Remove vendored copy of ipaddress (#287)

* Remove vendored copy of ipaddress. * Forgot an import. * Remove sanity ignores and checks related to ipaddress. * Remove octal IPv4 address. Such IPs are no longer accepted by ipaddress in Python's standard library (CVE-2021-29921). * Remove unused import. Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua> Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
2026-05-06 21:33:00 +00:00 · 2021-10-06 14:53:40 +02:00
parent ed03841fd1
commit 871a185ecb
14 changed files with 27 additions and 2763 deletions
--- a/plugins/module_utils/acme/acme.py
+++ b/plugins/module_utils/acme/acme.py
@@ -12,6 +12,7 @@ import copy
 import datetime
 import json
 import locale
+import traceback

 from ansible.module_utils.basic import missing_required_lib
 from ansible.module_utils.urls import fetch_url
@@ -38,6 +39,14 @@ from ansible_collections.community.crypto.plugins.module_utils.acme.utils import
    nopad_b64,
 )

+try:
+    import ipaddress
+except ImportError:
+    HAS_IPADDRESS = False
+    IPADDRESS_IMPORT_ERROR = traceback.format_exc()
+else:
+    HAS_IPADDRESS = True
+

 def _assert_fetch_url_success(module, response, info, allow_redirect=False, allow_client_error=True, allow_server_error=True):
    if info['status'] < 0:
@@ -327,6 +336,9 @@ def get_default_argspec():


 def create_backend(module, needs_acme_v2):
+    if not HAS_IPADDRESS:
+        module.fail_json(msg=missing_required_lib('ipaddress'), exception=IPADDRESS_IMPORT_ERROR)
+
    backend = module.params['select_crypto_backend']

    # Backend autodetect
--- a/plugins/module_utils/acme/backend_openssl_cli.py
+++ b/plugins/module_utils/acme/backend_openssl_cli.py
@@ -29,7 +29,10 @@ from ansible_collections.community.crypto.plugins.module_utils.acme.errors impor

 from ansible_collections.community.crypto.plugins.module_utils.acme.utils import nopad_b64

-from ansible_collections.community.crypto.plugins.module_utils.compat import ipaddress as compat_ipaddress
+try:
+    import ipaddress
+except ImportError:
+    pass


 _OPENSSL_ENVIRONMENT_UPDATE = dict(LANG='C', LC_ALL='C', LC_MESSAGES='C', LC_CTYPE='C')
@@ -216,7 +219,7 @@ class OpenSSLCLIBackend(CryptoBackend):
    @staticmethod
    def _normalize_ip(ip):
        try:
-            return to_native(compat_ipaddress.ip_address(to_text(ip)).compressed)
+            return to_native(ipaddress.ip_address(to_text(ip)).compressed)
        except ValueError:
            # We don't want to error out on something IPAddress() can't parse
            return ip
--- a/plugins/module_utils/acme/challenges.py
+++ b/plugins/module_utils/acme/challenges.py
@@ -16,8 +16,6 @@ import time

 from ansible.module_utils.common.text.converters import to_bytes

-from ansible_collections.community.crypto.plugins.module_utils.compat import ipaddress as compat_ipaddress
-
 from ansible_collections.community.crypto.plugins.module_utils.acme.utils import (
    nopad_b64,
 )
@@ -28,6 +26,11 @@ from ansible_collections.community.crypto.plugins.module_utils.acme.errors impor
    ModuleFailException,
 )

+try:
+    import ipaddress
+except ImportError:
+    pass
+

 def create_key_authorization(client, token):
    '''
@@ -110,7 +113,7 @@ class Challenge(object):
            # https://www.rfc-editor.org/rfc/rfc8737.html#section-3
            if identifier_type == 'ip':
                # IPv4/IPv6 address: use reverse mapping (RFC1034, RFC3596)
-                resource = compat_ipaddress.ip_address(identifier).reverse_pointer
+                resource = ipaddress.ip_address(identifier).reverse_pointer
                if not resource.endswith('.'):
                    resource += '.'
            else:
--- a/plugins/module_utils/compat/ipaddress.py
+++ b/plugins/module_utils/compat/ipaddress.py