executor: block stat get_mime on localhost
The get_mime option may be used to abuse the file utility. This change disables this module argument. Change-Id: Idc3bf8d101a15f572841b504ef16335281079142
This commit is contained in:
parent
00c67aa5f2
commit
12ce351878
|
@ -63,6 +63,8 @@ class ActionModule(normal.ActionModule):
|
|||
|
||||
Block any access of files outside the zuul work dir.
|
||||
'''
|
||||
if self._task.args.get('get_mime') is not None:
|
||||
raise AnsibleError("get_mime on localhost is forbidden")
|
||||
paths._fail_if_unsafe(self._task.args['path'])
|
||||
|
||||
def handle_file(self):
|
||||
|
|
Loading…
Reference in New Issue