463,9 @@ a simple test assert_eq!( "@' a less simple -'@ + ([Rudder.Datastate]::Render('{{' + @' +'@ + ([Rudder.Datastate]::Render('{{{' + @' vars.plouf.plouf -'@ + '}}')) + @' +'@ + '}}}')) + @' test '@", parameter_fmt(&&m_param, &t_id, &t_params).unwrap() @@ -480,9 +480,9 @@ vars.plouf.plouf assert_eq!( "@' a less simple -'@ + ([Rudder.Datastate]::Render('{{' + @' +'@ + ([Rudder.Datastate]::Render('{{{' + @' vars.technique_id.param1 -'@ + '}}')) + @' +'@ + '}}}')) + @' test '@", parameter_fmt(&&m_param, &t_id, &t_params).unwrap() @@ -497,9 +497,9 @@ vars.technique_id.param1 assert_eq!( "@' a less simple -'@ + ([Rudder.Datastate]::Render('{{' + @' +'@ + ([Rudder.Datastate]::Render('{{{' + @' vars.plouf.param1 -'@ + '}}')) + @' +'@ + '}}}')) + @' test '@", parameter_fmt(&&m_param, &t_id, &t_params).unwrap() @@ -514,9 +514,9 @@ vars.plouf.param1 assert_eq!( "@' a less simple -'@ + ([Rudder.Datastate]::Render('{{' + @' +'@ + ([Rudder.Datastate]::Render('{{{' + @' vars.param1or2 -'@ + '}}')) + @' +'@ + '}}}')) + @' test '@", parameter_fmt(&&m_param, &t_id, &t_params).unwrap() @@ -531,9 +531,9 @@ vars.param1or2 assert_eq!( "@' a less simple -'@ + ([Rudder.Datastate]::Render('{{' + @' +'@ + ([Rudder.Datastate]::Render('{{{' + @' vars.sys.host -'@ + '}}')) + @' +'@ + '}}}')) + @' test '@", parameter_fmt(&&m_param, &t_id, &t_params).unwrap() @@ -548,9 +548,9 @@ vars.sys.host assert_eq!( "@' a less simple -'@ + ([Rudder.Datastate]::Render('{{' + @' +'@ + ([Rudder.Datastate]::Render('{{{' + @' vars.const.n -'@ + '}}')) + @' +'@ + '}}}')) + @' test '@", parameter_fmt(&&m_param, &t_id, &t_params).unwrap() diff --git a/policies/rudderc/src/ir/value.rs b/policies/rudderc/src/ir/value.rs index 8fdece09942..5453764976e 100644 --- a/policies/rudderc/src/ir/value.rs +++ b/policies/rudderc/src/ir/value.rs @@ -64,7 +64,7 @@ pub fn known_vars() -> &'static serde_yaml::Value { } fn nustache_render(s: &str) -> String { - format!("[Rudder.Datastate]::Render('{{{{' + {} + '}}}}')", s) + format!("[Rudder.Datastate]::Render('{{{{{{' + {} + '}}}}}}')", s) } /// Rudder variable expression. @@ -806,9 +806,9 @@ mod tests { a.fmt(Target::Windows), r###"@' /bin/true "# -'@ + ([Rudder.Datastate]::Render('{{' + @' +'@ + ([Rudder.Datastate]::Render('{{{' + @' vars.node.inventory.os.fullName -'@ + '}}')) + @' +'@ + '}}}')) + @' " '@"### ); @@ -820,18 +820,18 @@ vars.node.inventory.os.fullName assert_eq!(b.fmt(Target::Unix), "${node.properties[a][b]}"); assert_eq!( b.fmt(Target::Windows), - r#"[Rudder.Datastate]::Render('{{' + @' + r#"[Rudder.Datastate]::Render('{{{' + @' vars.node.properties.a.b -'@ + '}}')"# +'@ + '}}}')"# ); let c: Expression = Expression::Sys(vec![Expression::Scalar("host".to_string())]); assert_eq!(c.fmt(Target::Unix), "${sys.host}"); assert_eq!( c.fmt(Target::Windows), - r#"[Rudder.Datastate]::Render('{{' + @' + r#"[Rudder.Datastate]::Render('{{{' + @' vars.sys.host -'@ + '}}')"# +'@ + '}}}')"# ); let cc: Expression = Expression::Sequence(vec![Expression::Scalar("host".to_string())]); @@ -850,13 +850,13 @@ host assert_eq!(d.fmt(Target::Unix), "${node.properties[inner${sys.host}]}"); assert_eq!( d.fmt(Target::Windows), - r#"[Rudder.Datastate]::Render('{{' + @' + r#"[Rudder.Datastate]::Render('{{{' + @' vars.node.properties. '@ + @' inner -'@ + ([Rudder.Datastate]::Render('{{' + @' +'@ + ([Rudder.Datastate]::Render('{{{' + @' vars.sys.host -'@ + '}}')) + '}}')"# +'@ + '}}}')) + '}}}')"# ); let dd = Expression::NodeProperty(vec![Expression::Sequence(vec![ @@ -867,15 +867,15 @@ vars.sys.host ])]); assert_eq!( dd.fmt(Target::Windows), - r#"[Rudder.Datastate]::Render('{{' + @' + r#"[Rudder.Datastate]::Render('{{{' + @' vars.node.properties. '@ + @' inner -'@ + ([Rudder.Datastate]::Render('{{' + @' +'@ + ([Rudder.Datastate]::Render('{{{' + @' vars.sys. '@ + @' host -'@ + '}}')) + '}}')"# +'@ + '}}}')) + '}}}')"# ); assert_eq!(dd.fmt(Target::Unix), "${node.properties[inner${sys.host}]}"); @@ -886,7 +886,7 @@ host assert_eq!(ee.fmt(Target::Unix), "${node.properties[interfaces][eth0]}"); assert_eq!( ee.fmt(Target::Windows), - r#"[Rudder.Datastate]::Render('{{' + @' + r#"[Rudder.Datastate]::Render('{{{' + @' vars.node.properties. '@ + @' interfaces @@ -894,7 +894,7 @@ interfaces . '@ + @' eth0 -'@ + '}}')"# +'@ + '}}}')"# ); let e = Expression::NodeProperty(vec![ @@ -914,17 +914,17 @@ eth0 ]); assert_eq!( e.fmt(Target::Windows), - r#"[Rudder.Datastate]::Render('{{' + @' + r#"[Rudder.Datastate]::Render('{{{' + @' vars.node.properties. -'@ + ([Rudder.Datastate]::Render('{{' + @' +'@ + ([Rudder.Datastate]::Render('{{{' + @' vars.node.properties. '@ + @' inner -'@ + ([Rudder.Datastate]::Render('{{' + @' +'@ + ([Rudder.Datastate]::Render('{{{' + @' vars.sys. '@ + @' host -'@ + '}}')) + ([Rudder.Datastate]::Render('{{' + @' +'@ + '}}}')) + ([Rudder.Datastate]::Render('{{{' + @' vars.sys. '@ + @' interfaces @@ -932,11 +932,11 @@ interfaces . '@ + @' eth0 -'@ + '}}')) + '}}')) + @' +'@ + '}}}')) + '}}}')) + @' . '@ + @' tutu -'@ + '}}')"# +'@ + '}}}')"# ); assert_eq!( e.fmt(Target::Unix), @@ -950,13 +950,13 @@ tutu ])])]); assert_eq!( e.fmt(Target::Windows), - r#"([Rudder.Datastate]::Render('{{' + @' + r#"([Rudder.Datastate]::Render('{{{' + @' vars.sys. -'@ + ([Rudder.Datastate]::Render('{{' + @' +'@ + ([Rudder.Datastate]::Render('{{{' + @' vars. '@ + @' host -'@ + '}}')) + '}}'))"# +'@ + '}}}')) + '}}}'))"# .to_string() ); let e = Expression::GenericVar(vec![ @@ -965,9 +965,9 @@ host ]); assert_eq!( e.fmt(Target::Windows), - r#"[Rudder.Datastate]::Render('{{' + @' + r#"[Rudder.Datastate]::Render('{{{' + @' vars.bundle.plouf.key -'@ + '}}')"# +'@ + '}}}')"# .to_string() ); assert_eq!(e.fmt(Target::Unix), "${bundle.plouf[key]}".to_string()); @@ -980,9 +980,9 @@ vars.bundle.plouf.key f.fmt(Target::Windows), r#"@' bundle.plouf is -'@ + ([Rudder.Datastate]::Render('{{' + @' +'@ + ([Rudder.Datastate]::Render('{{{' + @' vars.bundle.plouf -'@ + '}}'))"# +'@ + '}}}'))"# .to_string() ); } diff --git a/policies/rudderc/tests/cases/general/escaping/technique.ps1 b/policies/rudderc/tests/cases/general/escaping/technique.ps1 index 1c58829611c..4b97082610f 100644 --- a/policies/rudderc/tests/cases/general/escaping/technique.ps1 +++ b/policies/rudderc/tests/cases/general/escaping/technique.ps1 @@ -27,30 +27,30 @@ $reportId=$reportIdBase + "a86ce2e5-d5b6-45cc-87e8-c11cca71d966" try { - $componentKey = ([Rudder.Datastate]::Render('{{' + @' + $componentKey = ([Rudder.Datastate]::Render('{{{' + @' vars.sys.host -'@ + '}}')) + @' +'@ + '}}}')) + @' . | / -'@ + ([Rudder.Datastate]::Render('{{' + @' +'@ + ([Rudder.Datastate]::Render('{{{' + @' vars.sys. -'@ + [Rudder.Datastate]::Render('{{' + @' +'@ + [Rudder.Datastate]::Render('{{{' + @' vars.host -'@ + '}}') + '}}')) + @' +'@ + '}}}') + '}}}')) + @' ' '' ''' $ $$ " "" \ \\😋aà3 '@ $reportParams = @{ ClassPrefix = ([Rudder.Condition]::canonify(("package_present_" + $componentKey))) ComponentKey = $componentKey - ComponentName = ([Rudder.Datastate]::Render('{{' + @' + ComponentName = ([Rudder.Datastate]::Render('{{{' + @' vars.sys.host -'@ + '}}')) + @' +'@ + '}}}')) + @' . | / -'@ + ([Rudder.Datastate]::Render('{{' + @' +'@ + ([Rudder.Datastate]::Render('{{{' + @' vars.sys. -'@ + [Rudder.Datastate]::Render('{{' + @' +'@ + [Rudder.Datastate]::Render('{{{' + @' vars.host -'@ + '}}') + '}}')) + @' +'@ + '}}}') + '}}}')) + @' ' '' ''' $ $$ " "" \ \\😋aà3 '@ @@ -60,27 +60,27 @@ vars.host TechniqueName = $techniqueName } - $class = ([Rudder.Condition]::canonify(([Rudder.Datastate]::Render('{{' + @' + $class = ([Rudder.Condition]::canonify(([Rudder.Datastate]::Render('{{{' + @' vars.my_cond -'@ + '}}')) + @' +'@ + '}}}')) + @' .debian| -'@ + ([Rudder.Datastate]::Render('{{' + @' +'@ + ([Rudder.Datastate]::Render('{{{' + @' vars.sys. -'@ + [Rudder.Datastate]::Render('{{' + @' +'@ + [Rudder.Datastate]::Render('{{{' + @' vars.plouf -'@ + '}}') + '}}')))) +'@ + '}}}') + '}}}')))) if ([Rudder.Datastate]::Evaluate($class)) { $methodParams = @{ Architecture = '' - Name = ([Rudder.Datastate]::Render('{{' + @' + Name = ([Rudder.Datastate]::Render('{{{' + @' vars.sys.host -'@ + '}}')) + @' +'@ + '}}}')) + @' . | / -'@ + ([Rudder.Datastate]::Render('{{' + @' +'@ + ([Rudder.Datastate]::Render('{{{' + @' vars.sys. -'@ + [Rudder.Datastate]::Render('{{' + @' +'@ + [Rudder.Datastate]::Render('{{{' + @' vars.host -'@ + '}}') + '}}')) + @' +'@ + '}}}') + '}}}')) + @' ' '' ''' $ $$ " "" \ \\😋aà3 '@ @@ -117,30 +117,30 @@ if(Get-Service "Zabbix agent") { write-output "exists" } $reportId=$reportIdBase + "a86ce2e5-d5b6-45cc-87e8-c11cca71d977" try { - $componentKey = ([Rudder.Datastate]::Render('{{' + @' + $componentKey = ([Rudder.Datastate]::Render('{{{' + @' vars.sys.host -'@ + '}}')) + @' +'@ + '}}}')) + @' . | / -'@ + ([Rudder.Datastate]::Render('{{' + @' +'@ + ([Rudder.Datastate]::Render('{{{' + @' vars.sys. -'@ + [Rudder.Datastate]::Render('{{' + @' +'@ + [Rudder.Datastate]::Render('{{{' + @' vars.host -'@ + '}}') + '}}')) + @' +'@ + '}}}') + '}}}')) + @' ' '' ''' $ $$ " "" \ \\😋aà3 '@ $reportParams = @{ ClassPrefix = ([Rudder.Condition]::canonify(("package_present_" + $componentKey))) ComponentKey = $componentKey - ComponentName = ([Rudder.Datastate]::Render('{{' + @' + ComponentName = ([Rudder.Datastate]::Render('{{{' + @' vars.sys.host -'@ + '}}')) + @' +'@ + '}}}')) + @' . | / -'@ + ([Rudder.Datastate]::Render('{{' + @' +'@ + ([Rudder.Datastate]::Render('{{{' + @' vars.sys. -'@ + [Rudder.Datastate]::Render('{{' + @' +'@ + [Rudder.Datastate]::Render('{{{' + @' vars.host -'@ + '}}') + '}}')) + @' +'@ + '}}}') + '}}}')) + @' ' '' ''' $ $$ " "" \ \\😋aà3 '@ @@ -152,15 +152,15 @@ vars.host $methodParams = @{ Architecture = '' - Name = ([Rudder.Datastate]::Render('{{' + @' + Name = ([Rudder.Datastate]::Render('{{{' + @' vars.sys.host -'@ + '}}')) + @' +'@ + '}}}')) + @' . | / -'@ + ([Rudder.Datastate]::Render('{{' + @' +'@ + ([Rudder.Datastate]::Render('{{{' + @' vars.sys. -'@ + [Rudder.Datastate]::Render('{{' + @' +'@ + [Rudder.Datastate]::Render('{{{' + @' vars.host -'@ + '}}') + '}}')) + @' +'@ + '}}}') + '}}}')) + @' ' '' ''' $ $$ " "" \ \\😋aà3 '@ diff --git a/policies/rudderc/tests/cases/general/ntp/technique.ps1 b/policies/rudderc/tests/cases/general/ntp/technique.ps1 index b830d42b106..f7c4fe27a5d 100644 --- a/policies/rudderc/tests/cases/general/ntp/technique.ps1 +++ b/policies/rudderc/tests/cases/general/ntp/technique.ps1 @@ -82,9 +82,9 @@ htop try { $componentKey = @' /bin/true "# -'@ + ([Rudder.Datastate]::Render('{{' + @' +'@ + ([Rudder.Datastate]::Render('{{{' + @' vars.node.inventory.os.fullName -'@ + '}}')) + @' +'@ + '}}}')) + @' " '@ $reportParams = @{ @@ -102,9 +102,9 @@ vars.node.inventory.os.fullName $methodParams = @{ Name = @' /bin/true "# -'@ + ([Rudder.Datastate]::Render('{{' + @' +'@ + ([Rudder.Datastate]::Render('{{{' + @' vars.node.inventory.os.fullName -'@ + '}}')) + @' +'@ + '}}}')) + @' " '@ diff --git a/policies/rudderc/tests/cases/general/param_in_condition/technique.ps1 b/policies/rudderc/tests/cases/general/param_in_condition/technique.ps1 index aad0b733f8b..635ed7a1333 100644 --- a/policies/rudderc/tests/cases/general/param_in_condition/technique.ps1 +++ b/policies/rudderc/tests/cases/general/param_in_condition/technique.ps1 @@ -29,9 +29,9 @@ try { $componentKey = @' /tmp/ -'@ + ([Rudder.Datastate]::Render('{{' + @' +'@ + ([Rudder.Datastate]::Render('{{{' + @' vars.param_in_condition.file -'@ + '}}')) +'@ + '}}}')) $reportParams = @{ ClassPrefix = ([Rudder.Condition]::canonify(("file_check_exists_" + $componentKey))) ComponentKey = $componentKey @@ -77,9 +77,9 @@ vars.param_in_condition.file $class = ([Rudder.Condition]::canonify(@' file_check_exists__tmp_ -'@ + ([Rudder.Datastate]::Render('{{' + @' +'@ + ([Rudder.Datastate]::Render('{{{' + @' vars.param_in_condition.file -'@ + '}}')) + @' +'@ + '}}}')) + @' _kept '@)) if ([Rudder.Datastate]::Evaluate($class)) { diff --git a/policies/rudderc/tests/cases/general/variables/technique.ps1 b/policies/rudderc/tests/cases/general/variables/technique.ps1 index 2547310b07d..b198686d47e 100644 --- a/policies/rudderc/tests/cases/general/variables/technique.ps1 +++ b/policies/rudderc/tests/cases/general/variables/technique.ps1 @@ -47,27 +47,27 @@ true foo foobar # With parameter foo -'@ + ([Rudder.Datastate]::Render('{{' + @' +'@ + ([Rudder.Datastate]::Render('{{{' + @' vars.test_windows.content -'@ + '}}')) + @' +'@ + '}}}')) + @' foobar # With a var looking like a parameter foo -'@ + ([Rudder.Datastate]::Render('{{' + @' +'@ + ([Rudder.Datastate]::Render('{{{' + @' vars.contentbis -'@ + '}}')) + @' +'@ + '}}}')) + @' # With a const -'@ + ([Rudder.Datastate]::Render('{{' + @' +'@ + ([Rudder.Datastate]::Render('{{{' + @' vars.const.n -'@ + '}}')) + @' +'@ + '}}}')) + @' # With node properties -'@ + ([Rudder.Datastate]::Render('{{' + @' +'@ + ([Rudder.Datastate]::Render('{{{' + @' vars.node.properties.name.key -'@ + '}}')) +'@ + '}}}')) Path = @' /some/path '@