avoid loading vars on unspecified basedir (cwd) (#42067)

* avoid loading vars on unspecified basedir (cwd)
6 years ago · de0e11c0d5
parent c3134ce6e2
commit de0e11c0d5
3 changed files with 15 additions and 2 deletions
--- a/changelogs/fragments/avoid_cwd_vars.yml
+++ b/changelogs/fragments/avoid_cwd_vars.yml
@ -0,0 +1,2 @@
+bugfixes:
+    - '**Security Fix** - avoid loading host/group vars from cwd when not specifying a playbook or playbook base dir'
--- a/lib/ansible/cli/init.py
+++ b/lib/ansible/cli/init.py
@ -664,7 +664,7 @@ class CLI(with_metaclass(ABCMeta, object)):
                ansible_versions[counter] = 0
            try:
                ansible_versions[counter] = int(ansible_versions[counter])
-            except:
+            except Exception:
                pass
        if len(ansible_versions) < 3:
            for counter in range(len(ansible_versions), 3):
@ -809,6 +809,12 @@ class CLI(with_metaclass(ABCMeta, object)):
        # the code, ensuring a consistent view of global variables
        variable_manager = VariableManager(loader=loader, inventory=inventory)

+        if hasattr(options, 'basedir'):
+            if options.basedir:
+                variable_manager.safe_basedir = True
+        else:
+            variable_manager.safe_basedir = True
+
        # load vars from cli options
        variable_manager.extra_vars = load_extra_vars(loader=loader, options=options)
        variable_manager.options_vars = load_options_vars(options, CLI.version_info(gitinfo=False))
--- a/lib/ansible/vars/manager.py
+++ b/lib/ansible/vars/manager.py
@ -90,6 +90,7 @@ class VariableManager:
        self._hostvars = None
        self._omit_token = '__omit_place_holder__%s' % sha1(os.urandom(64)).hexdigest()
        self._options_vars = defaultdict(dict)
+        self.safe_basedir = False

        # bad cache plugin is not fatal error
        try:
@ -110,6 +111,7 @@ class VariableManager:
            omit_token=self._omit_token,
            options_vars=self._options_vars,
            inventory=self._inventory,
+            safe_basedir=self.safe_basedir,
        )
        return data

@ -123,6 +125,7 @@ class VariableManager:
        self._omit_token = data.get('omit_token', '__omit_place_holder__%s' % sha1(os.urandom(64)).hexdigest())
        self._inventory = data.get('inventory', None)
        self._options_vars = data.get('options_vars', dict())
+        self.safe_basedir = data.get('safe_basedir', False)

    @property
    def extra_vars(self):
@ -183,7 +186,9 @@ class VariableManager:
        )

        # default for all cases
-        basedirs = [self._loader.get_basedir()]
+        basedirs = []
+        if self.safe_basedir:  # avoid adhoc/console loading cwd
+            basedirs = [self._loader.get_basedir()]

        if play:
            # first we compile any vars specified in defaults/main.yml