diff options
author | Richard Isaacson <richard.c.isaacson@gmail.com> | 2014-03-12 23:28:06 -0500 |
---|---|---|
committer | Michael DeHaan <michael.dehaan@gmail.com> | 2014-03-13 07:50:11 -0400 |
commit | b48940650733c5e0f3a7f584f7be0641ddf538ad (patch) | |
tree | 7fa19b7f4a721c90534f0f43eb21f34a2966f710 | |
parent | 4c3781899ecf573455bd899e6815de6413b1d963 (diff) | |
download | ansible-b48940650733c5e0f3a7f584f7be0641ddf538ad.tar.gz |
Merge pull request #6461 from risaacson/modules_make_run_command_safer
Modules make run command safer
-rw-r--r-- | library/database/mysql_db | 33 |
1 files changed, 17 insertions, 16 deletions
diff --git a/library/database/mysql_db b/library/database/mysql_db index 622bf59a39..c9fd5b4e08 100644 --- a/library/database/mysql_db +++ b/library/database/mysql_db @@ -101,6 +101,7 @@ EXAMPLES = ''' import ConfigParser import os +import pipes try: import MySQLdb except ImportError: @@ -123,36 +124,36 @@ def db_delete(cursor, db): def db_dump(module, host, user, password, db_name, target, port, socket=None): cmd = module.get_bin_path('mysqldump', True) - cmd += " --quick --user=%s --password='%s'" %(user, password) + cmd += " --quick --user=%s --password='%s'" % (pipes.quote(user), pipes.quote(password)) if socket is not None: - cmd += " --socket=%s" % socket + cmd += " --socket=%s" % pipes.quote(socket) else: - cmd += " --host=%s --port=%s" % (host, port) - cmd += " %s" % db_name + cmd += " --host=%s --port=%s" % (pipes.quote(host), pipes.quote(port)) + cmd += " %s" % pipes.quote(db_name) if os.path.splitext(target)[-1] == '.gz': - cmd = cmd + ' | gzip > ' + target + cmd = cmd + ' | gzip > ' + pipes.quote(target) elif os.path.splitext(target)[-1] == '.bz2': - cmd = cmd + ' | bzip2 > ' + target + cmd = cmd + ' | bzip2 > ' + pipes.quote(target) else: - cmd += " > %s" % target - rc, stdout, stderr = module.run_command(cmd) + cmd += " > %s" % pipes.quote(target) + rc, stdout, stderr = module.run_command(cmd, use_unsafe_shell=True) return rc, stdout, stderr def db_import(module, host, user, password, db_name, target, port, socket=None): cmd = module.get_bin_path('mysql', True) - cmd += " --user=%s --password='%s'" %(user, password) + cmd += " --user=%s --password='%s'" % (pipes.quote(user), pipes.quote(password)) if socket is not None: - cmd += " --socket=%s" % socket + cmd += " --socket=%s" % pipes.quote(socket) else: - cmd += " --host=%s --port=%s" % (host, port) - cmd += " -D %s" % db_name + cmd += " --host=%s --port=%s" % (pipes.quote(host), pipes.quote(port)) + cmd += " -D %s" % pipes.quote(db_name) if os.path.splitext(target)[-1] == '.gz': - cmd = 'gunzip < ' + target + ' | ' + cmd + cmd = 'gunzip < ' + pipes.quote(target) + ' | ' + cmd elif os.path.splitext(target)[-1] == '.bz2': - cmd = 'bunzip2 < ' + target + ' | ' + cmd + cmd = 'bunzip2 < ' + pipes.quote(target) + ' | ' + cmd else: - cmd += " < %s" % target - rc, stdout, stderr = module.run_command(cmd) + cmd += " < %s" % pipes.quote(target) + rc, stdout, stderr = module.run_command(cmd, use_unsafe_shell=True) return rc, stdout, stderr def db_create(cursor, db, encoding, collation): |