I don't like the lack of array-based exec (it uses %x{cmd arg arg}, which is `cmd arg arg`, which could lead to shell escapes) but it seems self-contained (i.e. "arg" only ever comes from system output). I think the tool looks very fragile as it depends strongly on the output format of various system tools, so it may become a pain for backporting if that ever happens. Since it's mostly just a puppet dep, I think this will be okay. +1
I don't like the lack of array-based exec (it uses %x{cmd arg arg}, which is `cmd arg arg`, which could lead to shell escapes) but it seems self-contained (i.e. "arg" only ever comes from system output). I think the tool looks very fragile as it depends strongly on the output format of various system tools, so it may become a pain for backporting if that ever happens. Since it's mostly just a puppet dep, I think this will be okay. +1