mark entire module result untrusted as template (#55717)
* prevents accidental templating on intra-action postprocessing of an untrusted module result
* makes the view of a module result within an action consistent with the way it would be stored for future use (eg facts, register)
(cherry picked from commit 03cac394cc
)
This commit is contained in:
parent
f64e95f230
commit
74e90f89bd
2 changed files with 5 additions and 4 deletions
|
@ -1,2 +1,2 @@
|
||||||
bugfixes:
|
bugfixes:
|
||||||
- ensure facts are always unsafe objects and don't rely on plugin returns
|
- ensure module results and facts are marked untrusted as templates for safer use within the same task
|
||||||
|
|
|
@ -968,6 +968,10 @@ class ActionBase(with_metaclass(ABCMeta, object)):
|
||||||
data['deprecations'] = []
|
data['deprecations'] = []
|
||||||
data['deprecations'].extend(self._discovery_deprecation_warnings)
|
data['deprecations'].extend(self._discovery_deprecation_warnings)
|
||||||
|
|
||||||
|
# mark the entire module results untrusted as a template right here, since the current action could
|
||||||
|
# possibly template one of these values.
|
||||||
|
data = wrap_var(data)
|
||||||
|
|
||||||
display.debug("done with _execute_module (%s, %s)" % (module_name, module_args))
|
display.debug("done with _execute_module (%s, %s)" % (module_name, module_args))
|
||||||
return data
|
return data
|
||||||
|
|
||||||
|
@ -978,9 +982,6 @@ class ActionBase(with_metaclass(ABCMeta, object)):
|
||||||
display.warning(w)
|
display.warning(w)
|
||||||
|
|
||||||
data = json.loads(filtered_output)
|
data = json.loads(filtered_output)
|
||||||
|
|
||||||
if 'ansible_facts' in data and isinstance(data['ansible_facts'], dict):
|
|
||||||
data['ansible_facts'] = wrap_var(data['ansible_facts'])
|
|
||||||
data['_ansible_parsed'] = True
|
data['_ansible_parsed'] = True
|
||||||
except ValueError:
|
except ValueError:
|
||||||
# not valid json, lets try to capture error
|
# not valid json, lets try to capture error
|
||||||
|
|
Loading…
Add table
Reference in a new issue