788a40e75c
We greylist some modules in our action plugin blocking allowing them to execute local code as long as it falls within safe constraints. Due to the way ansible module loading works, a user could attack this by creating a module in a local role or adjacent to a playbook that has the same name as one of the modules we allow limited local execution. If they did that it would allow them to execute arbitrary python code on the executor. Find the path of the module that will be executed in these cases and if it is not within the ansible.modules package, disallow it. There are no circumstances in which this is ok. Change-Id: I7499e6b1091d745984ca36179de2793827c9f98f
32 lines
1.1 KiB
Python
32 lines
1.1 KiB
Python
# Copyright 2016 Red Hat, Inc.
|
|
#
|
|
# This module is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This software is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this software. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
from zuul.ansible import paths
|
|
fetch = paths._import_ansible_action_plugin("fetch")
|
|
|
|
|
|
class ActionModule(fetch.ActionModule):
|
|
|
|
def run(self, tmp=None, task_vars=None):
|
|
if not paths._is_official_module(self):
|
|
return paths._fail_module_dict(self._task.action)
|
|
|
|
dest = self._task.args.get('dest', None)
|
|
|
|
if dest and not paths._is_safe_path(dest):
|
|
return paths._fail_dict(dest)
|
|
return super(ActionModule, self).run(tmp, task_vars)
|