Fix path exclusions

The current code checks to see that the destination path shares a prefix
with os.path.curdir. However, os.path.curdir is set to the directory
containing the playbook, not the root of the workdir, which means we're
not excluding things in the trusted dir like we'd like to be doing.

We already set HOME to the root of thew workdir, so we can just switch
the check from os.path.curdir to os.path.expanduser('~') and achieve the
original intent.

Change-Id: Ifac41f74f3306fe74b522c910867f9a5375bd61e
This commit is contained in:
Monty Taylor 2017-10-05 11:46:37 -05:00
parent 06ab26d80c
commit 950c6b1e2d
No known key found for this signature in database
GPG Key ID: 7BAE94BC7141A594
1 changed files with 1 additions and 1 deletions

View File

@ -24,7 +24,7 @@ import ansible.plugins.lookup
def _is_safe_path(path):
full_path = os.path.realpath(os.path.abspath(os.path.expanduser(path)))
if not full_path.startswith(os.path.abspath(os.path.curdir)):
if not full_path.startswith(os.path.abspath(os.path.expanduser('~'))):
return False
return True