cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Migrate away from pipes.quote (#56785)

Browse source 
* Migrate away from pipes.quote

* Fix sanity
This commit is contained in:
Martin Krizek 2019-05-24 21:48:42 +02:00 committed by Brian Coca
parent 86354ff1fb
commit 3b9478ade0
6 changed files with 54 additions and 54 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
lib/ansible/modules/database/mysql/mysql_db.py
View file

@ -101,13 +101,13 @@ EXAMPLES = r'''
''' '''
import os import os
import pipes
import subprocess import subprocess
import traceback import traceback
from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.database import mysql_quote_identifier from ansible.module_utils.database import mysql_quote_identifier
from ansible.module_utils.mysql import mysql_connect, mysql_driver, mysql_driver_fail_msg from ansible.module_utils.mysql import mysql_connect, mysql_driver, mysql_driver_fail_msg
from ansible.module_utils.six.moves import shlex_quote
from ansible.module_utils._text import to_native from ansible.module_utils._text import to_native
@ -132,25 +132,25 @@ def db_dump(module, host, user, password, db_name, target, all_databases, port,
cmd = module.get_bin_path('mysqldump', True) cmd = module.get_bin_path('mysqldump', True)
# If defined, mysqldump demands --defaults-extra-file be the first option # If defined, mysqldump demands --defaults-extra-file be the first option
if config_file: if config_file:
cmd += " --defaults-extra-file=%s" % pipes.quote(config_file) cmd += " --defaults-extra-file=%s" % shlex_quote(config_file)
if user is not None: if user is not None:
cmd += " --user=%s" % pipes.quote(user) cmd += " --user=%s" % shlex_quote(user)
if password is not None: if password is not None:
cmd += " --password=%s" % pipes.quote(password) cmd += " --password=%s" % shlex_quote(password)
if ssl_cert is not None: if ssl_cert is not None:
cmd += " --ssl-cert=%s" % pipes.quote(ssl_cert) cmd += " --ssl-cert=%s" % shlex_quote(ssl_cert)
if ssl_key is not None: if ssl_key is not None:
cmd += " --ssl-key=%s" % pipes.quote(ssl_key) cmd += " --ssl-key=%s" % shlex_quote(ssl_key)
if ssl_ca is not None: if ssl_ca is not None:
cmd += " --ssl-ca=%s" % pipes.quote(ssl_ca) cmd += " --ssl-ca=%s" % shlex_quote(ssl_ca)
if socket is not None: if socket is not None:
cmd += " --socket=%s" % pipes.quote(socket) cmd += " --socket=%s" % shlex_quote(socket)
else: else:
cmd += " --host=%s --port=%i" % (pipes.quote(host), port) cmd += " --host=%s --port=%i" % (shlex_quote(host), port)
if all_databases: if all_databases:
cmd += " --all-databases" cmd += " --all-databases"
else: else:
cmd += " %s" % pipes.quote(db_name) cmd += " %s" % shlex_quote(db_name)
if single_transaction: if single_transaction:
cmd += " --single-transaction=true" cmd += " --single-transaction=true"
if quick: if quick:
@ -168,9 +168,9 @@ def db_dump(module, host, user, password, db_name, target, all_databases, port,
path = module.get_bin_path('xz', True) path = module.get_bin_path('xz', True)
if path: if path:
cmd = '%s | %s > %s' % (cmd, path, pipes.quote(target)) cmd = '%s | %s > %s' % (cmd, path, shlex_quote(target))
else: else:
cmd += " > %s" % pipes.quote(target) cmd += " > %s" % shlex_quote(target)
rc, stdout, stderr = module.run_command(cmd, use_unsafe_shell=True) rc, stdout, stderr = module.run_command(cmd, use_unsafe_shell=True)
return rc, stdout, stderr return rc, stdout, stderr
@ -183,25 +183,25 @@ def db_import(module, host, user, password, db_name, target, all_databases, port
cmd = [module.get_bin_path('mysql', True)] cmd = [module.get_bin_path('mysql', True)]
# --defaults-file must go first, or errors out # --defaults-file must go first, or errors out
if config_file: if config_file:
cmd.append("--defaults-extra-file=%s" % pipes.quote(config_file)) cmd.append("--defaults-extra-file=%s" % shlex_quote(config_file))
if user: if user:
cmd.append("--user=%s" % pipes.quote(user)) cmd.append("--user=%s" % shlex_quote(user))
if password: if password:
cmd.append("--password=%s" % pipes.quote(password)) cmd.append("--password=%s" % shlex_quote(password))
if ssl_cert is not None: if ssl_cert is not None:
cmd.append("--ssl-cert=%s" % pipes.quote(ssl_cert)) cmd.append("--ssl-cert=%s" % shlex_quote(ssl_cert))
if ssl_key is not None: if ssl_key is not None:
cmd.append("--ssl-key=%s" % pipes.quote(ssl_key)) cmd.append("--ssl-key=%s" % shlex_quote(ssl_key))
if ssl_ca is not None: if ssl_ca is not None:
cmd.append("--ssl-ca=%s" % pipes.quote(ssl_ca)) cmd.append("--ssl-ca=%s" % shlex_quote(ssl_ca))
if socket is not None: if socket is not None:
cmd.append("--socket=%s" % pipes.quote(socket)) cmd.append("--socket=%s" % shlex_quote(socket))
else: else:
cmd.append("--host=%s" % pipes.quote(host)) cmd.append("--host=%s" % shlex_quote(host))
cmd.append("--port=%i" % port) cmd.append("--port=%i" % port)
if not all_databases: if not all_databases:
cmd.append("-D") cmd.append("-D")
cmd.append(pipes.quote(db_name)) cmd.append(shlex_quote(db_name))
comp_prog_path = None comp_prog_path = None
if os.path.splitext(target)[-1] == '.gz': if os.path.splitext(target)[-1] == '.gz':
@ -224,7 +224,7 @@ def db_import(module, host, user, password, db_name, target, all_databases, port
return p2.returncode, stdout2, stderr2 return p2.returncode, stdout2, stderr2
else: else:
cmd = ' '.join(cmd) cmd = ' '.join(cmd)
cmd += " < %s" % pipes.quote(target) cmd += " < %s" % shlex_quote(target)
rc, stdout, stderr = module.run_command(cmd, use_unsafe_shell=True) rc, stdout, stderr = module.run_command(cmd, use_unsafe_shell=True)
return rc, stdout, stderr return rc, stdout, stderr

14
lib/ansible/modules/database/postgresql/postgresql_db.py
View file

@ -159,7 +159,6 @@ EXAMPLES = r'''
''' '''
import os import os
import pipes
import subprocess import subprocess
import traceback import traceback
@ -175,17 +174,18 @@ import ansible.module_utils.postgres as pgutils
from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.database import SQLParseError, pg_quote_identifier from ansible.module_utils.database import SQLParseError, pg_quote_identifier
from ansible.module_utils.six import iteritems from ansible.module_utils.six import iteritems
from ansible.module_utils.six.moves import shlex_quote
from ansible.module_utils._text import to_native from ansible.module_utils._text import to_native
class NotSupportedError(Exception): class NotSupportedError(Exception):
pass pass
# =========================================== # ===========================================
# PostgreSQL module specific support methods. # PostgreSQL module specific support methods.
# #
def set_owner(cursor, db, owner): def set_owner(cursor, db, owner):
query = "ALTER DATABASE %s OWNER TO %s" % ( query = "ALTER DATABASE %s OWNER TO %s" % (
pg_quote_identifier(db, 'database'), pg_quote_identifier(db, 'database'),
@ -348,9 +348,9 @@ def db_dump(module, target, target_opts="",
# in a portable way. # in a portable way.
fifo = os.path.join(module.tmpdir, 'pg_fifo') fifo = os.path.join(module.tmpdir, 'pg_fifo')
os.mkfifo(fifo) os.mkfifo(fifo)
cmd = '{1} <{3} > {2} & {0} >{3}'.format(cmd, comp_prog_path, pipes.quote(target), fifo) cmd = '{1} <{3} > {2} & {0} >{3}'.format(cmd, comp_prog_path, shlex_quote(target), fifo)
else: else:
cmd = '{0} > {1}'.format(cmd, pipes.quote(target)) cmd = '{0} > {1}'.format(cmd, shlex_quote(target))
return do_with_password(module, cmd, password) return do_with_password(module, cmd, password)
@ -402,7 +402,7 @@ def db_restore(module, target, target_opts="",
else: else:
return p2.returncode, '', stderr2, 'cmd: ****' return p2.returncode, '', stderr2, 'cmd: ****'
else: else:
cmd = '{0} < {1}'.format(cmd, pipes.quote(target)) cmd = '{0} < {1}'.format(cmd, shlex_quote(target))
return do_with_password(module, cmd, password) return do_with_password(module, cmd, password)
@ -419,9 +419,9 @@ def login_flags(db, host, port, user, db_prefix=True):
flags = [] flags = []
if db: if db:
if db_prefix: if db_prefix:
flags.append(' --dbname={0}'.format(pipes.quote(db))) flags.append(' --dbname={0}'.format(shlex_quote(db)))
else: else:
flags.append(' {0}'.format(pipes.quote(db))) flags.append(' {0}'.format(shlex_quote(db)))
if host: if host:
flags.append(' --host={0}'.format(host)) flags.append(' --host={0}'.format(host))
if port: if port:

16
lib/ansible/modules/system/cron.py
View file

@ -207,13 +207,13 @@ EXAMPLES = r'''
import os import os
import platform import platform
import pipes
import pwd import pwd
import re import re
import sys import sys
import tempfile import tempfile
from ansible.module_utils.basic import AnsibleModule, get_platform from ansible.module_utils.basic import AnsibleModule, get_platform
from ansible.module_utils.six.moves import shlex_quote
CRONCMD = "/usr/bin/crontab" CRONCMD = "/usr/bin/crontab"
@ -514,13 +514,13 @@ class CronTab(object):
user = '' user = ''
if self.user: if self.user:
if platform.system() == 'SunOS': if platform.system() == 'SunOS':
return "su %s -c '%s -l'" % (pipes.quote(self.user), pipes.quote(CRONCMD)) return "su %s -c '%s -l'" % (shlex_quote(self.user), shlex_quote(CRONCMD))
elif platform.system() == 'AIX': elif platform.system() == 'AIX':
return "%s -l %s" % (pipes.quote(CRONCMD), pipes.quote(self.user)) return "%s -l %s" % (shlex_quote(CRONCMD), shlex_quote(self.user))
elif platform.system() == 'HP-UX': elif platform.system() == 'HP-UX':
return "%s %s %s" % (CRONCMD, '-l', pipes.quote(self.user)) return "%s %s %s" % (CRONCMD, '-l', shlex_quote(self.user))
elif pwd.getpwuid(os.getuid())[0] != self.user: elif pwd.getpwuid(os.getuid())[0] != self.user:
user = '-u %s' % pipes.quote(self.user) user = '-u %s' % shlex_quote(self.user)
return "%s %s %s" % (CRONCMD, user, '-l') return "%s %s %s" % (CRONCMD, user, '-l')
def _write_execute(self, path): def _write_execute(self, path):
@ -530,10 +530,10 @@ class CronTab(object):
user = '' user = ''
if self.user: if self.user:
if platform.system() in ['SunOS', 'HP-UX', 'AIX']: if platform.system() in ['SunOS', 'HP-UX', 'AIX']:
return "chown %s %s ; su '%s' -c '%s %s'" % (pipes.quote(self.user), pipes.quote(path), pipes.quote(self.user), CRONCMD, pipes.quote(path)) return "chown %s %s ; su '%s' -c '%s %s'" % (shlex_quote(self.user), shlex_quote(path), shlex_quote(self.user), CRONCMD, shlex_quote(path))
elif pwd.getpwuid(os.getuid())[0] != self.user: elif pwd.getpwuid(os.getuid())[0] != self.user:
user = '-u %s' % pipes.quote(self.user) user = '-u %s' % shlex_quote(self.user)
return "%s %s %s" % (CRONCMD, user, pipes.quote(path)) return "%s %s %s" % (CRONCMD, user, shlex_quote(path))
def main(): def main():

16
lib/ansible/modules/system/cronvar.py
View file

@ -98,7 +98,6 @@ EXAMPLES = r'''
''' '''
import os import os
import pipes
import platform import platform
import pwd import pwd
import re import re
@ -107,6 +106,7 @@ import sys
import tempfile import tempfile
from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.six.moves import shlex_quote
CRONCMD = "/usr/bin/crontab" CRONCMD = "/usr/bin/crontab"
@ -296,13 +296,13 @@ class CronVar(object):
if self.user: if self.user:
if platform.system() == 'SunOS': if platform.system() == 'SunOS':
return "su %s -c '%s -l'" % (pipes.quote(self.user), pipes.quote(CRONCMD)) return "su %s -c '%s -l'" % (shlex_quote(self.user), shlex_quote(CRONCMD))
elif platform.system() == 'AIX': elif platform.system() == 'AIX':
return "%s -l %s" % (pipes.quote(CRONCMD), pipes.quote(self.user)) return "%s -l %s" % (shlex_quote(CRONCMD), shlex_quote(self.user))
elif platform.system() == 'HP-UX': elif platform.system() == 'HP-UX':
return "%s %s %s" % (CRONCMD, '-l', pipes.quote(self.user)) return "%s %s %s" % (CRONCMD, '-l', shlex_quote(self.user))
elif pwd.getpwuid(os.getuid())[0] != self.user: elif pwd.getpwuid(os.getuid())[0] != self.user:
user = '-u %s' % pipes.quote(self.user) user = '-u %s' % shlex_quote(self.user)
return "%s %s %s" % (CRONCMD, user, '-l') return "%s %s %s" % (CRONCMD, user, '-l')
def _write_execute(self, path): def _write_execute(self, path):
@ -312,10 +312,10 @@ class CronVar(object):
user = '' user = ''
if self.user: if self.user:
if platform.system() in ['SunOS', 'HP-UX', 'AIX']: if platform.system() in ['SunOS', 'HP-UX', 'AIX']:
return "chown %s %s ; su '%s' -c '%s %s'" % (pipes.quote(self.user), pipes.quote(path), pipes.quote(self.user), CRONCMD, pipes.quote(path)) return "chown %s %s ; su '%s' -c '%s %s'" % (shlex_quote(self.user), shlex_quote(path), shlex_quote(self.user), CRONCMD, shlex_quote(path))
elif pwd.getpwuid(os.getuid())[0] != self.user: elif pwd.getpwuid(os.getuid())[0] != self.user:
user = '-u %s' % pipes.quote(self.user) user = '-u %s' % shlex_quote(self.user)
return "%s %s %s" % (CRONCMD, user, pipes.quote(path)) return "%s %s %s" % (CRONCMD, user, shlex_quote(path))
# ================================================== # ==================================================

8
lib/ansible/modules/system/puppet.py
View file

@ -142,10 +142,10 @@ EXAMPLES = r'''
import json import json
import os import os
import pipes
import stat import stat
from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.six.moves import shlex_quote
def _get_facter_dir(): def _get_facter_dir():
@ -239,7 +239,7 @@ def main():
if TIMEOUT_CMD: if TIMEOUT_CMD:
base_cmd = "%(timeout_cmd)s -s 9 %(timeout)s %(puppet_cmd)s" % dict( base_cmd = "%(timeout_cmd)s -s 9 %(timeout)s %(puppet_cmd)s" % dict(
timeout_cmd=TIMEOUT_CMD, timeout_cmd=TIMEOUT_CMD,
timeout=pipes.quote(p['timeout']), timeout=shlex_quote(p['timeout']),
puppet_cmd=PUPPET_CMD) puppet_cmd=PUPPET_CMD)
else: else:
base_cmd = PUPPET_CMD base_cmd = PUPPET_CMD
@ -249,7 +249,7 @@ def main():
" --no-daemonize --no-usecacheonfailure --no-splay" " --no-daemonize --no-usecacheonfailure --no-splay"
" --detailed-exitcodes --verbose --color 0") % dict(base_cmd=base_cmd) " --detailed-exitcodes --verbose --color 0") % dict(base_cmd=base_cmd)
if p['puppetmaster']: if p['puppetmaster']:
cmd += " --server %s" % pipes.quote(p['puppetmaster']) cmd += " --server %s" % shlex_quote(p['puppetmaster'])
if p['show_diff']: if p['show_diff']:
cmd += " --show_diff" cmd += " --show_diff"
if p['environment']: if p['environment']:
@ -289,7 +289,7 @@ def main():
if p['execute']: if p['execute']:
cmd += " --execute '%s'" % p['execute'] cmd += " --execute '%s'" % p['execute']
else: else:
cmd += pipes.quote(p['manifest']) cmd += shlex_quote(p['manifest'])
if p['summarize']: if p['summarize']:
cmd += " --summarize" cmd += " --summarize"
if p['debug']: if p['debug']:

10
lib/ansible/modules/system/xfconf.py
View file

@ -86,10 +86,10 @@ RETURN = '''
... ...
''' '''
import pipes
import sys import sys
from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.six.moves import shlex_quote
class XfconfPreference(object): class XfconfPreference(object):
@ -107,12 +107,12 @@ class XfconfPreference(object):
# Execute the call # Execute the call
cmd = "{0} --channel {1} --property {2}".format(self.module.get_bin_path('xfconf-query', True), cmd = "{0} --channel {1} --property {2}".format(self.module.get_bin_path('xfconf-query', True),
pipes.quote(self.channel), shlex_quote(self.channel),
pipes.quote(self.property)) shlex_quote(self.property))
try: try:
if call_type == 'set': if call_type == 'set':
cmd += " --type {0} --create --set {1}".format(pipes.quote(self.value_type), cmd += " --type {0} --create --set {1}".format(shlex_quote(self.value_type),
pipes.quote(self.value)) shlex_quote(self.value))
elif call_type == 'unset': elif call_type == 'unset':
cmd += " --reset" cmd += " --reset"