Is it safe to upload SLS (Salt States) file to a webserver

Question

I have a client who has just informed us that they need to host .sls files on their WordPress website and that these should be available as downloads to logged-in members.

Ignoring the technicalities of enabling WordPress to accept the .sls file as uploads via the Media Gallery, is it safe to upload these files and have them available as downloable links on a website?

There appears to be little info about this files type, although various sites refer to them as simple text files wheras at least one resource says that sls files "can aggressively manipulate files on a system".

Any info / recommendations would be appreciated.

P.s. By 'safe' I mean, could these files be executed online and any damage caused to the server /site?

Answer 1

From SaltStack Documentation:

Before delving into the particulars, it will help to understand that the SLS file is just a data structure under the hood. While understanding that the SLS is just a data structure isn't critical for understanding and making use of Salt States, it should help bolster knowledge of where the real power is.

SLS files are therefore, in reality, just dictionaries, lists, strings, and numbers

More than that, Salt does not work like sh myscript.sh, but with a whole structure of folders and files, making use of the top.sls files as an index.

Therefore, as someone downloading it would only have a minimum piece of a whole SaltStack structure, there's nothing they can do more than using it in their own installation.

Just make sure there's no relevant information written(it shouldn't by default) and if so, start using pillars instead.

Here's the documentation on the pillars