diff options
author | Ganesh Nalawade <ganesh634@gmail.com> | 2020-01-11 00:41:27 +0530 |
---|---|---|
committer | Matt Clay <mclay@redhat.com> | 2020-01-10 11:11:27 -0800 |
commit | 88416b627caac5f0f4bff335d5387e0bcca938ca (patch) | |
tree | 7b73729aaeaef483b6a65ac0bad26f396412abc2 | |
parent | 096a68198225da16df57e4d137198e36153f4afc (diff) | |
download | ansible-88416b627caac5f0f4bff335d5387e0bcca938ca.tar.gz |
Fix nxos_file_copy option value path validation (#65423) (#65848)
* Fix nxos_file_copy option value path validation
* Modify `local_file`, `local_file_directory` and
`remote_file` option type from `str` to `path`
so that the option value is validated in Ansible
for a legitimate path value
* Fix review comments
(cherry picked from commit 88008badb1b0186e060d6796449ddb28f4a8457b)
-rw-r--r-- | changelogs/fragments/nxos_file_copy_path_issue.yml | 6 | ||||
-rw-r--r-- | lib/ansible/modules/network/nxos/nxos_file_copy.py | 10 |
2 files changed, 12 insertions, 4 deletions
diff --git a/changelogs/fragments/nxos_file_copy_path_issue.yml b/changelogs/fragments/nxos_file_copy_path_issue.yml new file mode 100644 index 0000000000..2e476d8917 --- /dev/null +++ b/changelogs/fragments/nxos_file_copy_path_issue.yml @@ -0,0 +1,6 @@ +bugfixes: +- "CVE-2019-14905 - nxos_file_copy module accepts remote_file parameter which is used for destination name + and performs actions related to that on the device using the value of remote_file which is of string type + However, there is no user input validation done while performing actions. A malicious code could crafts + the filename parameter to take advantage by performing an OS command injection. This fix validates the + option value if it is legitimate file path or not." diff --git a/lib/ansible/modules/network/nxos/nxos_file_copy.py b/lib/ansible/modules/network/nxos/nxos_file_copy.py index 678aa65389..85e131c03d 100644 --- a/lib/ansible/modules/network/nxos/nxos_file_copy.py +++ b/lib/ansible/modules/network/nxos/nxos_file_copy.py @@ -57,6 +57,7 @@ options: - When (file_pull is False) this is the path to the local file on the Ansible controller. The local directory must exist. - When (file_pull is True) this is the file name used on the NXOS device. + type: path remote_file: description: - When (file_pull is False) this is the remote file path on the NXOS device. @@ -64,6 +65,7 @@ options: The remote directory must exist. - When (file_pull is True) this is the full path to the file on the remote SCP server to be copied to the NXOS device. + type: path file_system: description: - The remote file system of the device. If omitted, @@ -91,6 +93,7 @@ options: and written to this directory on the NXOS device. If the directory does not exist, it will be created under the file_system. This is an optional parameter. - When (file_pull is False), this not used. + type: path version_added: "2.7" file_pull_timeout: description: @@ -125,7 +128,6 @@ EXAMPLES = ''' # Initiate file copy from the nxos device to transfer file from an SCP server back to the nxos device - name: "initiate file copy from device" nxos_file_copy: - nxos_file_copy: file_pull: True local_file: "xyz" local_filr_directory: "dir1/dir2/dir3" @@ -356,13 +358,13 @@ def copy_file_from_remote(module, local, local_file_directory, file_system='boot def main(): argument_spec = dict( - local_file=dict(type='str'), - remote_file=dict(type='str'), + local_file=dict(type='path'), + remote_file=dict(type='path'), file_system=dict(required=False, default='bootflash:'), connect_ssh_port=dict(required=False, type='int', default=22), file_pull=dict(type='bool', default=False), file_pull_timeout=dict(type='int', default=300), - local_file_directory=dict(required=False, type='str'), + local_file_directory=dict(required=False, type='path'), remote_scp_server=dict(type='str'), remote_scp_server_user=dict(type='str'), remote_scp_server_password=dict(no_log=True), |