New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Connection error messages are unsafe: wrap them #37329
Merged
abadger
merged 2 commits into
ansible:devel
from
pilou-:connection_avoid_to_return_unsafe_data
Mar 13, 2018
Merged
Connection error messages are unsafe: wrap them #37329
abadger
merged 2 commits into
ansible:devel
from
pilou-:connection_avoid_to_return_unsafe_data
Mar 13, 2018
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ansibot
added
bug
This issue/PR relates to a bug.
needs_revision
This PR fails CI tests or a maintainer has requested a review/revision of the PR.
needs_triage
Needs a first human triage before being processed.
support:community
This issue/PR relates to code supported by the Ansible community.
support:core
This issue/PR relates to code supported by the Ansible Engineering Team.
test
This PR relates to tests.
labels
Mar 13, 2018
bcoca
removed
the
needs_triage
Needs a first human triage before being processed.
label
Mar 13, 2018
CI fail with both FreeBSD environments:
@mattclay is there something special with Edited: shebang was incorrect |
For example, in case of error, docker connection plugin returns exception message containing Go template. These messages weren't tagged as unsafe and were consequently rendered: The conditional check 'result is failed' failed. The error was: { 'msg': u'Docker version check ([\'/usr/bin/docker\', \'version\', \'--format\', "\'{{.Server.Version}}\'"]) failed: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.35/version: dial unix /var/run/docker.sock: connect: permission denied\n', 'failed': True }: template error while templating string: unexpected '.'. String: Docker version check (['/usr/bin/docker', 'version', '--format', "'{{.Server.Version}}'"]) failed: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.35/version: dial unix /var/run/docker.sock: connect: permission denied
pilou-
force-pushed
the
connection_avoid_to_return_unsafe_data
branch
from
March 13, 2018 19:55
cf040f3
to
d2d0cf2
Compare
ansibot
removed
the
needs_revision
This PR fails CI tests or a maintainer has requested a review/revision of the PR.
label
Mar 13, 2018
This looks right to me. Merging. |
abadger
pushed a commit
that referenced
this pull request
Mar 14, 2018
* Check that connection error msg are not unsafe * Connection error messages are unsafe: wrap them For example, in case of error, docker connection plugin returns exception message containing Go template. These messages weren't tagged as unsafe and were consequently rendered: The conditional check 'result is failed' failed. The error was: { 'msg': u'Docker version check ([\'/usr/bin/docker\', \'version\', \'--format\', "\'{{.Server.Version}}\'"]) failed: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.35/version: dial unix /var/run/docker.sock: connect: permission denied\n', 'failed': True }: template error while templating string: unexpected '.'. String: Docker version check (['/usr/bin/docker', 'version', '--format', "'{{.Server.Version}}'"]) failed: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.35/version: dial unix /var/run/docker.sock: connect: permission denied (cherry picked from commit 4378542)
abadger
pushed a commit
to abadger/ansible
that referenced
this pull request
Mar 14, 2018
* Check that connection error msg are not unsafe * Connection error messages are unsafe: wrap them For example, in case of error, docker connection plugin returns exception message containing Go template. These messages weren't tagged as unsafe and were consequently rendered: The conditional check 'result is failed' failed. The error was: { 'msg': u'Docker version check ([\'/usr/bin/docker\', \'version\', \'--format\', "\'{{.Server.Version}}\'"]) failed: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.35/version: dial unix /var/run/docker.sock: connect: permission denied\n', 'failed': True }: template error while templating string: unexpected '.'. String: Docker version check (['/usr/bin/docker', 'version', '--format', "'{{.Server.Version}}'"]) failed: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.35/version: dial unix /var/run/docker.sock: connect: permission denied (cherry picked from commit 4378542)
nitzmahone
pushed a commit
that referenced
this pull request
Mar 15, 2018
* Connection error messages are unsafe: wrap them (#37329) * Check that connection error msg are not unsafe * Connection error messages are unsafe: wrap them For example, in case of error, docker connection plugin returns exception message containing Go template. These messages weren't tagged as unsafe and were consequently rendered: The conditional check 'result is failed' failed. The error was: { 'msg': u'Docker version check ([\'/usr/bin/docker\', \'version\', \'--format\', "\'{{.Server.Version}}\'"]) failed: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.35/version: dial unix /var/run/docker.sock: connect: permission denied\n', 'failed': True }: template error while templating string: unexpected '.'. String: Docker version check (['/usr/bin/docker', 'version', '--format', "'{{.Server.Version}}'"]) failed: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.35/version: dial unix /var/run/docker.sock: connect: permission denied (cherry picked from commit 4378542) * Add a changelog for the no-template error message fix
abadger
pushed a commit
that referenced
this pull request
Mar 19, 2018
* Check that connection error msg are not unsafe * Connection error messages are unsafe: wrap them For example, in case of error, docker connection plugin returns exception message containing Go template. These messages weren't tagged as unsafe and were consequently rendered: The conditional check 'result is failed' failed. The error was: { 'msg': u'Docker version check ([\'/usr/bin/docker\', \'version\', \'--format\', "\'{{.Server.Version}}\'"]) failed: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.35/version: dial unix /var/run/docker.sock: connect: permission denied\n', 'failed': True }: template error while templating string: unexpected '.'. String: Docker version check (['/usr/bin/docker', 'version', '--format', "'{{.Server.Version}}'"]) failed: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.35/version: dial unix /var/run/docker.sock: connect: permission denied (cherry picked from commit 4378542)
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
bug
This issue/PR relates to a bug.
support:community
This issue/PR relates to code supported by the Ansible community.
support:core
This issue/PR relates to code supported by the Ansible Engineering Team.
test
This PR relates to tests.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
SUMMARY
Connection error messages are unsafe: wrap them.
For example, in case of error,
docker
connection plugin returns exception message containing Go template ({{.Server.Version}}
). These messages weren't tagged as unsafe and were consequently rendered, then a template exception occurred.Integration test provided 馃帀
ISSUE TYPE
COMPONENT NAME
connection plugin
ANSIBLE VERSION
ADDITIONAL INFORMATION
2.4 and 2.5 are affected too: bugfix should be backported.