mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
ed56f51f18
CVE-2017-7481 Lookup returns wrap the result in unsafe, however when used through the standard templar engine, this does not result in the jinja2 environment being marked as unsafe as a whole. This means the lookup result looses the unsafe protection and may become simple unicode strings, which can result in bad things being re-templated. This also adds a global lookup param and cfg options for lookups to allow unsafe returns, so users can force the previous (insecure) behavior. |
||
---|---|---|
.. | ||
__init__.py | ||
safe_eval.py | ||
template.py | ||
vars.py |