ansible/test/integration/targets/vault/test_dangling_temp.yml
Brian Coca 6452a82452
fix vault temp file handling (#68433)
* fix vault tmpe file handling

 * use local temp dir instead of system temp
 * ensure each worker clears dataloader temp files
 * added test for dangling temp files
 * added notes to data loader

CVE-2020-10685
2020-03-25 15:24:04 -04:00

34 lines
983 B
YAML

- hosts: localhost
gather_facts: False
vars:
od: "{{output_dir|default('/tmp')}}/test_vault_assemble"
tasks:
- name: create target directory
file:
path: "{{od}}"
state: directory
- name: assemble_file file with secret
assemble:
src: files/test_assemble
dest: "{{od}}/dest_file"
remote_src: no
mode: 0600
- name: remove assembled file with secret (so nothing should have unencrypted secret)
file: path="{{od}}/dest_file" state=absent
- name: find temp files with secrets
find:
paths: '{{temp_paths}}'
contains: 'VAULT TEST IN WHICH BAD THING HAPPENED'
recurse: yes
register: badthings
vars:
temp_paths: "{{[lookup('env', 'TMP'), lookup('env', 'TEMP'), hardcoded]|flatten(1)|unique|list}}"
hardcoded: ['/tmp', '/var/tmp']
- name: ensure we failed to find any
assert:
that:
- badthings['matched'] == 0