From 0d418789a298561fded9bce977d34babc9097079 Mon Sep 17 00:00:00 2001 From: James Cammarata Date: Wed, 8 Feb 2017 11:36:54 -0600 Subject: [PATCH] Revert "Fixing another corner case for security related to CVE-2016-9587" This reverts commit bcceada5d9b78ad77069c78226f8e9b336ff8949. --- lib/ansible/template/__init__.py | 4 ++-- lib/ansible/vars/unsafe_proxy.py | 8 ++------ 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/lib/ansible/template/__init__.py b/lib/ansible/template/__init__.py index 6adb880dcaf..1aef060505b 100644 --- a/lib/ansible/template/__init__.py +++ b/lib/ansible/template/__init__.py @@ -144,7 +144,7 @@ class AnsibleContext(Context): ''' if isinstance(val, dict): for key in val.keys(): - if self._is_unsafe(key) or self._is_unsafe(val[key]): + if self._is_unsafe(val[key]): return True elif isinstance(val, list): for item in val: @@ -385,11 +385,11 @@ class Templar: overrides=overrides, disable_lookups=disable_lookups, ) - unsafe = hasattr(result, '__UNSAFE__') if convert_data and not self._no_type_regex.match(variable): # if this looks like a dictionary or list, convert it to such using the safe_eval method if (result.startswith("{") and not result.startswith(self.environment.variable_start_string)) or \ result.startswith("[") or result in ("True", "False"): + unsafe = hasattr(result, '__UNSAFE__') eval_results = safe_eval(result, locals=self._available_variables, include_exceptions=True) if eval_results[1] is None: result = eval_results[0] diff --git a/lib/ansible/vars/unsafe_proxy.py b/lib/ansible/vars/unsafe_proxy.py index 42847053c95..426410ab611 100644 --- a/lib/ansible/vars/unsafe_proxy.py +++ b/lib/ansible/vars/unsafe_proxy.py @@ -98,14 +98,10 @@ class AnsibleJSONUnsafeDecoder(json.JSONDecoder): def _wrap_dict(v): - # Create new dict to get rid of the keys that are not wrapped. - new = {} for k in v.keys(): if v[k] is not None: - new[wrap_var(k)] = wrap_var(v[k]) - else: - new[wrap_var(k)] = None - return new + v[wrap_var(k)] = wrap_var(v[k]) + return v def _wrap_list(v):