From da71acf1bfd0e0759fa32388bb3e44a24df58ef6 Mon Sep 17 00:00:00 2001 From: Evgenii Terechkov Date: Tue, 30 Aug 2016 23:50:12 +0700 Subject: [PATCH] Replace dangerous shell calls with module.run_command --- lib/ansible/modules/packaging/os/apt_rpm.py | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/lib/ansible/modules/packaging/os/apt_rpm.py b/lib/ansible/modules/packaging/os/apt_rpm.py index 5d923de85ea..59eccfee6ee 100755 --- a/lib/ansible/modules/packaging/os/apt_rpm.py +++ b/lib/ansible/modules/packaging/os/apt_rpm.py @@ -75,7 +75,7 @@ RPM_PATH="/usr/bin/rpm" def query_package(module, name): # rpm -q returns 0 if the package is installed, # 1 if it is not installed - rc = os.system("%s -q %s" % (RPM_PATH,name)) + rc, out, err = module.run_command("%s -q %s" % (RPM_PATH,name)) if rc == 0: return True else: @@ -84,14 +84,14 @@ def query_package(module, name): def query_package_provides(module, name): # rpm -q returns 0 if the package is installed, # 1 if it is not installed - rc = os.system("%s -q --provides %s >/dev/null" % (RPM_PATH,name)) + rc, out, err = module.run_command("%s -q --provides %s" % (RPM_PATH,name)) return rc == 0 def update_package_db(module): - rc = os.system("%s update" % APT_PATH) + rc, out, err = module.run_command("%s update" % APT_PATH) if rc != 0: - module.fail_json(msg="could not update package db") + module.fail_json(msg="could not update package db: %s" % err) def remove_packages(module, packages): @@ -102,10 +102,10 @@ def remove_packages(module, packages): if not query_package(module, package): continue - rc = os.system("%s -y remove %s > /dev/null" % (APT_PATH,package)) + rc, out, err = module.run_command("%s -y remove %s" % (APT_PATH,package)) if rc != 0: - module.fail_json(msg="failed to remove %s" % (package)) + module.fail_json(msg="failed to remove %s: %s" % (package, err)) remove_c += 1 @@ -124,9 +124,7 @@ def install_packages(module, pkgspec): if len(packages) != 0: - cmd = ("%s -y install %s > /dev/null" % (APT_PATH, packages)) - - rc, out, err = module.run_command(cmd,use_unsafe_shell=True) + rc, out, err = module.run_command("%s -y install %s" % (APT_PATH, packages)) installed = True for packages in pkgspec: