Allow template lookup in untrusted context
This is similar to the already-permitted file lookup, but it templates the result. The same access restrictions on the supplied path as file should be applied. Change-Id: I21b8788d491485cef6b05bebeb4b93c8df6b535c
This commit is contained in:
parent
1d4b3796f7
commit
df62a94946
|
@ -1 +0,0 @@
|
|||
_banned.py
|
|
@ -0,0 +1,27 @@
|
|||
# Copyright 2017 Red Hat, Inc.
|
||||
#
|
||||
# This module is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This software is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this software. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
from zuul.ansible import paths
|
||||
template_mod = paths._import_ansible_lookup_plugin("template")
|
||||
|
||||
|
||||
class LookupModule(template_mod.LookupModule):
|
||||
|
||||
def run(self, terms, variables=None, **kwargs):
|
||||
for term in terms:
|
||||
lookupfile = self.find_file_in_search_path(
|
||||
variables, 'templates', term)
|
||||
paths._fail_if_unsafe(lookupfile, allow_trusted=True)
|
||||
return super(LookupModule, self).run(terms, variables, **kwargs)
|
Loading…
Reference in New Issue