mirror of https://github.com/ansible/ansible.git
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
45 lines
1.4 KiB
YAML
45 lines
1.4 KiB
YAML
1 year ago
|
- name: create test directories
|
||
|
file:
|
||
|
path: '{{ remote_tmp_dir }}/dir-traversal/{{ item }}'
|
||
|
state: directory
|
||
|
loop:
|
||
|
- source
|
||
|
- target
|
||
|
- roles
|
||
|
|
||
|
- name: create test content
|
||
|
copy:
|
||
|
dest: '{{ remote_tmp_dir }}/dir-traversal/source/content.txt'
|
||
|
content: |
|
||
|
some content to write
|
||
|
|
||
|
- name: build dangerous dir traversal role
|
||
|
script:
|
||
|
chdir: '{{ remote_tmp_dir }}/dir-traversal/source'
|
||
|
cmd: create-role-archive.py dangerous.tar content.txt {{ remote_tmp_dir }}/dir-traversal/target/target-file-to-overwrite.txt
|
||
|
executable: '{{ ansible_playbook_python }}'
|
||
|
|
||
|
- name: install dangerous role
|
||
|
command:
|
||
|
cmd: ansible-galaxy role install --roles-path '{{ remote_tmp_dir }}/dir-traversal/roles' dangerous.tar
|
||
|
chdir: '{{ remote_tmp_dir }}/dir-traversal/source'
|
||
|
ignore_errors: true
|
||
|
register: galaxy_install_dangerous
|
||
|
|
||
|
- name: check for overwritten file
|
||
|
stat:
|
||
|
path: '{{ remote_tmp_dir }}/dir-traversal/target/target-file-to-overwrite.txt'
|
||
|
register: dangerous_overwrite_stat
|
||
|
|
||
|
- name: get overwritten content
|
||
|
slurp:
|
||
|
path: '{{ remote_tmp_dir }}/dir-traversal/target/target-file-to-overwrite.txt'
|
||
|
register: dangerous_overwrite_content
|
||
|
when: dangerous_overwrite_stat.stat.exists
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- dangerous_overwrite_content.content|default('')|b64decode == ''
|
||
|
- not dangerous_overwrite_stat.stat.exists
|
||
|
- galaxy_install_dangerous is failed
|