wbrawner/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ansible/docsite/rst
History
James Cammarata fd30f53289 Fixing security issue with lookup returns not tainting the jinja2 environment 
CVE-2017-7481

Lookup returns wrap the result in unsafe, however when used through the
standard templar engine, this does not result in the jinja2 environment being
marked as unsafe as a whole. This means the lookup result looses the unsafe
protection and may become simple unicode strings, which can result in bad
things being re-templated.

This also adds a global lookup param and cfg options for lookups to allow
unsafe returns, so users can force the previous (insecure) behavior.

(cherry picked from commit 72dfb1570d22ac519350a8c09e76c458789120ed)
(cherry picked from commit fadccda7c7a2e8d0650f4dee8e3cea93cf17acfd)
2017-05-08 15:59:55 -05:00
..
modules
ansible_ssh_changes_note.rst removed repetition of note and replaced with an include directive 2015-10-12 11:41:09 -04:00
become.rst add centrify dzdo escalation (#15219) 2016-04-25 11:24:26 -04:00
committer_guidelines.rst Add @willthames to committer list (#15454) 2016-04-18 15:09:30 -04:00
common_return_values.rst start of merge from google doc and team comments, module guidelines as focus, added a link anchor as needed 2016-04-13 13:51:25 -04:00
community.rst Change <support@ansible.com> - it's being retired. 2016-10-15 16:47:15 -07:00
developing.rst Core module program flow and glossary (#15355) 2016-04-11 15:24:37 -07:00
developing_api.rst extended api example with more options in tasks 2016-02-13 20:15:56 -05:00
developing_inventory.rst
developing_modules.rst Update Program flow documentation for new way that ziploader works 2016-04-24 20:46:05 -07:00
developing_plugins.rst Updated with bcoca's feedback 2016-03-25 16:08:39 -05:00
developing_program_flow_modules.rst Update Program flow documentation for new way that ziploader works 2016-04-24 20:46:05 -07:00
developing_releases.rst corrected section anchors 2015-12-12 12:59:00 -05:00
developing_test_pr.rst A few more typos 2016-02-05 18:38:56 +01:00
faq.rst Fix typo in FAQ (#15472) 2016-04-19 11:24:51 -04:00
galaxy.rst Fixed typo: Integerations -> Integrations 2016-01-09 22:34:03 +00:00
glossary.rst Core module program flow and glossary (#15355) 2016-04-11 15:24:37 -07:00
guide_aws.rst Add link to both Ansible local and Ansible remote provisioner introduced in Packer 0.9.0 (#15335) 2016-04-08 10:55:23 -04:00
guide_azure.rst Upgrade to azure 2.0.0rc5 and add locations parameter. 2016-07-09 01:59:23 -04:00
guide_cloudstack.rst docsite, cloudstack: add limited VPC support 2016-03-10 11:41:17 +01:00
guide_docker.rst Fix typo. 2016-05-18 15:12:42 -04:00
guide_gce.rst Update GCE module to use JSON credentials (#13623) 2016-05-12 09:14:51 -07:00
guide_rax.rst Fix up rst formatting 2015-11-03 17:29:02 -08:00
guide_rolling_upgrade.rst
guide_vagrant.rst Documentation: Update the Vagrant Guide 2015-11-20 21:50:41 +01:00
guides.rst Adding getting started guide for Docker 2016-04-29 01:25:06 -04:00
index.rst Updated versions with current released and development 2016-02-27 12:39:58 +01:00
intro.rst
intro_adhoc.rst updated intro adhoc to use become 2016-01-29 17:46:18 -05:00
intro_bsd.rst grammar fixes; capitalize where necessary; general clean-up 2016-01-28 21:58:49 +13:00
intro_configuration.rst Fixing security issue with lookup returns not tainting the jinja2 environment 2017-05-08 15:59:55 -05:00
intro_dynamic_inventory.rst Merge pull request #11642 from quentinsf/inventory_ignores 2016-03-17 10:11:07 +05:30
intro_getting_started.rst Fixing typo depricated for deprecated. 2016-01-27 23:22:27 -08:00
intro_installation.rst Add installing with pip from git (#15366) 2016-04-11 11:35:58 -04:00
intro_inventory.rst Document connection types (#15155) 2016-04-19 18:39:48 -04:00
intro_patterns.rst Corrected group separator 2015-11-30 21:44:18 -06:00
intro_windows.rst Merge pull request #13377 from bruceharbin/patch-1 2016-03-21 07:28:48 -07:00
modules.rst
modules_core.rst Fix typo in modules_core.rst 2015-11-24 12:49:15 -07:00
modules_extra.rst Fixing a small typo 2015-09-16 11:00:19 -08:00
modules_intro.rst
playbooks.rst
playbooks_acceleration.rst
playbooks_advanced_syntax.rst Fix quoting issue in example (#15589) 2016-04-25 17:53:58 -04:00
playbooks_async.rst
playbooks_best_practices.rst Fix server numbers in first 10 next 10 example 2016-01-22 18:50:41 +08:00
playbooks_blocks.rst doc: another block/rescue with flush_handlers (#15463) 2016-04-18 17:18:20 -04:00
playbooks_checkmode.rst adding links and anchors for links, referencing check mode 2016-04-13 13:51:29 -04:00
playbooks_conditionals.rst Add example of checking registered variable for emptiness. (#15510) 2016-04-22 16:23:17 -04:00
playbooks_debugger.rst Add debug strategy plugin (#15125) 2016-04-08 14:39:08 -04:00
playbooks_delegation.rst doc fix for delegate_to / ansible_host (issue #15546) (#15605) 2016-04-26 11:18:06 -04:00
playbooks_environment.rst removed 'bare' example in environment 2015-12-11 09:32:19 -05:00
playbooks_error_handling.rst clarified ignore_errors 2015-10-27 19:59:43 -04:00
playbooks_filters.rst updated docs with new test grammer examples 2016-01-14 12:29:02 -05:00
playbooks_filters_ipaddr.rst Details on how to convert subnet masks into CIDR 2016-01-27 12:14:50 +00:00
playbooks_intro.rst Update link target 2016-03-16 11:04:28 -07:00
playbooks_lookups.rst Add the encoding parameter to the options of csvfile (#15283) 2016-04-25 12:13:06 -04:00
playbooks_loops.rst Refer to the play_host as remote instead of local (#15307) 2016-04-25 12:16:28 -04:00
playbooks_prompts.rst
playbooks_roles.rst Update playbooks_roles.rst 2016-02-12 00:01:36 +03:00
playbooks_special_topics.rst Add debug strategy plugin (#15125) 2016-04-08 14:39:08 -04:00
playbooks_startnstep.rst
playbooks_strategies.rst Add debug strategy plugin (#15125) 2016-04-08 14:39:08 -04:00
playbooks_tags.rst fixed bad tag example 2016-02-05 15:48:56 -05:00
playbooks_variables.rst Fix variable precedence issue where set facts beat role params 2016-06-07 11:25:26 -05:00
playbooks_vault.rst make vi the default editor if no EDITOR 2016-05-02 08:45:01 -04:00
porting_guide_2.0.rst Update porting_guide_2.0.rst 2016-04-07 11:27:38 -04:00
quickstart.rst Link to /videos instead of the less obvious /resources 2016-02-11 10:34:39 -05:00
test_strategies.rst adding links and anchors for links, referencing check mode 2016-04-13 13:51:29 -04:00
tower.rst
YAMLSyntax.rst Fix a typo 2016-03-30 19:05:13 +08:00