Apply MissingFilePermissionsRule to get_url module (#1949)

Co-authored-by: Sorin Sbarnea <ssbarnea@redhat.com>
ansible · Mar 5, 2022 · 24dd54a · 24dd54a
1 parent 1013149
commit 24dd54a
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 0 deletions.
diff --git a/src/ansiblelint/rules/MissingFilePermissionsRule.py b/src/ansiblelint/rules/MissingFilePermissionsRule.py
@@ -44,6 +44,8 @@
     "ansible.builtin.copy",
     "file",
     "ansible.builtin.file",
+    "get_url",
+    "ansible.builtin.get_url",
     "replace",  # implicit preserve behavior but mode: preserve is invalid
     "ansible.builtin.replace",
     "template",  # supports preserve
@@ -136,6 +138,16 @@ def matchtask(
         mode: 0600
 """
 
+    SUCCESS_PERMISSIONS_PRESENT_GET_URL = """
+- hosts: all
+  tasks:
+    - name: permissions not missing and numeric
+      get_url:
+        url: http://foo
+        dest: foo
+        mode: 0600
+"""
+
     SUCCESS_ABSENT_STATE = """
 - hosts: all
   tasks:
@@ -235,6 +247,17 @@ def matchtask(
         line: some content here
 """
 
+    FAIL_MISSING_PERMISSIONS_GET_URL = """
+---
+- hosts: all
+  tasks:
+    - name: permissions missing
+      # noqa: fqcn-builtins
+      get_url:
+        url: http://foo
+        dest: foo
+"""
+
     FAIL_LINEINFILE_CREATE = """
 - hosts: all
   tasks:
@@ -293,6 +316,14 @@ def test_success_permissions_present(rule_runner: RunFromText) -> None:
         results = rule_runner.run_playbook(SUCCESS_PERMISSIONS_PRESENT)
         assert len(results) == 0
 
+    @pytest.mark.parametrize(
+        "rule_runner", (MissingFilePermissionsRule,), indirect=["rule_runner"]
+    )
+    def test_success_permissions_present_get_url(rule_runner: RunFromText) -> None:
+        """Permissions present and numeric for get_url."""
+        results = rule_runner.run_playbook(SUCCESS_PERMISSIONS_PRESENT_GET_URL)
+        assert len(results) == 0
+
     @pytest.mark.parametrize(
         "rule_runner", (MissingFilePermissionsRule,), indirect=["rule_runner"]
     )
@@ -365,6 +396,14 @@ def test_fail_missing_permissions_directory(rule_runner: RunFromText) -> None:
         results = rule_runner.run_playbook(FAIL_MISSING_PERMISSIONS_DIRECTORY)
         assert len(results) == 2
 
+    @pytest.mark.parametrize(
+        "rule_runner", (MissingFilePermissionsRule,), indirect=["rule_runner"]
+    )
+    def test_fail_missing_permissions_get_url(rule_runner: RunFromText) -> None:
+        """Missing permissions with get_url module."""
+        results = rule_runner.run_playbook(FAIL_MISSING_PERMISSIONS_GET_URL)
+        assert len(results) == 1
+
     @pytest.mark.parametrize(
         "rule_runner", (MissingFilePermissionsRule,), indirect=["rule_runner"]
     )

diff --git a/test/TestSkipInsideYaml.py b/test/TestSkipInsideYaml.py
@@ -52,10 +52,12 @@
 
     - name: test YAML and var-spacing
       ansible.builtin.get_url:
+        # noqa: risky-file-permissions
         url: http://example.com/really_long_path/really_long_path/really_long_path/really_long_path/really_long_path/really_long_path/really_long_path/really_long_path/file.conf
         dest: "{{dest_proj_path}}/foo.conf"
     - name: test YAML and var-spacing (skipped)
       ansible.builtin.get_url:
+        # noqa: risky-file-permissions
         url: http://example.com/really_long_path/really_long_path/really_long_path/really_long_path/really_long_path/really_long_path/really_long_path/really_long_path/file.conf  # noqa yaml
         dest: "{{dest_proj_path}}/foo.conf"  # noqa var-spacing