Fix path exclusions
The current code checks to see that the destination path shares a prefix with os.path.curdir. However, os.path.curdir is set to the directory containing the playbook, not the root of the workdir, which means we're not excluding things in the trusted dir like we'd like to be doing. We already set HOME to the root of thew workdir, so we can just switch the check from os.path.curdir to os.path.expanduser('~') and achieve the original intent. Change-Id: Ifac41f74f3306fe74b522c910867f9a5375bd61e
This commit is contained in:
parent
06ab26d80c
commit
950c6b1e2d
|
@ -24,7 +24,7 @@ import ansible.plugins.lookup
|
|||
|
||||
def _is_safe_path(path):
|
||||
full_path = os.path.realpath(os.path.abspath(os.path.expanduser(path)))
|
||||
if not full_path.startswith(os.path.abspath(os.path.curdir)):
|
||||
if not full_path.startswith(os.path.abspath(os.path.expanduser('~'))):
|
||||
return False
|
||||
return True
|
||||
|
||||
|
|
Loading…
Reference in New Issue