updated code security in pki state

states/_states/pki.py

@@ -4,12 +4,12 @@ from salt.utils.stringutils import get_diff
 
 
 def fetched(name=None,
-          url="http://pki",
-          username=None,
-          password=None,
-          domains=None,
-          fullcertfile=None,
-          keyfile=None):
+            url="http://pki",
+            username=None,
+            password=None,
+            domains=None,
+            fullcertfile=None,
+            keyfile=None):
 
     ret = {
         'name': name,
@@ -31,15 +31,19 @@ def fetched(name=None,
                                                    domains=domain_concat)
 
     if currentcert != newcert or currentkey != newkey:
-        wcert = __salt__['pki.write_file_content'](newcert, fullcertfile)
-        wkey = __salt__['pki.write_file_content'](newkey, keyfile)
+        if len(newcert) > 10 or len(newkey) > 10:
+            wcert = __salt__['pki.write_file_content'](newcert, fullcertfile)
+            wkey = __salt__['pki.write_file_content'](newkey, keyfile)
 
-        ret["changes"]["old"] = "\n".join([currentcert, currentkey])
-        ret["changes"]["new"] = "\n".join([newcert, newkey])
-        ret["changes"]["diff"] = get_diff(ret["changes"]["old"],
-                                          ret["changes"]["new"])
-        ret["comment"] = "Updated certificates and keys"
-        ret["result"] = all([wcert, wkey])
+            ret["changes"]["old"] = "\n".join([currentcert, currentkey])
+            ret["changes"]["new"] = "\n".join([newcert, newkey])
+            ret["changes"]["diff"] = get_diff(ret["changes"]["old"],
+                                              ret["changes"]["new"])
+            ret["comment"] = "Updated certificates and keys"
+            ret["result"] = all([wcert, wkey])
+        else:
+            ret["comment"] = "Error fetching in certificate / key length"
+            return ret
     else:
         ret["comment"] = "Config is good and not changed"
         ret["result"] = True