From 10a4a4e986e783cff17357d8bac86da84693323d Mon Sep 17 00:00:00 2001 From: Toshio Kuratomi Date: Sat, 3 Oct 2015 18:07:27 -0700 Subject: [PATCH] Quote any file paths that we have to use with dd to copy. This is because we pass the whole dd command string into the shell that's running on the contained environment rather than running it directly from python via subprocess without a shell. --- lib/ansible/plugins/connection/chroot.py | 5 +++-- lib/ansible/plugins/connection/docker.py | 2 ++ lib/ansible/plugins/connection/jail.py | 5 +++-- lib/ansible/plugins/connection/libvirt_lxc.py | 5 +++-- lib/ansible/plugins/connection/zone.py | 5 +++-- 5 files changed, 14 insertions(+), 8 deletions(-) diff --git a/lib/ansible/plugins/connection/chroot.py b/lib/ansible/plugins/connection/chroot.py index 34a38a31c6..e71cb394e0 100644 --- a/lib/ansible/plugins/connection/chroot.py +++ b/lib/ansible/plugins/connection/chroot.py @@ -22,6 +22,7 @@ __metaclass__ = type import distutils.spawn import os import os.path +import pipes import subprocess import traceback @@ -117,7 +118,7 @@ class Connection(ConnectionBase): super(Connection, self).put_file(in_path, out_path) self._display.vvv("PUT %s TO %s" % (in_path, out_path), host=self.chroot) - out_path = self._prefix_login_path(out_path) + out_path = pipes.quote(self._prefix_login_path(out_path)) try: with open(in_path, 'rb') as in_file: try: @@ -139,7 +140,7 @@ class Connection(ConnectionBase): super(Connection, self).fetch_file(in_path, out_path) self._display.vvv("FETCH %s TO %s" % (in_path, out_path), host=self.chroot) - in_path = self._prefix_login_path(in_path) + in_path = pipes.quote(self._prefix_login_path(in_path)) try: p = self._buffered_exec_command('dd if=%s bs=%s' % (in_path, BUFSIZE)) except OSError: diff --git a/lib/ansible/plugins/connection/docker.py b/lib/ansible/plugins/connection/docker.py index d588519522..651c3fa95d 100644 --- a/lib/ansible/plugins/connection/docker.py +++ b/lib/ansible/plugins/connection/docker.py @@ -27,6 +27,7 @@ __metaclass__ = type import distutils.spawn import os import os.path +import pipes import subprocess import re @@ -154,6 +155,7 @@ class Connection(ConnectionBase): if p.returncode != 0: raise AnsibleError("failed to transfer file %s to %s:\n%s\n%s" % (in_path, out_path, stdout, stderr)) else: + out_path = pipes.quote(out_path) # Older docker doesn't have native support for copying files into # running containers, so we use docker exec to implement this executable = C.DEFAULT_EXECUTABLE.split()[0] if C.DEFAULT_EXECUTABLE else '/bin/sh' diff --git a/lib/ansible/plugins/connection/jail.py b/lib/ansible/plugins/connection/jail.py index c828d67494..00ac447682 100644 --- a/lib/ansible/plugins/connection/jail.py +++ b/lib/ansible/plugins/connection/jail.py @@ -23,6 +23,7 @@ __metaclass__ = type import distutils.spawn import os import os.path +import pipes import subprocess import traceback @@ -144,7 +145,7 @@ class Connection(ConnectionBase): super(Connection, self).put_file(in_path, out_path) self._display.vvv("PUT %s TO %s" % (in_path, out_path), host=self.jail) - out_path = self._prefix_login_path(out_path) + out_path = pipes.quote(self._prefix_login_path(out_path)) try: with open(in_path, 'rb') as in_file: try: @@ -166,7 +167,7 @@ class Connection(ConnectionBase): super(Connection, self).fetch_file(in_path, out_path) self._display.vvv("FETCH %s TO %s" % (in_path, out_path), host=self.jail) - in_path = self._prefix_login_path(in_path) + in_path = pipes.quote(self._prefix_login_path(in_path)) try: p = self._buffered_exec_command('dd if=%s bs=%s' % (in_path, BUFSIZE)) except OSError: diff --git a/lib/ansible/plugins/connection/libvirt_lxc.py b/lib/ansible/plugins/connection/libvirt_lxc.py index c0c3cc153d..2ff6fbe89d 100644 --- a/lib/ansible/plugins/connection/libvirt_lxc.py +++ b/lib/ansible/plugins/connection/libvirt_lxc.py @@ -23,6 +23,7 @@ __metaclass__ = type import distutils.spawn import os import os.path +import pipes import subprocess from ansible import constants as C @@ -116,7 +117,7 @@ class Connection(ConnectionBase): super(Connection, self).put_file(in_path, out_path) self._display.vvv("PUT %s TO %s" % (in_path, out_path), host=self.lxc) - out_path = self._prefix_login_path(out_path) + out_path = pipes.quote(self._prefix_login_path(out_path)) try: with open(in_path, 'rb') as in_file: try: @@ -138,7 +139,7 @@ class Connection(ConnectionBase): super(Connection, self).fetch_file(in_path, out_path) self._display.vvv("FETCH %s TO %s" % (in_path, out_path), host=self.lxc) - in_path = self._prefix_login_path(in_path) + in_path = pipes.quote(self._prefix_login_path(in_path)) try: p = self._buffered_exec_command('dd if=%s bs=%s' % (in_path, BUFSIZE)) except OSError: diff --git a/lib/ansible/plugins/connection/zone.py b/lib/ansible/plugins/connection/zone.py index f4fee5ccb0..5d6dafca36 100644 --- a/lib/ansible/plugins/connection/zone.py +++ b/lib/ansible/plugins/connection/zone.py @@ -24,6 +24,7 @@ __metaclass__ = type import distutils.spawn import os import os.path +import pipes import subprocess import traceback @@ -157,7 +158,7 @@ class Connection(ConnectionBase): super(Connection, self).put_file(in_path, out_path) self._display.vvv("PUT %s TO %s" % (in_path, out_path), host=self.zone) - out_path = self._prefix_login_path(out_path) + out_path = pipes.quote(self._prefix_login_path(out_path)) try: with open(in_path, 'rb') as in_file: try: @@ -179,7 +180,7 @@ class Connection(ConnectionBase): super(Connection, self).fetch_file(in_path, out_path) self._display.vvv("FETCH %s TO %s" % (in_path, out_path), host=self.zone) - in_path = self._prefix_login_path(in_path) + in_path = pipes.quote(self._prefix_login_path(in_path)) try: p = self._buffered_exec_command('dd if=%s bs=%s' % (in_path, BUFSIZE)) except OSError: