Skip to main content

Chef/Correctness/ConditionalRubyShellout

Cookstyle cops page

The Cookstyle cops department: Chef/Correctness

Enabled by defaultSupports autocorrectionTarget Chef Version
EnabledYesAll Versions

Don’t use Ruby to shellout in a only_if / not_if conditional. Any string value used in an only_if / not_if is executed in your system’s shell and the return code of the command is the result for the not_if / only_if determination.

Examples

incorrect

cookbook_file '/logs/foo/error.log' do
  source 'error.log'
  only_if { system('wget https://www.bar.com/foobar.txt -O /dev/null') }
end

cookbook_file '/logs/foo/error.log' do
  source 'error.log'
  only_if { shell_out('wget https://www.bar.com/foobar.txt -O /dev/null').exitstatus == 0 }
end

correct

cookbook_file '/logs/foo/error.log' do
  source 'error.log'
  only_if 'wget https://www.bar.com/foobar.txt -O /dev/null'
end

Configurable attributes

NameDefault valueConfigurable values
Version Added6.1.0String
Include
    Array

    Thank you for your feedback!

    ×