From 7ec6a1b7fb55ca2e4c28c12fc9fd3c5ab13f657a Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Thu, 23 Feb 2017 11:56:47 -0500 Subject: [PATCH] Fully expand path when testing it People can use symlinks because they can. Expand them. Also, don't block relative paths because we're expanding to absolute. Change-Id: I483b5abbbeb962761d604dc5e7d6b64492dfd83d --- zuul/ansible/paths.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/zuul/ansible/paths.py b/zuul/ansible/paths.py index c5faeca478..e387732a19 100644 --- a/zuul/ansible/paths.py +++ b/zuul/ansible/paths.py @@ -20,10 +20,8 @@ import ansible.plugins.action def _is_safe_path(path): - if os.path.isabs(path): - return False - if not os.path.abspath(os.path.expanduser(path)).startswith( - os.path.abspath(os.path.curdir)): + full_path = os.path.realpath(os.path.abspath(os.path.expanduser(path))) + if not full_path.startswith(os.path.abspath(os.path.curdir)): return False return True