def run(self, tmp=None, task_vars=None):
if not paths._is_official_module(self):
return paths._fail_module_dict(self._task.action)
try:
delegate_to = self._task.delegate_to
except (AttributeError, KeyError):
delegate_to = None
if delegate_to and not paths._is_localhost_task(self):
return super(ActionModule, self).run(tmp, task_vars)
source = self._task.args.get('src', None)
dest = self._task.args.get('dest', None)
mode = self._task.args.get('mode', 'push')
if 'rsync_opts' not in self._task.args:
self._task.args['rsync_opts'] = []
if '--safe-links' not in self._task.args['rsync_opts']:
self._task.args['rsync_opts'].append('--safe-links')
if mode == 'push' and not paths._is_safe_path(source,
allow_trusted=True):
return paths._fail_dict(source, prefix='Syncing files from')
if mode == 'pull' and not paths._is_safe_path(dest):
return paths._fail_dict(dest, prefix='Syncing files to')
return super(ActionModule, self).run(tmp, task_vars)
def run(self, tmp=None, task_vars=None):
if not paths._is_official_module(self):
return paths._fail_module_dict(self._task.action)
try:
delegate_to = self._task.delegate_to
except (AttributeError, KeyError):
delegate_to = None
if delegate_to and not paths._is_localhost_task(self):
return super(ActionModule, self).run(tmp, task_vars)
source = self._task.args.get('src', None)
dest = self._task.args.get('dest', None)
mode = self._task.args.get('mode', 'push')
if 'rsync_opts' not in self._task.args:
self._task.args['rsync_opts'] = []
if '--safe-links' not in self._task.args['rsync_opts']:
self._task.args['rsync_opts'].append('--safe-links')
if mode == 'push' and not paths._is_safe_path(
source, allow_trusted=True):
return paths._fail_dict(source, prefix='Syncing files from')
if mode == 'pull' and not paths._is_safe_path(dest):
return paths._fail_dict(dest, prefix='Syncing files to')
return super(ActionModule, self).run(tmp, task_vars)
def run(self, tmp=None, task_vars=None):
if not paths._is_official_module(self):
return paths._fail_module_dict(self._task.action)
if paths._is_localhost_task(self):
raise AnsibleError("Executing local code is prohibited")
return super(ActionModule, self).run(tmp, task_vars)
def run(self, tmp=None, task_vars=None):
if not paths._is_official_module(self):
return paths._fail_module_dict(self._task.action)
if paths._is_localhost_task(self):
paths._fail_if_unsafe(self._task.args['dest'])
return super(ActionModule, self).run(tmp, task_vars)
def run(self, tmp=None, task_vars=None):
if not paths._is_official_module(self):
return paths._fail_module_dict(self._task.action)
dest = self._task.args.get('dest', None)
if dest and not paths._is_safe_path(dest):
return paths._fail_dict(dest)
return super(ActionModule, self).run(tmp, task_vars)
def run(self, tmp=None, task_vars=None):
if not paths._is_official_module(self):
return paths._fail_module_dict(self._task.action)
if paths._is_localhost_task(self):
paths._fail_if_unsafe(self._task.args['dest'])
return super(ActionModule, self).run(tmp, task_vars)
def run(self, tmp=None, task_vars=None):
if not paths._is_official_module(self):
return paths._fail_module_dict(self._task.action)
dest = self._task.args.get('dest', None)
if dest and not paths._is_safe_path(dest):
return paths._fail_dict(dest)
return super(ActionModule, self).run(tmp, task_vars)
def run(self, tmp=None, task_vars=None):
if not paths._is_official_module(self):
return paths._fail_module_dict(self._task.action)
if paths._is_localhost_task(self):
raise AnsibleError("Executing local code is prohibited")
return super(ActionModule, self).run(tmp, task_vars)
def run(self, tmp=None, task_vars=None):
if not paths._is_official_module(self):
return paths._fail_module_dict(self._task.action)
# Note: The unarchive module reuses the copy module to copy the archive
# to the remote. Thus we don't need to check the dest here if we run
# against localhost. We also have tests that would break if this
# changes in the future.
return super(ActionModule, self).run(tmp, task_vars)
def run(self, tmp=None, task_vars=None):
if not paths._is_official_module(self):
return paths._fail_module_dict(self._task.action)
if paths._is_localhost_task(self):
for arg in ('src', 'dest'):
dest = self._task.args.get(arg)
if dest:
paths._fail_if_unsafe(dest)
return super(ActionModule, self).run(tmp, task_vars)
def run(self, tmp=None, task_vars=None):
if not paths._is_official_module(self):
return paths._fail_module_dict(self._task.action)
if paths._is_localhost_task(self):
for arg in ('src', 'dest'):
dest = self._task.args.get(arg)
if dest:
paths._fail_if_unsafe(dest)
return super(ActionModule, self).run(tmp, task_vars)
def run(self, tmp=None, task_vars=None):
if not paths._is_official_module(self):
return paths._fail_module_dict(self._task.action)
source_dir = self._task.args.get('dir', None)
# This is the handling for source_dir. The source_file is handled by
# the _find_needle override.
if source_dir:
self._set_args()
self._set_root_dir()
if not paths._is_safe_path(self.source_dir, allow_trusted=True):
return paths._fail_dict(self.source_dir)
return super(ActionModule, self).run(tmp, task_vars)
def run(self, tmp=None, task_vars=None):
if not paths._is_official_module(self):
return paths._fail_module_dict(self._task.action)
source_dir = self._task.args.get('dir', None)
# This is the handling for source_dir. The source_file is handled by
# the _find_needle override.
if source_dir:
self._set_args()
self._set_root_dir()
if not paths._is_safe_path(self.source_dir, allow_trusted=True):
return paths._fail_dict(self.source_dir)
return super(ActionModule, self).run(tmp, task_vars)
def run(self, tmp=None, task_vars=None):
if not paths._is_official_module(self):
return paths._fail_module_dict(self._task.action)
if paths._is_localhost_task(self):
# The patch module has two possibilities of describing where to
# operate, basedir and dest. We need to perform the safe path check
# for both.
dirs_to_check = [
self._task.args.get('basedir'),
self._task.args.get('dest'),
]
for directory in dirs_to_check:
if directory is not None:
paths._fail_if_unsafe(directory)
return super(ActionModule, self).run(tmp, task_vars)
def run(self, tmp=None, task_vars=None):
if not paths._is_official_module(self):
return paths._fail_module_dict(self._task.action)
if paths._is_localhost_task(self):
# The patch module has two possibilities of describing where to
# operate, basedir and dest. We need to perform the safe path check
# for both.
dirs_to_check = [
self._task.args.get('basedir'),
self._task.args.get('dest'),
]
for directory in dirs_to_check:
if directory is not None:
paths._fail_if_unsafe(directory)
return super(ActionModule, self).run(tmp, task_vars)
def run(self, tmp=None, task_vars=None):
if not paths._is_official_module(self):
return paths._fail_module_dict(self._task.action)
source = self._task.args.get('src', None)
dest = self._task.args.get('dest', None)
mode = self._task.args.get('mode', 'push')
if 'rsync_opts' not in self._task.args:
self._task.args['rsync_opts'] = []
if '--safe-links' not in self._task.args['rsync_opts']:
self._task.args['rsync_opts'].append('--safe-links')
if mode == 'push' and not paths._is_safe_path(source):
return paths._fail_dict(source, prefix='Syncing files from')
if mode == 'pull' and not paths._is_safe_path(dest):
return paths._fail_dict(dest, prefix='Syncing files to')
return super(ActionModule, self).run(tmp, task_vars)
def run(self, tmp=None, task_vars=None):
if not paths._is_official_module(self):
return paths._fail_module_dict(self._task.action)
if paths._is_localhost_task(self):
for arg in ('src', 'dest'):
dest = self._task.args.get(arg)
if dest:
paths._fail_if_unsafe(dest)
scheme = urlparse(self._task.args['url']).scheme
if scheme not in ALLOWED_URL_SCHEMES:
raise AnsibleError(
"{scheme} urls are not allowed from localhost."
" Only {allowed_schemes} are allowed".format(
scheme=scheme,
allowed_schemes=ALLOWED_URL_SCHEMES))
return super(ActionModule, self).run(tmp, task_vars)
def run(self, tmp=None, task_vars=None):
if not paths._is_official_module(self):
return paths._fail_module_dict(self._task.action)
return super(ActionModule, self).run(tmp, task_vars)
def run(self, tmp=None, task_vars=None):
if not paths._is_official_module(self):
return paths._fail_module_dict(self._task.action)
return super(ActionModule, self).run(tmp, task_vars)
