Moving the template handling into a simple wrapper object so templates don't have full access to the scope object without some real hacking.

git-svn-id: https://reductivelabs.com/svn/puppet/trunk@1342 980ebf18-57e1-0310-9a29-db15c13687c0
author: luke <luke@980ebf18-57e1-0310-9a29-db15c13687c0> 2006-06-30 00:28:16 +0000
committer: luke <luke@980ebf18-57e1-0310-9a29-db15c13687c0> 2006-06-30 00:28:16 +0000
commit: f792a02aa153eedf5293791daaf355232f357cc4 (patch)
tree: 9f8016c956afdcd4391999c87c79641e8306efe0
parent: 8b60619f5857569c2971237c80cf214cb8e71b3f (diff)
download: puppet-f792a02aa153eedf5293791daaf355232f357cc4.tar.gz
puppet-f792a02aa153eedf5293791daaf355232f357cc4.tar.xz
puppet-f792a02aa153eedf5293791daaf355232f357cc4.zip
3 files changed, 66 insertions, 21 deletions
diff --git a/lib/puppet/parser/functions.rb b/lib/puppet/parser/functions.rb
index cec7c02c5..38ba0da9f 100644
--- a/lib/puppet/parser/functions.rb
+++ b/lib/puppet/parser/functions.rb
@@ -125,22 +125,16 @@ module Functions
         require 'erb'
 
         vals.collect do |file|
-            unless file =~ /^#{File::SEPARATOR}/
-                file = File.join(Puppet[:templatedir], file)
-            end
-
-            unless File.exists?(file)
-                raise Puppet::ParseError,
-                    "Could not find template %s" % file
-            end
-
-            template = ERB.new(File.read(file))
+            # Use a wrapper, so the template can't get access to the full
+            # Scope object.
+            wrapper = Puppet::Parser::Scope::TemplateWrapper.new(self, file)
 
             begin
-                template.result(binding)
+                wrapper.result()
             rescue => detail
-                raise Puppet::ParseError, "Could not interpret template %s: %s" %
-                    [file, detail]
+                raise Puppet::ParseError,
+                    "Failed to parse template %s: %s" %
+                        [file, detail]
             end
         end.join("")
     end
diff --git a/lib/puppet/parser/scope.rb b/lib/puppet/parser/scope.rb
index 9165cdb7e..307545143 100644
--- a/lib/puppet/parser/scope.rb
+++ b/lib/puppet/parser/scope.rb
@@ -10,6 +10,39 @@ module Puppet::Parser
             attr_accessor :file, :line, :type, :name
         end
 
+        # A simple wrapper for templates, so they don't have full access to
+        # the scope objects.
+        class TemplateWrapper
+            attr_accessor :scope, :file
+
+            def initialize(scope, file)
+                @scope = scope
+                if file =~ /^#{File::SEPARATOR}/
+                    @file = file
+                else
+                    @file = File.join(Puppet[:templatedir], file)
+                end
+
+                unless FileTest.exists?(@file)
+                    raise Puppet::ParseError
+                        "Could not find template %s" % file
+                end
+            end
+
+            def method_missing(name, *args)
+                if value = @scope.lookupvar(name.to_s) and value != :undefined and value != ""
+                    return value
+                else
+                    super
+                end
+            end
+
+            def result
+                template = ERB.new(File.read(@file))
+                template.result(binding)
+            end
+        end
+
         # This doesn't actually work right now.
         Puppet.config.setdefaults(:puppet,
             :lexical => [false, "Whether to use lexical scoping (vs. dynamic)."],
@@ -43,14 +76,6 @@ module Puppet::Parser
             @@declarative = val
         end
 
-        def method_missing(name, *args)
-            if value = lookupvar(name.to_s) and value != :undefined and value != ""
-                return value
-            else
-                super
-            end
-        end
-
         # Add all of the defaults for a given object to that object.
         def adddefaults(obj)
             defaults = lookupdefaults(obj.type)
diff --git a/test/language/functions.rb b/test/language/functions.rb
index ee8f33c59..ae4b115ea 100755
--- a/test/language/functions.rb
+++ b/test/language/functions.rb
@@ -167,6 +167,32 @@ class TestLangFunctions < Test::Unit::TestCase
             "Templates were not handled correctly")
 
     end
+
+    def test_tempatefunction_cannot_see_scopes
+        template = tempfile()
+
+        File.open(template, "w") do |f|
+            f.puts "<%= lookupvar('myvar') %>"
+        end
+
+        func = nil
+        assert_nothing_raised do
+            func = Puppet::Parser::AST::Function.new(
+                :name => "template",
+                :ftype => :rvalue,
+                :arguments => AST::ASTArray.new(
+                    :children => [stringobj(template)]
+                )
+            )
+        end
+        ast = varobj("output", func)
+
+        scope = Puppet::Parser::Scope.new()
+        scope.setvar("myvar", "this is yayness")
+        assert_raise(Puppet::ParseError) do
+            ast.evaluate(:scope => scope)
+        end
+    end
 end
 
 # $Id$
author	luke <luke@980ebf18-57e1-0310-9a29-db15c13687c0>	2006-06-30 00:28:16 +0000
committer	luke <luke@980ebf18-57e1-0310-9a29-db15c13687c0>	2006-06-30 00:28:16 +0000
commit	f792a02aa153eedf5293791daaf355232f357cc4 (patch)
tree	9f8016c956afdcd4391999c87c79641e8306efe0
parent	8b60619f5857569c2971237c80cf214cb8e71b3f (diff)
download	puppet-f792a02aa153eedf5293791daaf355232f357cc4.tar.gz puppet-f792a02aa153eedf5293791daaf355232f357cc4.tar.xz puppet-f792a02aa153eedf5293791daaf355232f357cc4.zip