executor: block stat get_mime on localhost
The get_mime option may be used to abuse the file utility. This change disables this module argument. Change-Id: Idc3bf8d101a15f572841b504ef16335281079142
This commit is contained in:
parent
00c67aa5f2
commit
12ce351878
|
@ -63,6 +63,8 @@ class ActionModule(normal.ActionModule):
|
||||||
|
|
||||||
Block any access of files outside the zuul work dir.
|
Block any access of files outside the zuul work dir.
|
||||||
'''
|
'''
|
||||||
|
if self._task.args.get('get_mime') is not None:
|
||||||
|
raise AnsibleError("get_mime on localhost is forbidden")
|
||||||
paths._fail_if_unsafe(self._task.args['path'])
|
paths._fail_if_unsafe(self._task.args['path'])
|
||||||
|
|
||||||
def handle_file(self):
|
def handle_file(self):
|
||||||
|
|
Loading…
Reference in New Issue