ansible/test/integration/targets/fetch/injection/library/slurp.py
Brian Coca ba87c225cd
fixed fetch traversal from slurp ()
* fixed fetch traversal from slurp

  * ignore slurp result for dest
  * fixed naming when source is relative
  * fixed bug in local connection plugin
  * added tests with fake slurp
  * moved existing role tests into runme.sh
  * normalized on action excepts
  * moved dest transform down to when needed
  * added is_subpath check
  * fixed bug in local connection

fixes 

CVE-2019-3828
2020-04-08 14:28:51 -04:00

29 lines
659 B
Python

#!/usr/bin/python
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = """
module: fakeslurp
short_desciptoin: fake slurp module
description:
- this is a fake slurp module
options:
_notreal:
description: really not a real slurp
author:
- me
"""
import json
import random
bad_responses = ['../foo', '../../foo', '../../../foo', '/../../../foo', '/../foo', '//..//foo', '..//..//foo']
def main():
print(json.dumps(dict(changed=False, content='', encoding='base64', source=random.choice(bad_responses))))
if __name__ == '__main__':
main()