From 601f681787c8d6c02bb3566b8cefde289377be0e Mon Sep 17 00:00:00 2001
From: Eli Young <elyscape@gmail.com>
Date: Thu, 28 May 2015 18:15:05 -0700
Subject: fqdn_rotate: Don't use the value itself as part of the random seed

Previously, the random number generator was seeded with the array or
string to be rotated in addition to any values specifically provided for
seeding. This behavior is potentially insecure in that it allows an
attacker who can modify the source data to choose the post-shuffle
order.
---
 spec/acceptance/fqdn_rotate_spec.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'spec/acceptance/fqdn_rotate_spec.rb')

diff --git a/spec/acceptance/fqdn_rotate_spec.rb b/spec/acceptance/fqdn_rotate_spec.rb
index 753068b..366d027 100755
--- a/spec/acceptance/fqdn_rotate_spec.rb
+++ b/spec/acceptance/fqdn_rotate_spec.rb
@@ -36,7 +36,7 @@ describe 'fqdn_rotate function', :unless => UNSUPPORTED_PLATFORMS.include?(fact(
       EOS
 
       apply_manifest(pp, :catch_failures => true) do |r|
-        expect(r.stdout).to match(/fqdn_rotate is \["c", "d", "a", "b"\]/)
+        expect(r.stdout).to match(/fqdn_rotate is \["d", "a", "b", "c"\]/)
       end
     end
   end
-- 
cgit v1.2.3


From 84279e90abdd7f67a4cce28a3adf899d2b752018 Mon Sep 17 00:00:00 2001
From: Eli Young <elyscape@gmail.com>
Date: Mon, 1 Jun 2015 16:46:08 -0700
Subject: fqdn_rotate: Add acceptance tests for custom seeds

---
 spec/acceptance/fqdn_rotate_spec.rb | 42 +++++++++++++++++++++++++++++++++++--
 1 file changed, 40 insertions(+), 2 deletions(-)

(limited to 'spec/acceptance/fqdn_rotate_spec.rb')

diff --git a/spec/acceptance/fqdn_rotate_spec.rb b/spec/acceptance/fqdn_rotate_spec.rb
index 366d027..f1a15d3 100755
--- a/spec/acceptance/fqdn_rotate_spec.rb
+++ b/spec/acceptance/fqdn_rotate_spec.rb
@@ -27,7 +27,7 @@ describe 'fqdn_rotate function', :unless => UNSUPPORTED_PLATFORMS.include?(fact(
         shell("mkdir -p '#{facts_d}'")
       end
     end
-    it 'fqdn_rotates floats' do
+    it 'rotates arrays' do
       shell("echo fqdn=fakehost.localdomain > '#{facts_d}/fqdn.txt'")
       pp = <<-EOS
       $a = ['a','b','c','d']
@@ -39,9 +39,47 @@ describe 'fqdn_rotate function', :unless => UNSUPPORTED_PLATFORMS.include?(fact(
         expect(r.stdout).to match(/fqdn_rotate is \["d", "a", "b", "c"\]/)
       end
     end
+    it 'rotates arrays with custom seeds' do
+      shell("echo fqdn=fakehost.localdomain > '#{facts_d}/fqdn.txt'")
+      pp = <<-EOS
+      $a = ['a','b','c','d']
+      $s = 'seed'
+      $o = fqdn_rotate($a, $s)
+      notice(inline_template('fqdn_rotate is <%= @o.inspect %>'))
+      EOS
+
+      apply_manifest(pp, :catch_failures => true) do |r|
+        expect(r.stdout).to match(/fqdn_rotate is \["c", "d", "a", "b"\]/)
+      end
+    end
+    it 'rotates strings' do
+      shell("echo fqdn=fakehost.localdomain > '#{facts_d}/fqdn.txt'")
+      pp = <<-EOS
+      $a = 'abcd'
+      $o = fqdn_rotate($a)
+      notice(inline_template('fqdn_rotate is <%= @o.inspect %>'))
+      EOS
+
+      apply_manifest(pp, :catch_failures => true) do |r|
+        expect(r.stdout).to match(/fqdn_rotate is "dabc"/)
+      end
+    end
+    it 'rotates strings with custom seeds' do
+      shell("echo fqdn=fakehost.localdomain > '#{facts_d}/fqdn.txt'")
+      pp = <<-EOS
+      $a = 'abcd'
+      $s = 'seed'
+      $o = fqdn_rotate($a, $s)
+      notice(inline_template('fqdn_rotate is <%= @o.inspect %>'))
+      EOS
+
+      apply_manifest(pp, :catch_failures => true) do |r|
+        expect(r.stdout).to match(/fqdn_rotate is "cdab"/)
+      end
+    end
   end
   describe 'failure' do
     it 'handles improper argument counts'
-    it 'handles non-numbers'
+    it 'handles invalid arguments'
   end
 end
-- 
cgit v1.2.3


From 78e8c73671d0d3b69b2999094ec3af638327f7c0 Mon Sep 17 00:00:00 2001
From: Travis Fields <travis@puppetlabs.com>
Date: Mon, 20 Jul 2015 14:35:57 -0700
Subject: (maint) Fix test to not assume is_pe fact on > 4.0.0 puppet

---
 spec/acceptance/fqdn_rotate_spec.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'spec/acceptance/fqdn_rotate_spec.rb')

diff --git a/spec/acceptance/fqdn_rotate_spec.rb b/spec/acceptance/fqdn_rotate_spec.rb
index f1a15d3..556c609 100755
--- a/spec/acceptance/fqdn_rotate_spec.rb
+++ b/spec/acceptance/fqdn_rotate_spec.rb
@@ -4,7 +4,8 @@ require 'spec_helper_acceptance'
 describe 'fqdn_rotate function', :unless => UNSUPPORTED_PLATFORMS.include?(fact('operatingsystem')) do
   describe 'success' do
     let(:facts_d) do
-      if fact('is_pe', '--puppet') == "true"
+      puppet_version = (on default, puppet('--version')).output.chomp
+      if puppet_version < '4.0.0' && fact('is_pe', '--puppet') == "true"
         if fact('osfamily') =~ /windows/i
           if fact('kernelmajversion').to_f < 6.0
             'C:/Documents and Settings/All Users/Application Data/PuppetLabs/facter/facts.d'
-- 
cgit v1.2.3


From a8d7563a441834ba5e4b9029c9446bb8f41f0921 Mon Sep 17 00:00:00 2001
From: David Schmitt <david.schmitt@puppetlabs.com>
Date: Wed, 22 Jul 2015 17:30:39 +0100
Subject: (main) clean up fqdn_rand acceptance tests to work on windows

---
 spec/acceptance/fqdn_rotate_spec.rb | 108 ++++++++++++++----------------------
 1 file changed, 43 insertions(+), 65 deletions(-)

(limited to 'spec/acceptance/fqdn_rotate_spec.rb')

diff --git a/spec/acceptance/fqdn_rotate_spec.rb b/spec/acceptance/fqdn_rotate_spec.rb
index 556c609..404351f 100755
--- a/spec/acceptance/fqdn_rotate_spec.rb
+++ b/spec/acceptance/fqdn_rotate_spec.rb
@@ -3,79 +3,57 @@ require 'spec_helper_acceptance'
 
 describe 'fqdn_rotate function', :unless => UNSUPPORTED_PLATFORMS.include?(fact('operatingsystem')) do
   describe 'success' do
-    let(:facts_d) do
-      puppet_version = (on default, puppet('--version')).output.chomp
-      if puppet_version < '4.0.0' && fact('is_pe', '--puppet') == "true"
-        if fact('osfamily') =~ /windows/i
-          if fact('kernelmajversion').to_f < 6.0
-            'C:/Documents and Settings/All Users/Application Data/PuppetLabs/facter/facts.d'
-          else
-            'C:/ProgramData/PuppetLabs/facter/facts.d'
-          end
-        else
-          '/etc/puppetlabs/facter/facts.d'
-        end
-      else
-        '/etc/facter/facts.d'
-      end
-    end
-    after :each do
-      shell("if [ -f '#{facts_d}/fqdn.txt' ] ; then rm '#{facts_d}/fqdn.txt' ; fi")
-    end
-    before :each do
-      #No need to create on windows, PE creates by default
-      if fact('osfamily') !~ /windows/i
-        shell("mkdir -p '#{facts_d}'")
+    include_context "with faked facts"
+    context "when the FQDN is 'fakehost.localdomain'" do
+      before :each do
+        fake_fact("fqdn", "fakehost.localdomain")
       end
-    end
-    it 'rotates arrays' do
-      shell("echo fqdn=fakehost.localdomain > '#{facts_d}/fqdn.txt'")
-      pp = <<-EOS
-      $a = ['a','b','c','d']
-      $o = fqdn_rotate($a)
-      notice(inline_template('fqdn_rotate is <%= @o.inspect %>'))
-      EOS
 
-      apply_manifest(pp, :catch_failures => true) do |r|
-        expect(r.stdout).to match(/fqdn_rotate is \["d", "a", "b", "c"\]/)
+      it 'rotates arrays' do
+        pp = <<-EOS
+        $a = ['a','b','c','d']
+        $o = fqdn_rotate($a)
+        notice(inline_template('fqdn_rotate is <%= @o.inspect %>'))
+        EOS
+
+        apply_manifest(pp, :catch_failures => true) do |r|
+          expect(r.stdout).to match(/fqdn_rotate is \["d", "a", "b", "c"\]/)
+        end
       end
-    end
-    it 'rotates arrays with custom seeds' do
-      shell("echo fqdn=fakehost.localdomain > '#{facts_d}/fqdn.txt'")
-      pp = <<-EOS
-      $a = ['a','b','c','d']
-      $s = 'seed'
-      $o = fqdn_rotate($a, $s)
-      notice(inline_template('fqdn_rotate is <%= @o.inspect %>'))
-      EOS
+      it 'rotates arrays with custom seeds' do
+        pp = <<-EOS
+        $a = ['a','b','c','d']
+        $s = 'seed'
+        $o = fqdn_rotate($a, $s)
+        notice(inline_template('fqdn_rotate is <%= @o.inspect %>'))
+        EOS
 
-      apply_manifest(pp, :catch_failures => true) do |r|
-        expect(r.stdout).to match(/fqdn_rotate is \["c", "d", "a", "b"\]/)
+        apply_manifest(pp, :catch_failures => true) do |r|
+          expect(r.stdout).to match(/fqdn_rotate is \["c", "d", "a", "b"\]/)
+        end
       end
-    end
-    it 'rotates strings' do
-      shell("echo fqdn=fakehost.localdomain > '#{facts_d}/fqdn.txt'")
-      pp = <<-EOS
-      $a = 'abcd'
-      $o = fqdn_rotate($a)
-      notice(inline_template('fqdn_rotate is <%= @o.inspect %>'))
-      EOS
+      it 'rotates strings' do
+        pp = <<-EOS
+        $a = 'abcd'
+        $o = fqdn_rotate($a)
+        notice(inline_template('fqdn_rotate is <%= @o.inspect %>'))
+        EOS
 
-      apply_manifest(pp, :catch_failures => true) do |r|
-        expect(r.stdout).to match(/fqdn_rotate is "dabc"/)
+        apply_manifest(pp, :catch_failures => true) do |r|
+          expect(r.stdout).to match(/fqdn_rotate is "dabc"/)
+        end
       end
-    end
-    it 'rotates strings with custom seeds' do
-      shell("echo fqdn=fakehost.localdomain > '#{facts_d}/fqdn.txt'")
-      pp = <<-EOS
-      $a = 'abcd'
-      $s = 'seed'
-      $o = fqdn_rotate($a, $s)
-      notice(inline_template('fqdn_rotate is <%= @o.inspect %>'))
-      EOS
+      it 'rotates strings with custom seeds' do
+        pp = <<-EOS
+        $a = 'abcd'
+        $s = 'seed'
+        $o = fqdn_rotate($a, $s)
+        notice(inline_template('fqdn_rotate is <%= @o.inspect %>'))
+        EOS
 
-      apply_manifest(pp, :catch_failures => true) do |r|
-        expect(r.stdout).to match(/fqdn_rotate is "cdab"/)
+        apply_manifest(pp, :catch_failures => true) do |r|
+          expect(r.stdout).to match(/fqdn_rotate is "cdab"/)
+        end
       end
     end
   end
-- 
cgit v1.2.3