diff options
| author | Brian Coca <bcoca@users.noreply.github.com> | 2024-12-10 16:07:12 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-12-10 16:07:12 +0100 |
| commit | 3c91eab0d8f05de39648a8bbe1149a8c4c591fb9 (patch) | |
| tree | 64b3de663e6b07bb7dd0d70e3c58d063d507b95e | |
| parent | simplify copy module (#84313) (diff) | |
| download | ansible-3c91eab0d8f05de39648a8bbe1149a8c4c591fb9.tar.xz ansible-3c91eab0d8f05de39648a8bbe1149a8c4c591fb9.zip | |
copy, prevent internal options in task (#84422)
* copy, prevent internal options in task
fixes #84367
| -rw-r--r-- | changelogs/fragments/copy_validate_input.yml | 2 | ||||
| -rw-r--r-- | lib/ansible/plugins/action/copy.py | 7 | ||||
| -rw-r--r-- | test/integration/targets/copy/tasks/main.yml | 14 |
3 files changed, 22 insertions, 1 deletions
diff --git a/changelogs/fragments/copy_validate_input.yml b/changelogs/fragments/copy_validate_input.yml new file mode 100644 index 0000000000..6673def54e --- /dev/null +++ b/changelogs/fragments/copy_validate_input.yml @@ -0,0 +1,2 @@ +bugfixes: + - copy action now prevents user from setting internal options. diff --git a/lib/ansible/plugins/action/copy.py b/lib/ansible/plugins/action/copy.py index 2047671b47..a6de4b05d3 100644 --- a/lib/ansible/plugins/action/copy.py +++ b/lib/ansible/plugins/action/copy.py @@ -26,7 +26,7 @@ import tempfile import traceback from ansible import constants as C -from ansible.errors import AnsibleError, AnsibleFileNotFound +from ansible.errors import AnsibleError, AnsibleActionFail, AnsibleFileNotFound from ansible.module_utils.basic import FILE_COMMON_ARGUMENTS from ansible.module_utils.common.text.converters import to_bytes, to_native, to_text from ansible.module_utils.parsing.convert_bool import boolean @@ -412,6 +412,11 @@ class ActionModule(ActionBase): result = super(ActionModule, self).run(tmp, task_vars) del tmp # tmp no longer has any effect + # ensure user is not setting internal parameters + for internal in ('_original_basename', '_diff_peek'): + if self._task.args.get(internal, None) is not None: + raise AnsibleActionFail(f'Invalid parameter specified: "{internal}"') + source = self._task.args.get('src', None) content = self._task.args.get('content', None) dest = self._task.args.get('dest', None) diff --git a/test/integration/targets/copy/tasks/main.yml b/test/integration/targets/copy/tasks/main.yml index d46b783d74..eba932f819 100644 --- a/test/integration/targets/copy/tasks/main.yml +++ b/test/integration/targets/copy/tasks/main.yml @@ -109,6 +109,20 @@ - name: tests with remote_src and non files import_tasks: src_remote_file_is_not_file.yml + - name: Test internal options + copy: + content: 'irrelevant' + dest: '{{ local_temp_dir}}/file.txt' + _diff_peek: true + register: peek + ignore_errors: true + + - name: Test internal options + assert: + that: + - peek is failed + - "'_diff_peek' in peek['msg']" + always: - name: Cleaning file: |