Sanitize sudo success_key from stdout for raw/script modules

Fixes #5533 Closes #5605 Closes #5606 Closes #5607
11 years ago · 788ac51185
parent 05b6b248c1
commit 788ac51185
1 changed files with 8 additions and 3 deletions
--- a/lib/ansible/runner/action_plugins/raw.py
+++ b/lib/ansible/runner/action_plugins/raw.py
@ -43,6 +43,11 @@ class ActionModule(object):
                executable = v
        module_args = r.sub("", module_args)

-        return ReturnData(conn=conn,
-            result=self.runner._low_level_exec_command(conn, module_args, tmp, sudoable=True, executable=executable)
-        )
+        result = self.runner._low_level_exec_command(conn, module_args, tmp, sudoable=True, executable=executable)
+        # for some modules (script, raw), the sudo success key
+        # may leak into the stdout due to the way the sudo/su
+        # command is constructed, so we filter that out here
+        if result.get('stdout','').startswith('SUDO-SUCCESS-'):
+            result['stdout'] = re.sub(r'^SUDO-SUCCESS.*(\r)?\n', '', result['stdout'])
+
+        return ReturnData(conn=conn, result=result)