-
Notifications
You must be signed in to change notification settings - Fork 23.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
correctly use configured ansible_shell_executable #31361
Conversation
lib/ansible/module_utils/basic.py
Outdated
msg = "Argument 'args' to run_command must be list or string" | ||
self.fail_json(rc=257, cmd=args, msg=msg) | ||
|
||
# expand shellisms | ||
args = [os.path.expanduser(os.path.expandvars(x)) for x in args if x is not None] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this is safe. If someone is calling this function without unsafe_shell they probably have not quoted the arguments to prevent this sort of expansion.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay, looking further down, I see that you're just moving this around though...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it is a change in the end as we did not do this for stringified version .. but we probably should have.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the shell itself would have done it before. but might have done it slightly differently.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so with last change to always stringify in unsafe, moving this back down into an else:
lib/ansible/module_utils/basic.py
Outdated
else: | ||
shell = True | ||
if self._shell not in (None, '/bin/sh'): | ||
args = [self._shell, '-c'] + args |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems wrong. Won't this end up being the equivalent of:
/bin/sh -c if [ x"test" = x"test" ] ; then printf "hi" ; fi
When what we really want is the former which is the equivalent of:
/bin/sh -c 'if [ x"test" = x"test" ] ; then printf "hi" ; fi'
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updated to always stringify
This looks right. +1 |
bdb7209
to
6b035ed
Compare
CI failure in
|
refine args/shell/executable hanlding
5614cd6
to
2cf512f
Compare
+1 merge it. |
This has been cherry-picked into the temp-staging-post-2.4.0 branch for release in 2.4.1 |
SUMMARY
fixes #30836
fixes #24169 .. correctly this time
fixes #26741 i had misunderstood the issue, now the proper shell should be used, not the default
fixes #30620
ISSUE TYPE
run_command
ANSIBLE VERSION