Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pipe: update docs for Popen with shell=True usage #70596

Merged
merged 1 commit into from Jul 13, 2020
Merged

pipe: update docs for Popen with shell=True usage #70596

merged 1 commit into from Jul 13, 2020

Conversation

Akasurde
Copy link
Member

@Akasurde Akasurde commented Jul 13, 2020
edited

SUMMARY

pipe lookup plugin uses Popen with shell=True intentionally.
This is considered a security issue if user input is not validated.
Updated docs to reflect this information for the user. Also, added
Bandit B602 documentation link for further reading.

Fixes: #70159

Signed-off-by: Abhijeet Kasurde akasurde@redhat.com

ISSUE TYPE
  • Docs Pull Request
COMPONENT NAME

changelogs/fragments/70261_pipe_lookup.yml
lib/ansible/plugins/lookup/pipe.py

@Akasurde
pipe: update docs for Popen with shell=True usage
5879e27 
pipe lookup plugin uses Popen with shell=True intentially.
This is considered as security issue if user input is not validated.
Updated docs to reflect this information for the user. Also, added
Bandit B602 documentation link for further reading.

Fixes: ansible#70159

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
@Akasurde Akasurde requested a review from samdoran July 13, 2020 12:43
@ansibot ansibot added affects_2.11 core_review In order to be merged, this PR must follow the core review workflow. docs This issue/PR relates to or includes documentation. needs_triage Needs a first human triage before being processed. support:community This issue/PR relates to code supported by the Ansible community. support:core This issue/PR relates to code supported by the Ansible Engineering Team. needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. and removed core_review In order to be merged, this PR must follow the core review workflow. labels Jul 13, 2020
@samdoran
Copy link
Contributor

rebuild_merge

@Akasurde Akasurde merged commit e5649ca into ansible:devel Jul 13, 2020
@Akasurde Akasurde deleted the i70159 branch July 13, 2020 16:10
@Akasurde
Copy link
Member Author

@samdoran Thanks for the review.

@Akasurde Akasurde removed the needs_triage Needs a first human triage before being processed. label Jul 13, 2020
@ansible ansible locked and limited conversation to collaborators Aug 10, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@samdoran samdoran samdoran approved these changes

Assignees
No one assigned
Labels
affects_2.11 docs This issue/PR relates to or includes documentation. needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. support:community This issue/PR relates to code supported by the Ansible community. support:core This issue/PR relates to code supported by the Ansible Engineering Team.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Potential Vulnerability in Pipe Lookup Plugin is Obsfuscated in the Documentation
3 participants
@Akasurde @samdoran @ansibot