fix unsafe preservation across newlines (#74960) (#74973)

CVE-2021-3583 ensure we always have unsafe Co-authored-by: Rick Elrod <rick@elrod.me> (cherry picked from commit 4c8c40fd3d4a58defdc80e7d22aa8d26b731353e)
author: Brian Coca <bcoca@users.noreply.github.com> 2021-06-11 17:43:09 -0400
committer: GitHub <noreply@github.com> 2021-06-11 16:43:09 -0500
commit: 03aff644cc1c00e1f7551195c68fbd0d13a39e6e (patch)
tree: b532a608c8bcde76484d56a37dae378aeaf8b3a3 /test/integration/targets/template/unsafe.yml
parent: 578fa17af58ae665cc652c530f1de6562659665c (diff)
download: ansible-03aff644cc1c00e1f7551195c68fbd0d13a39e6e.tar.gz
1 files changed, 19 insertions, 0 deletions
diff --git a/test/integration/targets/template/unsafe.yml b/test/integration/targets/template/unsafe.yml
new file mode 100644
index 0000000000..6746e1ea0c
--- /dev/null
+++ b/test/integration/targets/template/unsafe.yml
@@ -0,0 +1,19 @@
+- hosts: localhost
+  gather_facts: false
+  vars:
+    nottemplated: this should not be seen
+    imunsafe: !unsafe '{{ nottemplated }}'
+  tasks:
+
+    - set_fact:
+        this_was_unsafe: >
+          {{ imunsafe }}
+
+    - set_fact:
+          this_always_safe: '{{ imunsafe }}'
+
+    - name: ensure nothing was templated
+      assert:
+        that:
+        - this_always_safe == imunsafe
+        - imunsafe == this_was_unsafe.strip()
author	Brian Coca <bcoca@users.noreply.github.com>	2021-06-11 17:43:09 -0400
committer	GitHub <noreply@github.com>	2021-06-11 16:43:09 -0500
commit	03aff644cc1c00e1f7551195c68fbd0d13a39e6e (patch)
tree	b532a608c8bcde76484d56a37dae378aeaf8b3a3 /test/integration/targets/template/unsafe.yml
parent	578fa17af58ae665cc652c530f1de6562659665c (diff)
download	ansible-03aff644cc1c00e1f7551195c68fbd0d13a39e6e.tar.gz