mirror of https://github.com/ansible/ansible.git
(cherry picked from commit 79e9dae
)
Co-authored-by: Matt Martz <matt@sivel.net>
pull/75864/head
parent
4737c01acb
commit
f2b14b9aa3
@ -0,0 +1,5 @@
|
||||
---
|
||||
security_fixes:
|
||||
- Do not include params in exception when a call to ``set_options`` fails.
|
||||
Additionally, block the exception that is returned from being displayed to stdout.
|
||||
(CVE-2021-3620)
|
@ -0,0 +1,22 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
# Copyright: (c) 2021, Matt Martz <matt@sivel.net>
|
||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
__metaclass__ = type
|
||||
|
||||
from ansible.module_utils import connection
|
||||
|
||||
import pytest
|
||||
|
||||
|
||||
def test_set_options_credential_exposure():
|
||||
def send(data):
|
||||
return '{'
|
||||
|
||||
c = connection.Connection(connection.__file__)
|
||||
c.send = send
|
||||
with pytest.raises(connection.ConnectionError) as excinfo:
|
||||
c._exec_jsonrpc('set_options', become_pass='password')
|
||||
|
||||
assert 'password' not in str(excinfo.value)
|
Loading…
Reference in New Issue