* [stable-2.7] Fix checksum file parsing in get_url (#53685)
* Fix checksum file parsing. Fixes #48790
* guard invalid int conversion
Co-Authored-By: sivel <matt@sivel.net>
* Remove extra newline.
(cherry picked from commit 77217fdd24
)
Co-authored-by: Matt Martz <matt@sivel.net>
* Remove use of undefined variable
This commit is contained in:
parent
81d893d6ee
commit
166ef9f668
2 changed files with 37 additions and 25 deletions
4
changelogs/fragments/get_url-checksum.yaml
Normal file
4
changelogs/fragments/get_url-checksum.yaml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
bugfixes:
|
||||||
|
- get_url - Fix issue with checksum validation when using a file to ensure we skip lines in the file that
|
||||||
|
do not contain exactly 2 parts. Also restrict exception handling to the minimum number of
|
||||||
|
necessary lines (https://github.com/ansible/ansible/issues/48790)
|
|
@ -443,34 +443,42 @@ def main():
|
||||||
if checksum:
|
if checksum:
|
||||||
try:
|
try:
|
||||||
algorithm, checksum = checksum.split(':', 1)
|
algorithm, checksum = checksum.split(':', 1)
|
||||||
if checksum.startswith('http://') or checksum.startswith('https://') or checksum.startswith('ftp://'):
|
|
||||||
checksum_url = checksum
|
|
||||||
# download checksum file to checksum_tmpsrc
|
|
||||||
checksum_tmpsrc, checksum_info = url_get(module, checksum_url, dest, use_proxy, last_mod_time, force, timeout, headers, tmp_dest)
|
|
||||||
with open(checksum_tmpsrc) as f:
|
|
||||||
lines = [line.rstrip('\n') for line in f]
|
|
||||||
os.remove(checksum_tmpsrc)
|
|
||||||
lines = dict(s.split(None, 1) for s in lines)
|
|
||||||
filename = url_filename(url)
|
|
||||||
|
|
||||||
# Look through each line in the checksum file for a hash corresponding to
|
|
||||||
# the filename in the url, returning the first hash that is found.
|
|
||||||
for cksum in (s for (s, f) in lines.items() if f.strip('./') == filename):
|
|
||||||
checksum = cksum
|
|
||||||
break
|
|
||||||
else:
|
|
||||||
checksum = None
|
|
||||||
|
|
||||||
if checksum is None:
|
|
||||||
module.fail_json("Unable to find a checksum for file '%s' in '%s'" % (filename, checksum_url))
|
|
||||||
# Remove any non-alphanumeric characters, including the infamous
|
|
||||||
# Unicode zero-width space
|
|
||||||
checksum = re.sub(r'\W+', '', checksum).lower()
|
|
||||||
# Ensure the checksum portion is a hexdigest
|
|
||||||
int(checksum, 16)
|
|
||||||
except ValueError:
|
except ValueError:
|
||||||
module.fail_json(msg="The checksum parameter has to be in format <algorithm>:<checksum>")
|
module.fail_json(msg="The checksum parameter has to be in format <algorithm>:<checksum>")
|
||||||
|
|
||||||
|
if checksum.startswith('http://') or checksum.startswith('https://') or checksum.startswith('ftp://'):
|
||||||
|
checksum_url = checksum
|
||||||
|
# download checksum file to checksum_tmpsrc
|
||||||
|
checksum_tmpsrc, checksum_info = url_get(module, checksum_url, dest, use_proxy, last_mod_time, force, timeout, headers, tmp_dest)
|
||||||
|
with open(checksum_tmpsrc) as f:
|
||||||
|
lines = [line.rstrip('\n') for line in f]
|
||||||
|
os.remove(checksum_tmpsrc)
|
||||||
|
checksum_map = {}
|
||||||
|
for line in lines:
|
||||||
|
parts = line.split(None, 1)
|
||||||
|
if len(parts) == 2:
|
||||||
|
checksum_map[parts[0]] = parts[1]
|
||||||
|
filename = url_filename(url)
|
||||||
|
|
||||||
|
# Look through each line in the checksum file for a hash corresponding to
|
||||||
|
# the filename in the url, returning the first hash that is found.
|
||||||
|
for cksum in (s for (s, f) in checksum_map.items() if f.strip('./') == filename):
|
||||||
|
checksum = cksum
|
||||||
|
break
|
||||||
|
else:
|
||||||
|
checksum = None
|
||||||
|
|
||||||
|
if checksum is None:
|
||||||
|
module.fail_json(msg="Unable to find a checksum for file '%s' in '%s'" % (filename, checksum_url))
|
||||||
|
# Remove any non-alphanumeric characters, including the infamous
|
||||||
|
# Unicode zero-width space
|
||||||
|
checksum = re.sub(r'\W+', '', checksum).lower()
|
||||||
|
# Ensure the checksum portion is a hexdigest
|
||||||
|
try:
|
||||||
|
int(checksum, 16)
|
||||||
|
except ValueError:
|
||||||
|
module.fail_json(msg='The checksum format is invalid')
|
||||||
|
|
||||||
if not dest_is_dir and os.path.exists(dest):
|
if not dest_is_dir and os.path.exists(dest):
|
||||||
checksum_mismatch = False
|
checksum_mismatch = False
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue