From 5966e77b980e2922dc2a4b64728a0c3bca0642db Mon Sep 17 00:00:00 2001 From: Paul Lecuq Date: Sat, 25 Sep 2021 17:17:29 +0200 Subject: [PATCH] updated code security in pki state --- states/_states/pki.py | 32 ++++++++++++++++++-------------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/states/_states/pki.py b/states/_states/pki.py index d30d793..9f90f44 100644 --- a/states/_states/pki.py +++ b/states/_states/pki.py @@ -4,12 +4,12 @@ from salt.utils.stringutils import get_diff def fetched(name=None, - url="http://pki", - username=None, - password=None, - domains=None, - fullcertfile=None, - keyfile=None): + url="http://pki", + username=None, + password=None, + domains=None, + fullcertfile=None, + keyfile=None): ret = { 'name': name, @@ -31,15 +31,19 @@ def fetched(name=None, domains=domain_concat) if currentcert != newcert or currentkey != newkey: - wcert = __salt__['pki.write_file_content'](newcert, fullcertfile) - wkey = __salt__['pki.write_file_content'](newkey, keyfile) + if len(newcert) > 10 or len(newkey) > 10: + wcert = __salt__['pki.write_file_content'](newcert, fullcertfile) + wkey = __salt__['pki.write_file_content'](newkey, keyfile) - ret["changes"]["old"] = "\n".join([currentcert, currentkey]) - ret["changes"]["new"] = "\n".join([newcert, newkey]) - ret["changes"]["diff"] = get_diff(ret["changes"]["old"], - ret["changes"]["new"]) - ret["comment"] = "Updated certificates and keys" - ret["result"] = all([wcert, wkey]) + ret["changes"]["old"] = "\n".join([currentcert, currentkey]) + ret["changes"]["new"] = "\n".join([newcert, newkey]) + ret["changes"]["diff"] = get_diff(ret["changes"]["old"], + ret["changes"]["new"]) + ret["comment"] = "Updated certificates and keys" + ret["result"] = all([wcert, wkey]) + else: + ret["comment"] = "Error fetching in certificate / key length" + return ret else: ret["comment"] = "Config is good and not changed" ret["result"] = True