[BUG] salt-call does not fail when bad pillar data is encountered.

[dwoz]

Description

salt-call does not fail when bad pillar data is encountered. If something goes wrong and the master returns invalid pillar data salt-call will use a default value from the state instead of failing. This could cause states to get applied which are invalid.

Setup

# /srv/salt/foo.sls 
{%- set var = salt ['pillar.get']('foobar', 'state default') %}

test:
  file.managed:
    - name: /tmp/hello
    - contents: {{ var }}

[root@ip-10-1-12-128 ec2-user]# salt-call state.apply foo
[ERROR   ] Got a bad pillar from master, type str, expecting dict: 
2024-07-09 23:30:03,705 [salt.pillar      :382 ][ERROR   ][28202] Got a bad pillar from master, type str, expecting dict: 
[ERROR   ] Got a bad pillar from master, type str, expecting dict: 
2024-07-09 23:30:03,985 [salt.pillar      :382 ][ERROR   ][28202] Got a bad pillar from master, type str, expecting dict: 
local:
----------
          ID: test
    Function: file.managed
        Name: /tmp/hello
      Result: True
     Comment: File /tmp/hello updated
     Started: 23:30:06.251713
    Duration: 7.0 ms
     Changes:   
              ----------
              diff:
                  New file

Summary for local
------------
Succeeded: 1 (changed=1)
Failed:    0
------------
Total states run:     1
Total run time:   7.000 ms
[root@ip-10-1-12-128 ec2-user]# cat /tmp/hello
state default

Versions Report
>=3006.8

This issue has been assigned a low risk CVE due to the loss of pillar integrity. CVE-2024-37088