mirror of https://github.com/ansible/ansible.git
CVE-2021-3583
ensure we always have unsafe
Co-authored-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit 4c8c40fd3d
)
pull/74984/head
parent
578fa17af5
commit
03aff644cc
@ -0,0 +1,2 @@
|
||||
security_fixes:
|
||||
- templating engine fix for not preserving usnafe status when trying to preserve newlines. CVE-2021-3583
|
@ -0,0 +1,19 @@
|
||||
- hosts: localhost
|
||||
gather_facts: false
|
||||
vars:
|
||||
nottemplated: this should not be seen
|
||||
imunsafe: !unsafe '{{ nottemplated }}'
|
||||
tasks:
|
||||
|
||||
- set_fact:
|
||||
this_was_unsafe: >
|
||||
{{ imunsafe }}
|
||||
|
||||
- set_fact:
|
||||
this_always_safe: '{{ imunsafe }}'
|
||||
|
||||
- name: ensure nothing was templated
|
||||
assert:
|
||||
that:
|
||||
- this_always_safe == imunsafe
|
||||
- imunsafe == this_was_unsafe.strip()
|
Loading…
Reference in New Issue