From c87af621cb59565f37893e1673bbbcd20a7f7f96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ingy=20d=C3=B6t=20Net?= Date: Fri, 16 Feb 2018 16:31:39 -0800 Subject: [PATCH] Don't allow {{ 'foo' }} unquoted jinja value The unquoted jinja feature only works when the unquoted value is valid YAML. Don't allow `foo: {{ 'bar' }}` when the internal value is a quoted string. This form is dubious and probably never seen in the wild. We just don't give it special treatment so it fails same as before. Also added check to assert jinja key is a string. --- lib/ansible/parsing/utils/yaml.py | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/lib/ansible/parsing/utils/yaml.py b/lib/ansible/parsing/utils/yaml.py index ab722c57b43..d94f493ba6d 100644 --- a/lib/ansible/parsing/utils/yaml.py +++ b/lib/ansible/parsing/utils/yaml.py @@ -48,20 +48,18 @@ def _construct_scalar(loader, node): map_as_key_key = node.value[0][0] map_as_key_val = node.value[0][1] - # And have key that is a mapping and a null value: + # And have key that is a mapping, and a value that is null: if map_as_key_key.tag == 'tag:yaml.org,2002:map' and \ map_as_key_val.tag == 'tag:yaml.org,2002:null': - # Get the string intended jinja string value: - scalar_node = map_as_key_key.value[0][0] + # Get the intended jinja string value: + jinja_string = map_as_key_key.value[0][0] - # Put the braces back onto it: - if scalar_node.style in ['"', "'"]: - # With quotes if original was quoted: - return "{{'%s'}}" % scalar_node.value - - # Else unquoted: - return "{{%s}}" % scalar_node.value + # If jinja string was not quoted: + if jinja_string.tag == 'tag:yaml.org,2002:str' and \ + jinja_string.style == '': + # Add jinja double braces back in: + return "{{%s}}" % jinja_string.value # Else process mapping as usual: return loader.construct_mapping(node)