carroarmato0/ansible.posix
1
0
Fork 0
mirror of https://github.com/ansible-collections/ansible.posix.git synced 2026-01-11 15:15:26 +01:00
Code Issues Projects Releases Packages Wiki Activity

Synchronize: properly quote shell command components

Browse source 
The synchronize action plugin and module were a bit sloppy when it
came to the command-line parameter quoting and that caused failuer on
some systems (for example, on Fedora 34).

This commit makes sure any argumnts with potentially problematic
characters are quoted before being used.
This commit is contained in:
Tadej Borovšak 2021-08-04 12:02:44 +02:00
parent 5282ece77e
commit db12a40a4c
3 changed files with 11 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
changelogs/fragments/241-synchronize-shell-quoting.yml Normal file
View file

@ -0,0 +1,3 @@
---
bugfixes:
- synchronize - properly quote rsync CLI parameters (https://github.com/ansible-collections/ansible.posix/pull/241).

9
plugins/action/synchronize.py
View file

@ -21,6 +21,7 @@ import os.path
from ansible import constants as C from ansible import constants as C
from ansible.module_utils.six import string_types from ansible.module_utils.six import string_types
from ansible.module_utils.six.moves import shlex_quote
from ansible.module_utils._text import to_text from ansible.module_utils._text import to_text
from ansible.module_utils.common._collections_compat import MutableSequence from ansible.module_utils.common._collections_compat import MutableSequence
from ansible.module_utils.parsing.convert_bool import boolean from ansible.module_utils.parsing.convert_bool import boolean
@ -414,13 +415,13 @@ class ActionModule(ActionBase):
if self._remote_transport in DOCKER + PODMAN: if self._remote_transport in DOCKER + PODMAN:
if become and self._play_context.become_user: if become and self._play_context.become_user:
_tmp_args['rsync_opts'].append("--rsh=%s exec -u %s -i" % (self._docker_cmd, self._play_context.become_user)) _tmp_args['rsync_opts'].append('--rsh=' + shlex_quote('%s exec -u %s -i' % (self._docker_cmd, self._play_context.become_user)))
elif user is not None: elif user is not None:
_tmp_args['rsync_opts'].append("--rsh=%s exec -u %s -i" % (self._docker_cmd, user)) _tmp_args['rsync_opts'].append('--rsh=' + shlex_quote('%s exec -u %s -i' % (self._docker_cmd, user)))
else: else:
_tmp_args['rsync_opts'].append("--rsh=%s exec -i" % self._docker_cmd) _tmp_args['rsync_opts'].append('--rsh=' + shlex_quote('%s exec -i' % self._docker_cmd))
elif self._remote_transport in BUILDAH: elif self._remote_transport in BUILDAH:
_tmp_args['rsync_opts'].append("--rsh=buildah run --") _tmp_args['rsync_opts'].append('--rsh=' + shlex_quote('buildah run --'))
# run the module and store the result # run the module and store the result
result.update(self._execute_module('ansible.posix.synchronize', module_args=_tmp_args, task_vars=task_vars)) result.update(self._execute_module('ansible.posix.synchronize', module_args=_tmp_args, task_vars=task_vars))

6
plugins/modules/synchronize.py
View file

@ -548,10 +548,10 @@ def main():
ssh_cmd_str = ' '.join(shlex_quote(arg) for arg in ssh_cmd) ssh_cmd_str = ' '.join(shlex_quote(arg) for arg in ssh_cmd)
if ssh_args: if ssh_args:
ssh_cmd_str += ' %s' % ssh_args ssh_cmd_str += ' %s' % ssh_args
cmd.append(shlex_quote('--rsh=%s' % ssh_cmd_str)) cmd.append('--rsh=%s' % shlex_quote(ssh_cmd_str))
if rsync_path: if rsync_path:
cmd.append(shlex_quote('--rsync-path=%s' % rsync_path)) cmd.append('--rsync-path=%s' % shlex_quote(rsync_path))
if rsync_opts: if rsync_opts:
if '' in rsync_opts: if '' in rsync_opts:
@ -577,7 +577,7 @@ def main():
cmd.append('--link-dest=%s' % link_path) cmd.append('--link-dest=%s' % link_path)
changed_marker = '<<CHANGED>>' changed_marker = '<<CHANGED>>'
cmd.append(shlex_quote('--out-format=' + changed_marker + '%i %n%L')) cmd.append('--out-format=%s' % shlex_quote(changed_marker + '%i %n%L'))
# expand the paths # expand the paths
if '@' not in source: if '@' not in source: