ansible/examples
James Cammarata a1886911fc Fixing security issue with lookup returns not tainting the jinja2 environment
CVE-2017-7481

Lookup returns wrap the result in unsafe, however when used through the
standard templar engine, this does not result in the jinja2 environment being
marked as unsafe as a whole. This means the lookup result looses the unsafe
protection and may become simple unicode strings, which can result in bad
things being re-templated.

This also adds a global lookup param and cfg options for lookups to allow
unsafe returns, so users can force the previous (insecure) behavior.

(cherry picked from commit 72dfb1570d22ac519350a8c09e76c458789120ed)
2017-05-08 11:11:47 -05:00
..
playbooks Wrong target for link? 2013-07-24 15:36:21 -07:00
scripts Remove useless # in comment (#21609) 2017-02-18 11:43:04 +00:00
ansible.cfg Fixing security issue with lookup returns not tainting the jinja2 environment 2017-05-08 11:11:47 -05:00
DOCUMENTATION.yml How to document your module (#21021) 2017-02-10 12:15:55 +00:00
hosts comment examples in default hosts file 2015-12-04 16:24:19 -05:00
hosts.yaml updated better yaml host examples 2017-03-08 14:51:52 -05:00
hosts.yml linked cause people forget yaml and yml exist 2016-09-08 14:18:10 -04:00