diff options
author | Computest <anon@@computest.nl> | 2017-01-10 16:51:40 -0600 |
---|---|---|
committer | James Cammarata <jimi@sngx.net> | 2017-01-11 15:54:42 -0600 |
commit | 51559b0a51e7149b207d5db6f1bd85fe451e6dc2 (patch) | |
tree | ea716b2f59038c36198586b697d5288bdbd05edf | |
parent | bd1ba1e21a5be0a46e2a81b8cb9fc43607da1036 (diff) | |
download | ansible-51559b0a51e7149b207d5db6f1bd85fe451e6dc2.tar.gz |
Fixing another corner case for security related to CVE-2016-9587
(cherry picked from commit bcceada5d9b78ad77069c78226f8e9b336ff8949)
-rw-r--r-- | lib/ansible/template/__init__.py | 6 | ||||
-rw-r--r-- | lib/ansible/vars/unsafe_proxy.py | 8 |
2 files changed, 9 insertions, 5 deletions
diff --git a/lib/ansible/template/__init__.py b/lib/ansible/template/__init__.py index eddef1659e..9982535013 100644 --- a/lib/ansible/template/__init__.py +++ b/lib/ansible/template/__init__.py @@ -154,7 +154,7 @@ class AnsibleContext(Context): ''' if isinstance(val, dict): for key in val.keys(): - if self._is_unsafe(val[key]): + if self._is_unsafe(key) or self._is_unsafe(val[key]): return True elif isinstance(val, list): for item in val: @@ -392,11 +392,11 @@ class Templar: fail_on_undefined=fail_on_undefined, overrides=overrides, ) - if convert_data and not self._no_type_regex.match(variable): + unsafe = hasattr(result, '__UNSAFE__') + if convert_data and not self._no_type_regex.match(variable) and not unsafe: # if this looks like a dictionary or list, convert it to such using the safe_eval method if (result.startswith("{") and not result.startswith(self.environment.variable_start_string)) or \ result.startswith("[") or result in ("True", "False"): - unsafe = hasattr(result, '__UNSAFE__') eval_results = safe_eval(result, locals=self._available_variables, include_exceptions=True) if eval_results[1] is None: result = eval_results[0] diff --git a/lib/ansible/vars/unsafe_proxy.py b/lib/ansible/vars/unsafe_proxy.py index 211220d8a7..3923289520 100644 --- a/lib/ansible/vars/unsafe_proxy.py +++ b/lib/ansible/vars/unsafe_proxy.py @@ -93,10 +93,14 @@ class AnsibleJSONUnsafeDecoder(json.JSONDecoder): return value def _wrap_dict(v): + # Create new dict to get rid of the keys that are not wrapped. + new = {} for k in v.keys(): if v[k] is not None: - v[wrap_var(k)] = wrap_var(v[k]) - return v + new[wrap_var(k)] = wrap_var(v[k]) + else: + new[wrap_var(k)] = None + return new def _wrap_list(v): |