mirror of https://github.com/ansible/ansible.git
CVE-2021-3583
ensure we always have unsafe
Co-authored-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit 4c8c40fd3d
)
pull/75004/head
parent
67d2d13997
commit
8aa850e357
@ -0,0 +1,2 @@
|
|||||||
|
security_fixes:
|
||||||
|
- templating engine fix for not preserving usnafe status when trying to preserve newlines. CVE-2021-3583
|
@ -0,0 +1,19 @@
|
|||||||
|
- hosts: localhost
|
||||||
|
gather_facts: false
|
||||||
|
vars:
|
||||||
|
nottemplated: this should not be seen
|
||||||
|
imunsafe: !unsafe '{{ nottemplated }}'
|
||||||
|
tasks:
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
this_was_unsafe: >
|
||||||
|
{{ imunsafe }}
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
this_always_safe: '{{ imunsafe }}'
|
||||||
|
|
||||||
|
- name: ensure nothing was templated
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- this_always_safe == imunsafe
|
||||||
|
- imunsafe == this_was_unsafe.strip()
|
Loading…
Reference in New Issue