ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-05-30 12:59:09 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

caution tape on makedirs_safe (#55241)

Browse source 
* removed usages in winrm/psrp to be consistent with other connection plugins
This commit is contained in:
Matt Davis 2019-04-24 08:37:34 -07:00 committed by Brian Coca
parent 3f0900f504
commit e38881410f
4 changed files with 13 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

12
lib/ansible/utils/path.py
View file

@ -60,11 +60,17 @@ def unfrackpath(path, follow=True, basedir=None):
def makedirs_safe(path, mode=None):
'''Safe way to create dirs in muliprocess/thread environments.
'''
A *potentially insecure* way to ensure the existence of a directory chain. The "safe" in this function's name
refers only to its ability to ignore `EEXIST` in the case of multiple callers operating on the same part of
the directory chain. This function is not safe to use under world-writable locations when the first level of the
path to be created contains a predictable component. Always create a randomly-named element first if there is any
chance the parent directory might be world-writable (eg, /tmp) to prevent symlink hijacking and potential
disclosure or modification of sensitive file contents.
:arg path: A byte or text string representing a directory to be created
:arg path: A byte or text string representing a directory chain to be created
:kwarg mode: If given, the mode to set the directory to
:raises AnsibleError: If the directory cannot be created and does not already exists.
:raises AnsibleError: If the directory cannot be created and does not already exist.
:raises UnicodeDecodeError: if the path is not decodable in the utf-8 encoding.
'''