1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Fix another corner case of too many warnings for world readable current working directory

There should be no warning if there is no ansible.cfg file i nthe
current working directory.
This commit is contained in:
Toshio Kuratomi 2018-08-23 19:22:58 -07:00
parent 8ed7e80fc8
commit f46c943d3d
3 changed files with 38 additions and 2 deletions

View file

@ -0,0 +1,7 @@
---
bugfixes:
- The fix for `CVE-2018-10875 <https://access.redhat.com/security/cve/cve-2018-10875>`_
prints out a warning message about skipping a config file from a world
writable current working directory. However, if the user is in a world
writable current working directory which does not contain a config file, it
should not print a warning message. This release fixes that extaneous warning.

View file

@ -176,10 +176,14 @@ def find_ini_config_file(warnings=None):
try: try:
cwd = os.getcwd() cwd = os.getcwd()
perms = os.stat(cwd) perms = os.stat(cwd)
cwd_cfg = os.path.join(cwd, "ansible.cfg")
if perms.st_mode & stat.S_IWOTH: if perms.st_mode & stat.S_IWOTH:
warn_cmd_public = True # Working directory is world writable so we'll skip it.
# Still have to look for a file here, though, so that we know if we have to warn
if os.path.exists(cwd_cfg):
warn_cmd_public = True
else: else:
potential_paths.append(os.path.join(cwd, "ansible.cfg")) potential_paths.append(cwd_cfg)
except OSError: except OSError:
# If we can't access cwd, we'll simply skip it as a possible config source # If we can't access cwd, we'll simply skip it as a possible config source
pass pass

View file

@ -144,6 +144,31 @@ class TestFindIniFile:
assert find_ini_config_file(warnings) is None assert find_ini_config_file(warnings) is None
assert warnings == set() assert warnings == set()
# ANSIBLE_CONFIG not specified
@pytest.mark.parametrize('setup_env', [[None]], indirect=['setup_env'])
# All config files are present except in cwd
@pytest.mark.parametrize('setup_existing_files',
[[('/etc/ansible/ansible.cfg', cfg_in_homedir, cfg_file, alt_cfg_file)]],
indirect=['setup_existing_files'])
def test_no_cwd_cfg_no_warning_on_writable(self, setup_env, setup_existing_files, monkeypatch):
"""If the cwd is writable but there is no config file there, move on with no warning"""
real_stat = os.stat
def _os_stat(path):
if path == working_dir:
from posix import stat_result
stat_info = list(real_stat(path))
stat_info[stat.ST_MODE] |= stat.S_IWOTH
return stat_result(stat_info)
else:
return real_stat(path)
monkeypatch.setattr('os.stat', _os_stat)
warnings = set()
assert find_ini_config_file(warnings) == cfg_in_homedir
assert len(warnings) == 0
# ANSIBLE_CONFIG not specified # ANSIBLE_CONFIG not specified
@pytest.mark.parametrize('setup_env', [[None]], indirect=['setup_env']) @pytest.mark.parametrize('setup_env', [[None]], indirect=['setup_env'])
# All config files are present # All config files are present