From 10a4a4e986e783cff17357d8bac86da84693323d Mon Sep 17 00:00:00 2001 From: Toshio Kuratomi Date: Sat, 3 Oct 2015 18:07:27 -0700 Subject: [PATCH] Quote any file paths that we have to use with dd to copy. This is because we pass the whole dd command string into the shell that's running on the contained environment rather than running it directly from python via subprocess without a shell. --- lib/ansible/plugins/connection/chroot.py | 5 +++-- lib/ansible/plugins/connection/docker.py | 2 ++ lib/ansible/plugins/connection/jail.py | 5 +++-- lib/ansible/plugins/connection/libvirt_lxc.py | 5 +++-- lib/ansible/plugins/connection/zone.py | 5 +++-- 5 files changed, 14 insertions(+), 8 deletions(-) diff --git a/lib/ansible/plugins/connection/chroot.py b/lib/ansible/plugins/connection/chroot.py index 34a38a31c67..e71cb394e01 100644 --- a/lib/ansible/plugins/connection/chroot.py +++ b/lib/ansible/plugins/connection/chroot.py @@ -22,6 +22,7 @@ __metaclass__ = type import distutils.spawn import os import os.path +import pipes import subprocess import traceback @@ -117,7 +118,7 @@ class Connection(ConnectionBase): super(Connection, self).put_file(in_path, out_path) self._display.vvv("PUT %s TO %s" % (in_path, out_path), host=self.chroot) - out_path = self._prefix_login_path(out_path) + out_path = pipes.quote(self._prefix_login_path(out_path)) try: with open(in_path, 'rb') as in_file: try: @@ -139,7 +140,7 @@ class Connection(ConnectionBase): super(Connection, self).fetch_file(in_path, out_path) self._display.vvv("FETCH %s TO %s" % (in_path, out_path), host=self.chroot) - in_path = self._prefix_login_path(in_path) + in_path = pipes.quote(self._prefix_login_path(in_path)) try: p = self._buffered_exec_command('dd if=%s bs=%s' % (in_path, BUFSIZE)) except OSError: diff --git a/lib/ansible/plugins/connection/docker.py b/lib/ansible/plugins/connection/docker.py index d5885195221..651c3fa95d8 100644 --- a/lib/ansible/plugins/connection/docker.py +++ b/lib/ansible/plugins/connection/docker.py @@ -27,6 +27,7 @@ __metaclass__ = type import distutils.spawn import os import os.path +import pipes import subprocess import re @@ -154,6 +155,7 @@ class Connection(ConnectionBase): if p.returncode != 0: raise AnsibleError("failed to transfer file %s to %s:\n%s\n%s" % (in_path, out_path, stdout, stderr)) else: + out_path = pipes.quote(out_path) # Older docker doesn't have native support for copying files into # running containers, so we use docker exec to implement this executable = C.DEFAULT_EXECUTABLE.split()[0] if C.DEFAULT_EXECUTABLE else '/bin/sh' diff --git a/lib/ansible/plugins/connection/jail.py b/lib/ansible/plugins/connection/jail.py index c828d67494f..00ac4476822 100644 --- a/lib/ansible/plugins/connection/jail.py +++ b/lib/ansible/plugins/connection/jail.py @@ -23,6 +23,7 @@ __metaclass__ = type import distutils.spawn import os import os.path +import pipes import subprocess import traceback @@ -144,7 +145,7 @@ class Connection(ConnectionBase): super(Connection, self).put_file(in_path, out_path) self._display.vvv("PUT %s TO %s" % (in_path, out_path), host=self.jail) - out_path = self._prefix_login_path(out_path) + out_path = pipes.quote(self._prefix_login_path(out_path)) try: with open(in_path, 'rb') as in_file: try: @@ -166,7 +167,7 @@ class Connection(ConnectionBase): super(Connection, self).fetch_file(in_path, out_path) self._display.vvv("FETCH %s TO %s" % (in_path, out_path), host=self.jail) - in_path = self._prefix_login_path(in_path) + in_path = pipes.quote(self._prefix_login_path(in_path)) try: p = self._buffered_exec_command('dd if=%s bs=%s' % (in_path, BUFSIZE)) except OSError: diff --git a/lib/ansible/plugins/connection/libvirt_lxc.py b/lib/ansible/plugins/connection/libvirt_lxc.py index c0c3cc153d6..2ff6fbe89d0 100644 --- a/lib/ansible/plugins/connection/libvirt_lxc.py +++ b/lib/ansible/plugins/connection/libvirt_lxc.py @@ -23,6 +23,7 @@ __metaclass__ = type import distutils.spawn import os import os.path +import pipes import subprocess from ansible import constants as C @@ -116,7 +117,7 @@ class Connection(ConnectionBase): super(Connection, self).put_file(in_path, out_path) self._display.vvv("PUT %s TO %s" % (in_path, out_path), host=self.lxc) - out_path = self._prefix_login_path(out_path) + out_path = pipes.quote(self._prefix_login_path(out_path)) try: with open(in_path, 'rb') as in_file: try: @@ -138,7 +139,7 @@ class Connection(ConnectionBase): super(Connection, self).fetch_file(in_path, out_path) self._display.vvv("FETCH %s TO %s" % (in_path, out_path), host=self.lxc) - in_path = self._prefix_login_path(in_path) + in_path = pipes.quote(self._prefix_login_path(in_path)) try: p = self._buffered_exec_command('dd if=%s bs=%s' % (in_path, BUFSIZE)) except OSError: diff --git a/lib/ansible/plugins/connection/zone.py b/lib/ansible/plugins/connection/zone.py index f4fee5ccb03..5d6dafca366 100644 --- a/lib/ansible/plugins/connection/zone.py +++ b/lib/ansible/plugins/connection/zone.py @@ -24,6 +24,7 @@ __metaclass__ = type import distutils.spawn import os import os.path +import pipes import subprocess import traceback @@ -157,7 +158,7 @@ class Connection(ConnectionBase): super(Connection, self).put_file(in_path, out_path) self._display.vvv("PUT %s TO %s" % (in_path, out_path), host=self.zone) - out_path = self._prefix_login_path(out_path) + out_path = pipes.quote(self._prefix_login_path(out_path)) try: with open(in_path, 'rb') as in_file: try: @@ -179,7 +180,7 @@ class Connection(ConnectionBase): super(Connection, self).fetch_file(in_path, out_path) self._display.vvv("FETCH %s TO %s" % (in_path, out_path), host=self.zone) - in_path = self._prefix_login_path(in_path) + in_path = pipes.quote(self._prefix_login_path(in_path)) try: p = self._buffered_exec_command('dd if=%s bs=%s' % (in_path, BUFSIZE)) except OSError: