Harden root_password class

Prior to this commit there was a possibility that malformed
strings could be passed in to the resource. This could lead
to unsafe executions on a remote system.

The parameters that are susceptible are `install_secret_file`.

This commit fixes the above by adding validation to ensure the given
values confirm to expectation.

`secret_file` is validated with a regular expresion that ensures the
given value is a valid path.

Author: chelnak

manifests/server/root_password.pp

@@ -19,6 +19,12 @@
   $secret_file = $mysql::server::install_secret_file
   $login_file = $mysql::server::login_file
 
+  # Validate that the given secret_file value is a valid path
+  if $secret_file !~ /^\/(.?)(?:[A-Za-z0-9_-]+\/?+)+(?:.[A-Za-z0-9]+)$/ {
+    $message = "Invalid value provided for parameter install_secret_file. '${secret_file}' is not a valid path."
+    fail($message)
+  }
+
   # New installations of MySQL will configure a default random password for the root user
   # with an expiration. No actions can be performed until this password is changed. The
   # below exec will remove this default password. If the user has supplied a root