Merge pull request #241 from xlab-steampunk/shell-quoting

Properly quote Synchronize SUMMARY The synchronize action plugin and module were a bit sloppy when it came to the command-line parameter quoting and that caused failure on some systems (for example, on Fedora 34). This commit makes sure any arguments with potentially problematic characters are quoted before being used. Fixes #242 ISSUE TYPE Bugfix Pull Request COMPONENT NAME synchronize Reviewed-by: Sergey <None> Reviewed-by: Abhijeet Kasurde <None> Reviewed-by: None <None>
2026-01-11 15:15:26 +01:00 · 2021-08-09 13:08:23 +00:00 · 2021-08-09 13:08:23 +00:00 · 7a62e01af6
commit 7a62e01af6
parent 18614bb82d db12a40a4c
3 changed files with 11 additions and 7 deletions
--- a/changelogs/fragments/241-synchronize-shell-quoting.yml
+++ b/changelogs/fragments/241-synchronize-shell-quoting.yml
@ -0,0 +1,3 @@
+---
+bugfixes:
+  - synchronize - properly quote rsync CLI parameters (https://github.com/ansible-collections/ansible.posix/pull/241).
--- a/plugins/action/synchronize.py
+++ b/plugins/action/synchronize.py
@ -21,6 +21,7 @@ import os.path

 from ansible import constants as C
 from ansible.module_utils.six import string_types
+from ansible.module_utils.six.moves import shlex_quote
 from ansible.module_utils._text import to_text
 from ansible.module_utils.common._collections_compat import MutableSequence
 from ansible.module_utils.parsing.convert_bool import boolean
@ -414,13 +415,13 @@ class ActionModule(ActionBase):

            if self._remote_transport in DOCKER + PODMAN:
                if become and self._play_context.become_user:
-                    _tmp_args['rsync_opts'].append("--rsh=%s exec -u %s -i" % (self._docker_cmd, self._play_context.become_user))
+                    _tmp_args['rsync_opts'].append('--rsh=' + shlex_quote('%s exec -u %s -i' % (self._docker_cmd, self._play_context.become_user)))
                elif user is not None:
-                    _tmp_args['rsync_opts'].append("--rsh=%s exec -u %s -i" % (self._docker_cmd, user))
+                    _tmp_args['rsync_opts'].append('--rsh=' + shlex_quote('%s exec -u %s -i' % (self._docker_cmd, user)))
                else:
-                    _tmp_args['rsync_opts'].append("--rsh=%s exec -i" % self._docker_cmd)
+                    _tmp_args['rsync_opts'].append('--rsh=' + shlex_quote('%s exec -i' % self._docker_cmd))
            elif self._remote_transport in BUILDAH:
-                _tmp_args['rsync_opts'].append("--rsh=buildah run --")
+                _tmp_args['rsync_opts'].append('--rsh=' + shlex_quote('buildah run --'))

        # run the module and store the result
        result.update(self._execute_module('ansible.posix.synchronize', module_args=_tmp_args, task_vars=task_vars))
--- a/plugins/modules/synchronize.py
+++ b/plugins/modules/synchronize.py
@ -548,10 +548,10 @@ def main():
            ssh_cmd_str = ' '.join(shlex_quote(arg) for arg in ssh_cmd)
            if ssh_args:
                ssh_cmd_str += ' %s' % ssh_args
-            cmd.append(shlex_quote('--rsh=%s' % ssh_cmd_str))
+            cmd.append('--rsh=%s' % shlex_quote(ssh_cmd_str))

    if rsync_path:
-        cmd.append(shlex_quote('--rsync-path=%s' % rsync_path))
+        cmd.append('--rsync-path=%s' % shlex_quote(rsync_path))

    if rsync_opts:
        if '' in rsync_opts:
@ -577,7 +577,7 @@ def main():
            cmd.append('--link-dest=%s' % link_path)

    changed_marker = '<<CHANGED>>'
-    cmd.append(shlex_quote('--out-format=' + changed_marker + '%i %n%L'))
+    cmd.append('--out-format=%s' % shlex_quote(changed_marker + '%i %n%L'))

    # expand the paths
    if '@' not in source: