ansible/test/units
Sam Doran 5260527c4a
Change default file permissions so they are not world readable (#70221)
* Change default file permissions so they are not world readable

CVE-2020-1736

Set the default permissions for files we create with atomic_move() to 0o0660. Track
which files we create that did not exist and warn if the module supports 'mode'
and it was not specified and the module did not call set_mode_if_different(). This allows the user to take action and specify a mode rather than using the defaults.

A code audit is needed to find all instances of modules that call atomic_move()
but do not call set_mode_if_different(). The findings need to be documented in
a changelog since we are not warning. Warning in those instances would be frustrating
to the user since they have no way to change the module code.

- use a set for storing list of created files
- just check the argument spac and params rather than using another property
- improve the warning message to include the default permissions
2020-07-22 17:05:38 -04:00
..
_vendor transparent downstream vendoring (#69850) 2020-06-15 16:22:25 -07:00
ansible_test Add Azure Pipelines support to ansible-test. 2020-06-11 14:57:42 -07:00
cli Add collection path in CLI version info (#68633) 2020-06-25 01:58:56 -04:00
compat
config Clean up unit test boilerplate. 2020-06-22 14:20:33 -07:00
errors Remove empty overridden unittest.setUp and unittest.tearDown methods. 2019-11-05 09:12:11 -08:00
executor refactor Python module_utils locator (#70610) 2020-07-16 17:57:47 -07:00
galaxy Improve ansible-galaxy STDOUT messages for collections (#70040) 2020-06-29 15:18:30 -04:00
inventory Clean up unit test boilerplate. 2020-06-22 14:20:33 -07:00
inventory_test_data/group_vars
mock Clean up unit test boilerplate. 2020-06-22 14:20:33 -07:00
module_utils Change default file permissions so they are not world readable (#70221) 2020-07-22 17:05:38 -04:00
modules sanity: remove ansible-bad-function (#70431) 2020-07-07 11:46:28 -04:00
parsing Ensure single vaulted values aren't counted as sequences. Fixes #70784 (#70786) 2020-07-21 16:48:35 -05:00
playbook Nuke strategy.SharedPluginLoaderObj, depr. 2.11 (#70235) 2020-06-23 13:09:26 -04:00
plugins Refactor _fixup_perms2 to remove way-nested logic (#70701) 2020-07-20 18:46:47 -05:00
regex
template Do not treat AnsibleUndefined as being unsafe (#65202) 2019-11-25 15:06:29 +01:00
utils Use libc wcwidth to calculate print width in display (#66214) 2020-06-22 16:57:01 -05:00
vars Remove empty setUp/tearDown/tearDownClass methods in test classes. 2019-11-06 08:14:29 -08:00
__init__.py
requirements.txt Remove unnecessary unit test requirements. 2020-03-23 11:14:21 -05:00
test_constants.py Remove some constants.py deprecated items (#70466) 2020-07-07 18:41:19 -05:00
test_context.py Clean up unit test boilerplate. 2020-06-22 14:20:33 -07:00