4c8c40fd3d
* fix unsafe preservation across newlines CVE-2021-3583 ensure we always have unsafe Co-authored-by: Rick Elrod <rick@elrod.me>
19 lines
429 B
YAML
19 lines
429 B
YAML
- hosts: localhost
|
|
gather_facts: false
|
|
vars:
|
|
nottemplated: this should not be seen
|
|
imunsafe: !unsafe '{{ nottemplated }}'
|
|
tasks:
|
|
|
|
- set_fact:
|
|
this_was_unsafe: >
|
|
{{ imunsafe }}
|
|
|
|
- set_fact:
|
|
this_always_safe: '{{ imunsafe }}'
|
|
|
|
- name: ensure nothing was templated
|
|
assert:
|
|
that:
|
|
- this_always_safe == imunsafe
|
|
- imunsafe == this_was_unsafe.strip()
|