Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[2.9] pipe: update docs for Popen with shell=True usage #70603

Merged
merged 1 commit into from Jul 17, 2020
Merged

[2.9] pipe: update docs for Popen with shell=True usage #70603

merged 1 commit into from Jul 17, 2020

Conversation

Akasurde
Copy link
Member

SUMMARY

pipe lookup plugin uses Popen with shell=True intentionally.
This is considered a security issue if user input is not validated.
Updated docs to reflect this information for the user. Also, added
Bandit B602 documentation link for further reading.

Fixes: #70159

Signed-off-by: Abhijeet Kasurde akasurde@redhat.com
(cherry picked from commit e5649ca)

ISSUE TYPE
  • Docs Pull Request
COMPONENT NAME

changelogs/fragments/70261_pipe_lookup.yml
lib/ansible/plugins/lookup/pipe.py

@Akasurde
[2.9] pipe: update docs for Popen with shell=True usage
6adafb5 
pipe lookup plugin uses Popen with shell=True intentionally.
This is considered a security issue if user input is not validated.
Updated docs to reflect this information for the user. Also, added
Bandit B602 documentation link for further reading.

Fixes: ansible#70159

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit e5649ca)
@ansibot ansibot added affects_2.9 This issue/PR affects Ansible v2.9 backport This PR does not target the devel branch. core_review In order to be merged, this PR must follow the core review workflow. docs This issue/PR relates to or includes documentation. needs_triage Needs a first human triage before being processed. support:community This issue/PR relates to code supported by the Ansible community. support:core This issue/PR relates to code supported by the Ansible Engineering Team. needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. and removed core_review In order to be merged, this PR must follow the core review workflow. labels Jul 13, 2020
@nitzmahone nitzmahone merged commit 4f978af into ansible:stable-2.9 Jul 17, 2020
@sivel sivel removed the needs_triage Needs a first human triage before being processed. label Jul 21, 2020
@ansible ansible locked and limited conversation to collaborators Aug 14, 2020
@Akasurde Akasurde deleted the backport/2.9/70596 branch February 8, 2021 09:01
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
affects_2.9 This issue/PR affects Ansible v2.9 backport This PR does not target the devel branch. docs This issue/PR relates to or includes documentation. needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. support:community This issue/PR relates to code supported by the Ansible community. support:core This issue/PR relates to code supported by the Ansible Engineering Team.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@Akasurde @sivel @ansibot @nitzmahone