OSSForks/ansible
1
0
Fork 0
mirror of https://github.com/zebrajr/ansible.git synced 2025-12-06 00:19:48 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
stable-2.1
ansible/examples
History
James Cammarata fd30f53289 Fixing security issue with lookup returns not tainting the jinja2 environment 
CVE-2017-7481

Lookup returns wrap the result in unsafe, however when used through the
standard templar engine, this does not result in the jinja2 environment being
marked as unsafe as a whole. This means the lookup result looses the unsafe
protection and may become simple unicode strings, which can result in bad
things being re-templated.

This also adds a global lookup param and cfg options for lookups to allow
unsafe returns, so users can force the previous (insecure) behavior.

(cherry picked from commit 72dfb1570d22ac519350a8c09e76c458789120ed)
(cherry picked from commit fadccda7c7a2e8d0650f4dee8e3cea93cf17acfd)
2017-05-08 15:59:55 -05:00
..
playbooks Wrong target for link? 2013-07-24 15:36:21 -07:00
scripts Merge pull request #12363 from breathe/devel 2016-02-29 22:28:53 +00:00
ansible.cfg Fixing security issue with lookup returns not tainting the jinja2 environment 2017-05-08 15:59:55 -05:00
DOCUMENTATION.yml Add github ID to documentation example 2015-10-01 14:20:06 -04:00
hosts comment examples in default hosts file 2015-12-04 16:24:19 -05:00
hosts.yaml draft add group merge priority and yaml inventory 2016-04-07 16:22:36 -04:00