avoid chroot paths (#32778)

* avoid chroot paths fixes #32764 * check name
2017-11-10 13:26:49 -05:00 · 2017-11-10 13:26:49 -05:00 · e7941b0d4e
commit e7941b0d4e
parent 7a82c49a5f
1 changed files with 25 additions and 23 deletions
--- a/lib/ansible/plugins/vars/host_group_vars.py
+++ b/lib/ansible/plugins/vars/host_group_vars.py
@ -74,31 +74,33 @@ class VarsModule(BaseVarsPlugin):
            else:
                raise AnsibleParserError("Supplied entity must be Host or Group, got %s instead" % (type(entity)))
-            try:
+            # avoid 'chroot' type inventory hostnames /path/to/chroot
-                found_files = []
+            if not entity.name.startswith(os.path.sep):
-                # load vars
+                try:
-                opath = os.path.realpath(os.path.join(self._basedir, subdir))
+                    found_files = []
-                key = '%s.%s' % (entity.name, opath)
+                    # load vars
-                if cache and key in FOUND:
+                    opath = os.path.realpath(os.path.join(self._basedir, subdir))
-                    found_files = FOUND[key]
+                    key = '%s.%s' % (entity.name, opath)
-                else:
+                    if cache and key in FOUND:
-                    b_opath = to_bytes(opath)
+                        found_files = FOUND[key]
-                    # no need to do much if path does not exist for basedir
+                    else:
-                    if os.path.exists(b_opath):
+                        b_opath = to_bytes(opath)
-                        if os.path.isdir(b_opath):
+                        # no need to do much if path does not exist for basedir
-                            self._display.debug("\tprocessing dir %s" % opath)
+                        if os.path.exists(b_opath):
-                            found_files = self._find_vars_files(opath, entity.name)
+                            if os.path.isdir(b_opath):
-                            FOUND[key] = found_files
+                                self._display.debug("\tprocessing dir %s" % opath)
-                        else:
+                                found_files = self._find_vars_files(opath, entity.name)
-                            self._display.warning("Found %s that is not a directory, skipping: %s" % (subdir, opath))
+                                FOUND[key] = found_files
                            else:
                                self._display.warning("Found %s that is not a directory, skipping: %s" % (subdir, opath))
-                for found in found_files:
+                    for found in found_files:
-                    new_data = loader.load_from_file(found, cache=True, unsafe=True)
+                        new_data = loader.load_from_file(found, cache=True, unsafe=True)
-                    if new_data:  # ignore empty files
+                        if new_data:  # ignore empty files
-                        data = combine_vars(data, new_data)
+                            data = combine_vars(data, new_data)
-            except Exception as e:
+                except Exception as e:
-                raise AnsibleParserError(to_native(e))
+                    raise AnsibleParserError(to_native(e))
        return data
    def _find_vars_files(self, path, name):