mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Fix another corner case of too many warnings for world readable current working directory
There should be no warning if there is no ansible.cfg file i nthe current working directory.
This commit is contained in:
parent
8ed7e80fc8
commit
f46c943d3d
3 changed files with 38 additions and 2 deletions
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
bugfixes:
|
||||||
|
- The fix for `CVE-2018-10875 <https://access.redhat.com/security/cve/cve-2018-10875>`_
|
||||||
|
prints out a warning message about skipping a config file from a world
|
||||||
|
writable current working directory. However, if the user is in a world
|
||||||
|
writable current working directory which does not contain a config file, it
|
||||||
|
should not print a warning message. This release fixes that extaneous warning.
|
|
@ -176,10 +176,14 @@ def find_ini_config_file(warnings=None):
|
||||||
try:
|
try:
|
||||||
cwd = os.getcwd()
|
cwd = os.getcwd()
|
||||||
perms = os.stat(cwd)
|
perms = os.stat(cwd)
|
||||||
|
cwd_cfg = os.path.join(cwd, "ansible.cfg")
|
||||||
if perms.st_mode & stat.S_IWOTH:
|
if perms.st_mode & stat.S_IWOTH:
|
||||||
warn_cmd_public = True
|
# Working directory is world writable so we'll skip it.
|
||||||
|
# Still have to look for a file here, though, so that we know if we have to warn
|
||||||
|
if os.path.exists(cwd_cfg):
|
||||||
|
warn_cmd_public = True
|
||||||
else:
|
else:
|
||||||
potential_paths.append(os.path.join(cwd, "ansible.cfg"))
|
potential_paths.append(cwd_cfg)
|
||||||
except OSError:
|
except OSError:
|
||||||
# If we can't access cwd, we'll simply skip it as a possible config source
|
# If we can't access cwd, we'll simply skip it as a possible config source
|
||||||
pass
|
pass
|
||||||
|
|
|
@ -144,6 +144,31 @@ class TestFindIniFile:
|
||||||
assert find_ini_config_file(warnings) is None
|
assert find_ini_config_file(warnings) is None
|
||||||
assert warnings == set()
|
assert warnings == set()
|
||||||
|
|
||||||
|
# ANSIBLE_CONFIG not specified
|
||||||
|
@pytest.mark.parametrize('setup_env', [[None]], indirect=['setup_env'])
|
||||||
|
# All config files are present except in cwd
|
||||||
|
@pytest.mark.parametrize('setup_existing_files',
|
||||||
|
[[('/etc/ansible/ansible.cfg', cfg_in_homedir, cfg_file, alt_cfg_file)]],
|
||||||
|
indirect=['setup_existing_files'])
|
||||||
|
def test_no_cwd_cfg_no_warning_on_writable(self, setup_env, setup_existing_files, monkeypatch):
|
||||||
|
"""If the cwd is writable but there is no config file there, move on with no warning"""
|
||||||
|
real_stat = os.stat
|
||||||
|
|
||||||
|
def _os_stat(path):
|
||||||
|
if path == working_dir:
|
||||||
|
from posix import stat_result
|
||||||
|
stat_info = list(real_stat(path))
|
||||||
|
stat_info[stat.ST_MODE] |= stat.S_IWOTH
|
||||||
|
return stat_result(stat_info)
|
||||||
|
else:
|
||||||
|
return real_stat(path)
|
||||||
|
|
||||||
|
monkeypatch.setattr('os.stat', _os_stat)
|
||||||
|
|
||||||
|
warnings = set()
|
||||||
|
assert find_ini_config_file(warnings) == cfg_in_homedir
|
||||||
|
assert len(warnings) == 0
|
||||||
|
|
||||||
# ANSIBLE_CONFIG not specified
|
# ANSIBLE_CONFIG not specified
|
||||||
@pytest.mark.parametrize('setup_env', [[None]], indirect=['setup_env'])
|
@pytest.mark.parametrize('setup_env', [[None]], indirect=['setup_env'])
|
||||||
# All config files are present
|
# All config files are present
|
||||||
|
|
Loading…
Reference in a new issue