mirror of
https://github.com/thegeeklab/ansible-later.git
synced 2024-11-24 22:00:40 +00:00
fix: improve url and jinja string escapes (#585)
This commit is contained in:
parent
5daceac699
commit
4ec8954ab5
@ -39,9 +39,12 @@ class CheckCommandInsteadOfModule(StandardBase):
|
||||
if task["action"]["__ansible_module__"] in commands:
|
||||
first_cmd_arg = self.get_first_cmd_arg(task)
|
||||
executable = os.path.basename(first_cmd_arg)
|
||||
cmd = cmd = self.get_safe_cmd(task)
|
||||
|
||||
if (
|
||||
first_cmd_arg and executable in modules
|
||||
and task["action"].get("warn", True) and "register" not in task
|
||||
and not any(ch in cmd for ch in self.SHELL_PIPE_CHARS)
|
||||
):
|
||||
errors.append(
|
||||
self.Error(
|
||||
|
@ -1,5 +1,3 @@
|
||||
import re
|
||||
|
||||
from ansiblelater.standard import StandardBase
|
||||
|
||||
|
||||
@ -22,13 +20,8 @@ class CheckShellInsteadCommand(StandardBase):
|
||||
if "executable" in task["action"]:
|
||||
continue
|
||||
|
||||
if "cmd" in task["action"]:
|
||||
cmd = task["action"].get("cmd", [])
|
||||
else:
|
||||
cmd = " ".join(task["action"].get("__ansible_arguments__", []))
|
||||
|
||||
unjinja = re.sub(r"\{\{[^\}]*\}\}", "JINJA_VAR", cmd)
|
||||
if not any(ch in unjinja for ch in "&|<>;$\n*[]{}?"):
|
||||
cmd = self.get_safe_cmd(task)
|
||||
if not any(ch in cmd for ch in self.SHELL_PIPE_CHARS):
|
||||
errors.append(self.Error(task["__line__"], self.helptext))
|
||||
|
||||
return self.Result(candidate.path, errors)
|
||||
|
@ -8,6 +8,7 @@ import pathlib
|
||||
import re
|
||||
from abc import ABCMeta, abstractmethod
|
||||
from collections import defaultdict
|
||||
from urllib.parse import urlparse
|
||||
|
||||
import toolz
|
||||
import yaml
|
||||
@ -44,6 +45,8 @@ class StandardExtendedMeta(StandardMeta, ABCMeta):
|
||||
|
||||
class StandardBase(metaclass=StandardExtendedMeta):
|
||||
|
||||
SHELL_PIPE_CHARS = "&|<>;$\n*[]{}?"
|
||||
|
||||
@property
|
||||
@abstractmethod
|
||||
def sid(self):
|
||||
@ -246,6 +249,22 @@ class StandardBase(metaclass=StandardExtendedMeta):
|
||||
|
||||
return first_cmd_arg
|
||||
|
||||
@staticmethod
|
||||
def get_safe_cmd(task):
|
||||
if "cmd" in task["action"]:
|
||||
cmd = task["action"].get("cmd", "")
|
||||
else:
|
||||
cmd = " ".join(task["action"].get("__ansible_arguments__", []))
|
||||
|
||||
cmd = re.sub(r"{{.+?}}", "JINJA_EXPRESSION", cmd)
|
||||
cmd = re.sub(r"{%.+?%}", "JINJA_STATEMENT", cmd)
|
||||
cmd = re.sub(r"{#.+?#}", "JINJA_COMMENT", cmd)
|
||||
|
||||
parts = cmd.split()
|
||||
parts = [p if not urlparse(p.strip('"').strip("'")).scheme else "URL" for p in parts]
|
||||
|
||||
return " ".join(parts)
|
||||
|
||||
class Error:
|
||||
"""Default error object created if a rule failed."""
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user