Fix bcrypt salt regex checks

The two-digit header of a bcrypt salt is a strength parameter. Valid
values for the strength parameter range from 4 to 31 inclusive. Update
the regex used to check the salt to only match against values from 04 to
31.

Author: sabo

lib/puppet/parser/functions/pw_hash.rb

@@ -48,10 +48,10 @@
     'md5'       => { prefix: '1' },
     'sha-256'   => { prefix: '5' },
     'sha-512'   => { prefix: '6' },
-    'bcrypt'    => { prefix: '2b', salt: %r{^[0-9]{2}\$[./A-Za-z0-9]{22}} },
-    'bcrypt-a'  => { prefix: '2a', salt: %r{^[0-9]{2}\$[./A-Za-z0-9]{22}} },
-    'bcrypt-x'  => { prefix: '2x', salt: %r{^[0-9]{2}\$[./A-Za-z0-9]{22}} },
-    'bcrypt-y'  => { prefix: '2y', salt: %r{^[0-9]{2}\$[./A-Za-z0-9]{22}} },
+    'bcrypt'    => { prefix: '2b', salt: %r{^(0[4-9]|[12][0-9]|3[01])\$[./A-Za-z0-9]{22}} },
+    'bcrypt-a'  => { prefix: '2a', salt: %r{^(0[4-9]|[12][0-9]|3[01])\$[./A-Za-z0-9]{22}} },
+    'bcrypt-x'  => { prefix: '2x', salt: %r{^(0[4-9]|[12][0-9]|3[01])\$[./A-Za-z0-9]{22}} },
+    'bcrypt-y'  => { prefix: '2y', salt: %r{^(0[4-9]|[12][0-9]|3[01])\$[./A-Za-z0-9]{22}} },
   }
 
   raise ArgumentError, 'pw_hash(): first argument must be a string' unless args[0].is_a?(String) || args[0].nil?