Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[3006.x] Raise exception when bad pillar data is encountered #66709

Merged
merged 4 commits into from
Jul 17, 2024
Merged

[3006.x] Raise exception when bad pillar data is encountered #66709

merged 4 commits into from
Jul 17, 2024

Conversation

dwoz
Copy link
Contributor

@dwoz dwoz commented Jul 12, 2024

What does this PR do?

RemotePillar raises an exception on bad data

If the master returns a bad pillar data response the pillar client
should raise an exception. This changes RemotePillar and
AsyncRemotePillar classes to use the same logic for validating pillar
data from the master. Fixes CVE-2024-37088 by causing salt-call to fail
with a non zero exit code rather than continuing to execute a state when
pillar data rendering fails on the master.

What issues does this PR fix or reference?

Fixes #66702

Merge requirements satisfied?

[NOTICE] Bug fixes or features added to Salt require tests.

@dwoz dwoz requested a review from a team as a code owner July 12, 2024 22:23
@salt-project-bot-prod-environment salt-project-bot-prod-environment bot changed the title Issue/3006.x/66702 [3006.x] Issue/3006.x/66702 Jul 12, 2024
@dwoz dwoz added test:full Run the full test suite test:pkg Run the package tests labels Jul 12, 2024
@dwoz dwoz mentioned this pull request Jul 12, 2024
Closed
3 tasks
@dwoz dwoz changed the title [3006.x] Issue/3006.x/66702 [3006.x] Raise exception when bad pillar data is encountered Jul 12, 2024
@dwoz dwoz dismissed stale reviews from twangboy and dmurphy18 via 30cc3b8 July 17, 2024 08:20
@dwoz