From 788ac511851a76f064cf09b7b3212f019626cc8e Mon Sep 17 00:00:00 2001
From: James Cammarata <jcammarata@ansibleworks.com>
Date: Mon, 17 Feb 2014 12:46:15 -0600
Subject: [PATCH] Sanitize sudo success_key from stdout for raw/script modules

Fixes #5533
Closes #5605
Closes #5606
Closes #5607
---
 lib/ansible/runner/action_plugins/raw.py | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/lib/ansible/runner/action_plugins/raw.py b/lib/ansible/runner/action_plugins/raw.py
index ac6ed698d5..da0cb13a2d 100644
--- a/lib/ansible/runner/action_plugins/raw.py
+++ b/lib/ansible/runner/action_plugins/raw.py
@@ -43,6 +43,11 @@ class ActionModule(object):
                 executable = v
         module_args = r.sub("", module_args)
 
-        return ReturnData(conn=conn,
-            result=self.runner._low_level_exec_command(conn, module_args, tmp, sudoable=True, executable=executable)
-        )
+        result = self.runner._low_level_exec_command(conn, module_args, tmp, sudoable=True, executable=executable)
+        # for some modules (script, raw), the sudo success key
+        # may leak into the stdout due to the way the sudo/su
+        # command is constructed, so we filter that out here
+        if result.get('stdout','').startswith('SUDO-SUCCESS-'):
+            result['stdout'] = re.sub(r'^SUDO-SUCCESS.*(\r)?\n', '', result['stdout'])
+
+        return ReturnData(conn=conn, result=result)