a9d2ceafe4
- also only replace when needed - switched from replace to index - added test to verify bogus_facts are not accepted CVE-2020-10684
14 lines
580 B
YAML
14 lines
580 B
YAML
- name: Ensure clean_facts is working properly
|
|
hosts: facthost1
|
|
gather_facts: false
|
|
tasks:
|
|
- name: gather 'bad' facts
|
|
action: bogus_facts
|
|
|
|
- name: ensure that the 'bad' facts didn't polute what they are not supposed to
|
|
assert:
|
|
that:
|
|
- "'touch' not in discovered_interpreter_python|default('')"
|
|
- "'touch' not in ansible_facts.get('discovered_interpreter_python', '')"
|
|
- "'touch' not in ansible_facts.get('ansible_facts', {}).get('discovered_interpreter_python', '')"
|
|
- bogus_overwrite is undefined
|