When performing network operations, prioritize security and configurability to ensure robustness across different environments. This includes: 1. **Use explicit command patterns**: When executing shell commands that involve network operations, avoid string interpolation and use argument arrays instead to prevent command injection vulnerabilities.
When performing network operations, prioritize security and configurability to ensure robustness across different environments. This includes:
# Avoid - potential command injection risk
shell_out!("semodule --install '#{selinux_module_filepath('pp')}'")
# Prefer - safer argument passing without shell interpretation
shell_out!("semodule", "--install", selinux_module_filepath('pp'))
# Unclear - abbreviation hides the operation being performed
powershell_exec("iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))").error!
# Clear - explicitly states what's happening with a clarifying comment
# note that Invoke-Expression is being called on the downloaded script (outer parens)
powershell_exec("Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))").error!
# Add to your resource
property :http_options, Hash,
description: "Configuration options for the HTTP client"
# Then in your provider
def http_client_opts
defaults = { retries: 5, retry_delay: 2 }
defaults.merge(new_resource.http_options || {})
end
These practices ensure network operations are secure against injection attacks, clearly documented for maintainers, and configurable for different network environments.
Enter the URL of a public GitHub repository