Fixing another corner case for security related to CVE-2016-9587
(cherry picked from commit bcceada5d9)
This commit is contained in:
Computest
James Cammarata
parent
bd1ba1e21a
commit
51559b0a51
2 changed files with 9 additions and 5 deletions
|
|
@ -154,7 +154,7 @@ class AnsibleContext(Context):
|
|||
'''
|
||||
if isinstance(val, dict):
|
||||
for key in val.keys():
|
||||
if self._is_unsafe(val[key]):
|
||||
if self._is_unsafe(key) or self._is_unsafe(val[key]):
|
||||
return True
|
||||
elif isinstance(val, list):
|
||||
for item in val:
|
||||
|
|
@ -392,11 +392,11 @@ class Templar:
|
|||
fail_on_undefined=fail_on_undefined,
|
||||
overrides=overrides,
|
||||
)
|
||||
if convert_data and not self._no_type_regex.match(variable):
|
||||
unsafe = hasattr(result, '__UNSAFE__')
|
||||
if convert_data and not self._no_type_regex.match(variable) and not unsafe:
|
||||
# if this looks like a dictionary or list, convert it to such using the safe_eval method
|
||||
if (result.startswith("{") and not result.startswith(self.environment.variable_start_string)) or \
|
||||
result.startswith("[") or result in ("True", "False"):
|
||||
unsafe = hasattr(result, '__UNSAFE__')
|
||||
eval_results = safe_eval(result, locals=self._available_variables, include_exceptions=True)
|
||||
if eval_results[1] is None:
|
||||
result = eval_results[0]
|
||||
|
|
|
|||
|
|
@ -93,10 +93,14 @@ class AnsibleJSONUnsafeDecoder(json.JSONDecoder):
|
|||
return value
|
||||
|
||||
def _wrap_dict(v):
|
||||
# Create new dict to get rid of the keys that are not wrapped.
|
||||
new = {}
|
||||
for k in v.keys():
|
||||
if v[k] is not None:
|
||||
v[wrap_var(k)] = wrap_var(v[k])
|
||||
return v
|
||||
new[wrap_var(k)] = wrap_var(v[k])
|
||||
else:
|
||||
new[wrap_var(k)] = None
|
||||
return new
|
||||
|
||||
|
||||
def _wrap_list(v):
|
||||
|
|
|
|||
Loading…
Reference in a new issue