From e8a396be16a737119e62d1e72ccafeec60c884bc Mon Sep 17 00:00:00 2001 From: Evan Kaufman Date: Fri, 21 Jul 2017 14:51:34 -0700 Subject: [PATCH] cron - validate filename portion of cron_file param (#19185) * Validated filename from `cron_file` param, updated docs Fixes ansible/ansible-modules-core#4795, moved from ansible/ansible-modules-core#5361 * Broke long warning message over multiple lines See: https://github.com/ansible/ansible/pull/19185#issuecomment-302961152 --- lib/ansible/modules/system/cron.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lib/ansible/modules/system/cron.py b/lib/ansible/modules/system/cron.py index 36c85e56c5d..8e1a9a25ddb 100644 --- a/lib/ansible/modules/system/cron.py +++ b/lib/ansible/modules/system/cron.py @@ -84,6 +84,8 @@ options: - If specified, uses this file instead of an individual user's crontab. If this is a relative path, it is interpreted with respect to /etc/cron.d. (If it is absolute, it will typically be /etc/crontab). + Many linux distros expect (and some require) the filename portion to consist solely + of upper- and lower-case letters, digits, underscores, and hyphens. To use the C(cron_file) parameter you must specify the C(user) as well. required: false default: null @@ -631,6 +633,13 @@ def main(): changed = False res_args = dict() + warnings = list() + + if cron_file: + cron_file_basename = os.path.basename(cron_file) + if not re.search(r'^[A-Z0-9_-]+$', cron_file_basename, re.I): + warnings.append('Filename portion of cron_file ("%s") should consist' % cron_file_basename + + ' solely of upper- and lower-case letters, digits, underscores, and hyphens') # Ensure all files generated are only writable by the owning user. Primarily relevant for the cron_file option. os.umask(int('022', 8)) @@ -736,6 +745,7 @@ def main(): res_args = dict( jobs = crontab.get_jobnames(), envs = crontab.get_envnames(), + warnings = warnings, changed = changed )