diff options
author | Brian Coca <bcoca@users.noreply.github.com> | 2021-06-11 17:43:09 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-06-11 16:43:09 -0500 |
commit | 03aff644cc1c00e1f7551195c68fbd0d13a39e6e (patch) | |
tree | b532a608c8bcde76484d56a37dae378aeaf8b3a3 /test/integration/targets/template/unsafe.yml | |
parent | 578fa17af58ae665cc652c530f1de6562659665c (diff) | |
download | ansible-03aff644cc1c00e1f7551195c68fbd0d13a39e6e.tar.gz |
fix unsafe preservation across newlines (#74960) (#74973)
CVE-2021-3583
ensure we always have unsafe
Co-authored-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit 4c8c40fd3d4a58defdc80e7d22aa8d26b731353e)
Diffstat (limited to 'test/integration/targets/template/unsafe.yml')
-rw-r--r-- | test/integration/targets/template/unsafe.yml | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/test/integration/targets/template/unsafe.yml b/test/integration/targets/template/unsafe.yml new file mode 100644 index 0000000000..6746e1ea0c --- /dev/null +++ b/test/integration/targets/template/unsafe.yml @@ -0,0 +1,19 @@ +- hosts: localhost + gather_facts: false + vars: + nottemplated: this should not be seen + imunsafe: !unsafe '{{ nottemplated }}' + tasks: + + - set_fact: + this_was_unsafe: > + {{ imunsafe }} + + - set_fact: + this_always_safe: '{{ imunsafe }}' + + - name: ensure nothing was templated + assert: + that: + - this_always_safe == imunsafe + - imunsafe == this_was_unsafe.strip() |