Merge pull request #181 from vinzent/119_validate_port_params

(GH-119) Don't accept udp6 and tcp6 as protocol name with selinux::port
voxpupuli · Jan 17, 2017 · 75dfc59 · 75dfc59
2 parents 691cc28 + a25d44d
commit 75dfc59
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/manifests/port.pp b/manifests/port.pp
@@ -29,8 +29,10 @@
   Selinux::Port[$title] ->
   Anchor['selinux::end']
 
+  validate_re("${port}", '^[0-9]+(-[0-9]+)?$') # lint:ignore:only_variable_string
+
   if $protocol {
-    validate_re($protocol, ['^tcp6?$', '^udp6?$'])
+    validate_re($protocol, ['^tcp$', '^udp$'])
     $protocol_switch = ['-p', $protocol]
     $protocol_check = "${protocol} "
     $port_exec_command = "add_${context}_${port}_${protocol}"

diff --git a/spec/defines/selinux_port_spec.rb b/spec/defines/selinux_port_spec.rb
@@ -20,7 +20,7 @@
         it { is_expected.to contain_selinux__port('myapp').that_comes_before('Anchor[selinux::end]') }
       end
 
-      %w(tcp udp tcp6 udp6).each do |protocol|
+      %w(tcp udp).each do |protocol|
         context "valid protocol #{protocol}" do
           let(:params) do
             {