Commit Graph

5 Commits (1e6ffc1d02559a26def6c9c3b07baf27032865a2)

Author SHA1 Message Date
Sloane Hertel 3a42a00368
Targeted fix for installing roles with symlinks containing '..' (#82165)
Set the tarfile attribute to a normalized value from unfrackpath instead
of validating path parts and omiting potentially invald parts

Allow tarfile paths/links containing '..', '$', '~' as long as the
normalized realpath is in the tarfile's role directory
1 year ago
Matt Martz ddf0311c63
Prevent roles from using symlinks to overwrite files outside of the installation directory (#81780)
* Sanitize linkname during role installs

* Add tests

* add clog frag
1 year ago
Aleksey Tsalolikhin bdaa091b33
Add warnings for illegal file names in role (#81555)
Co-authored-by: Aleksey Tsalolikhin <atsaloli.tech@gmail.com>
1 year ago
Sloane Hertel 89d682464b
Fix isinstance check (#79159)
Use GalaxyAPI for isinstance check instead of RoleDistributionServer, since the latter is defined in __main__ sometimes (when running integration tests or ansible-galaxy from source) and importing from ansible.cli.galaxy won't reference the same object.
2 years ago
Alexander Sowitzki 1c83672532
Allow `$` & `~` inside paths in galaxy roles (#72966)
ansible-galaxy currently behaves bad then a role to be installed
contains ~ or $ at any place in the path of a file in that role.
It extracts the parent directory of the offending path level as an
empty file. This explodes if that directory contains anything else.

Change this behaviour. `~` is now allowed allowed when it is
not a full level (Yes: `some~thing/`, no: `~/`). The code should
get refactoring in an other PR.
4 years ago