dc79528cc6
Follow up to #70221 Related to #67794 CVE-2020-1736 When set_mode_if_different() is called with mode of 'None', ensure we issue a warning about the change in default permissions. Add integration tests to ensure the warning works properly. * Fix tests - actually use custom module 🤦♂️ - verify file permission on created files - use remote_tmp_dir so we're ready for split controller - improve test module so we can skip the call to set_fs_attributes_if_different() - fix tests for CentOS 6
33 lines
1.1 KiB
YAML
33 lines
1.1 KiB
YAML
- name: Run task with no mode
|
|
test_perm_warning:
|
|
dest: "{{ remote_tmp_dir }}/endangerdisown"
|
|
register: no_mode_results
|
|
|
|
- name: Run task with mode
|
|
test_perm_warning:
|
|
mode: '0644'
|
|
dest: "{{ remote_tmp_dir }}/groveestablish"
|
|
register: with_mode_results
|
|
|
|
- name: Run task without calling set_fs_attributes_if_different()
|
|
test_perm_warning:
|
|
call_fs_attributes: no
|
|
dest: "{{ remote_tmp_dir }}/referabletank"
|
|
register: skip_fs_attributes
|
|
|
|
- stat:
|
|
path: "{{ remote_tmp_dir }}/{{ item }}"
|
|
loop:
|
|
- endangerdisown
|
|
- groveestablish
|
|
register: files
|
|
|
|
- name: Ensure we get a warning when appropriate
|
|
assert:
|
|
that:
|
|
- no_mode_results.warnings | default([], True) | length == 1
|
|
- "'created with default permissions' in no_mode_results.warnings[0]"
|
|
- files.results[0]['stat']['mode'] == '0600'
|
|
- files.results[1]['stat']['mode'] == '0644'
|
|
- with_mode_results.warnings is not defined # The Jinja version on CentOS 6 does not support default([], True)
|
|
- skip_fs_attributes.warnings | default([], True) | length == 1
|