From da96c7c99edf9f54d16218c606a3673c22e82717 Mon Sep 17 00:00:00 2001 From: tkishel Date: Thu, 9 Apr 2020 11:45:57 -0700 Subject: [PATCH] (MODULES-10623) scope calls to JSON methods MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Call ::JSON to ensure it references the JSON library from Ruby’s standard library instead of a random JSON namespace that might be in scope due to user code. For example:: https://github.com/puppetlabs/pdk/blob/master/lib/pdk/config/json.rb --- lib/facter/facter_dot_d.rb | 5 +++-- lib/puppet/functions/to_json_pretty.rb | 5 ++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/facter/facter_dot_d.rb b/lib/facter/facter_dot_d.rb index 2d6e17961..b3b161201 100644 --- a/lib/facter/facter_dot_d.rb +++ b/lib/facter/facter_dot_d.rb @@ -66,8 +66,9 @@ def json_parser(file) retry if require 'rubygems' raise end - - JSON.parse(File.read(file)).each_pair do |f, v| + # Call ::JSON to ensure it references the JSON library from Ruby’s standard library + # instead of a random JSON namespace that might be in scope due to user code. + ::JSON.parse(File.read(file)).each_pair do |f, v| Facter.add(f) do setcode { v } end diff --git a/lib/puppet/functions/to_json_pretty.rb b/lib/puppet/functions/to_json_pretty.rb index 5e72c6b1d..e3dae5915 100644 --- a/lib/puppet/functions/to_json_pretty.rb +++ b/lib/puppet/functions/to_json_pretty.rb @@ -1,4 +1,5 @@ require 'json' + # @summary # Convert data structure and output to pretty JSON # @@ -72,6 +73,8 @@ def to_json_pretty(data, skip_undef = false, opts = nil) data = data.reject { |_, value| value.nil? } end end - JSON.pretty_generate(data, opts) << "\n" + # Call ::JSON to ensure it references the JSON library from Ruby’s standard library + # instead of a random JSON namespace that might be in scope due to user code. + ::JSON.pretty_generate(data, opts) << "\n" end end