ansible/CVE-2019-10206-data-disclosure.patch

From 7138a35c2da6394accc48ccdd642a8768866170d Mon Sep 17 00:00:00 2001
From: Brian Coca <bcoca@users.noreply.github.com>
Date: Wed, 24 Jul 2019 16:00:20 -0400
Subject: [PATCH] prevent templating of passwords from prompt (#59246)

* prevent templating of passwords from prompt

  fixes CVE-2019-10206

(cherry picked from commit e9a37f8e3171105941892a86a1587de18126ec5b)
---
 .../fragments/dont_template_passwords_from_prompt.yml |  2 ++
 lib/ansible/cli/__init__.py                           |  8 ++++++++
 lib/ansible/utils/unsafe_proxy.py                     | 11 +++++++----
 3 files changed, 17 insertions(+), 4 deletions(-)
 create mode 100644 changelogs/fragments/dont_template_passwords_from_prompt.yml

--- /dev/null
+++ b/changelogs/fragments/dont_template_passwords_from_prompt.yml
@@ -0,0 +1,2 @@
+bugfixes:
+    - resolves CVE-2019-10206, by avoiding templating passwords from prompt as it is probable they have special characters.
--- a/lib/ansible/cli/__init__.py
+++ b/lib/ansible/cli/__init__.py
@@ -29,6 +29,7 @@ from ansible.release import __version__
 from ansible.utils.collection_loader import set_collection_playbook_paths
 from ansible.utils.display import Display
 from ansible.utils.path import unfrackpath
+from ansible.utils.unsafe_proxy import AnsibleUnsafeBytes
 from ansible.vars.manager import VariableManager
 
 
@@ -276,6 +277,13 @@ class CLI(with_metaclass(ABCMeta, object
         except EOFError:
             pass
 
+        # we 'wrap' the passwords to prevent templating as
+        # they can contain special chars and trigger it incorrectly
+        if sshpass:
+            sshpass = AnsibleUnsafeBytes(sshpass)
+        if becomepass:
+            becomepass = AnsibleUnsafeBytes(becomepass)
+
         return (sshpass, becomepass)
 
     def validate_conflicts(self, op, vault_opts=False, runas_opts=False, fork_opts=False, vault_rekey_opts=False):
--- a/lib/ansible/utils/unsafe_proxy.py
+++ b/lib/ansible/utils/unsafe_proxy.py
@@ -53,7 +53,7 @@
 from __future__ import (absolute_import, division, print_function)
 __metaclass__ = type
 
-from ansible.module_utils.six import string_types, text_type
+from ansible.module_utils.six import string_types, text_type, binary_type
 from ansible.module_utils._text import to_text
 from ansible.module_utils.common._collections_compat import Mapping, MutableSequence, Set
 
@@ -69,15 +69,18 @@ class AnsibleUnsafeText(text_type, Ansib
     pass
 
 
+class AnsibleUnsafeBytes(binary_type, AnsibleUnsafe):
+    pass
+
+
 class UnsafeProxy(object):
     def __new__(cls, obj, *args, **kwargs):
         # In our usage we should only receive unicode strings.
         # This conditional and conversion exists to sanity check the values
         # we're given but we may want to take it out for testing and sanitize
         # our input instead.
-        if isinstance(obj, string_types):
-            obj = to_text(obj, errors='surrogate_or_strict')
-            return AnsibleUnsafeText(obj)
+        if isinstance(obj, string_types) and not isinstance(obj, AnsibleUnsafeBytes):
+            obj = AnsibleUnsafeText(to_text(obj, errors='surrogate_or_strict'))
         return obj
Accepting request 721576 from home:mcepl:branches:systemsmanagement - Update to version 2.8.3: Full changelog is packaged, but also at https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst - (bsc#1142690) Adds CVE-2019-10206-data-disclosure.patch fixing CVE-2019-10206: ansible-playbook -k and ansible cli tools prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them. - (bsc#1144453) Adds CVE-2019-10217-gcp-modules-sensitive-fields.patch CVE-2019-10217: Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks. OBS-URL: https://build.opensuse.org/request/show/721576 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=143 2019-08-08 16:01:06 +02:00			`From 7138a35c2da6394accc48ccdd642a8768866170d Mon Sep 17 00:00:00 2001`
			`From: Brian Coca <bcoca@users.noreply.github.com>`
			`Date: Wed, 24 Jul 2019 16:00:20 -0400`
			`Subject: [PATCH] prevent templating of passwords from prompt (#59246)`

			`* prevent templating of passwords from prompt`

			`fixes CVE-2019-10206`

			`(cherry picked from commit e9a37f8e3171105941892a86a1587de18126ec5b)`
			`---`
			`.../fragments/dont_template_passwords_from_prompt.yml \| 2 ++`
			`lib/ansible/cli/__init__.py \| 8 ++++++++`
			`lib/ansible/utils/unsafe_proxy.py \| 11 +++++++----`
			`3 files changed, 17 insertions(+), 4 deletions(-)`
			`create mode 100644 changelogs/fragments/dont_template_passwords_from_prompt.yml`

			`--- /dev/null`
			`+++ b/changelogs/fragments/dont_template_passwords_from_prompt.yml`
			`@@ -0,0 +1,2 @@`
			`+bugfixes:`
			`+ - resolves CVE-2019-10206, by avoiding templating passwords from prompt as it is probable they have special characters.`
			`--- a/lib/ansible/cli/__init__.py`
			`+++ b/lib/ansible/cli/__init__.py`
			`@@ -29,6 +29,7 @@ from ansible.release import __version__`
			`from ansible.utils.collection_loader import set_collection_playbook_paths`
			`from ansible.utils.display import Display`
			`from ansible.utils.path import unfrackpath`
			`+from ansible.utils.unsafe_proxy import AnsibleUnsafeBytes`
			`from ansible.vars.manager import VariableManager`


			`@@ -276,6 +277,13 @@ class CLI(with_metaclass(ABCMeta, object`
			`except EOFError:`
			`pass`

			`+ # we 'wrap' the passwords to prevent templating as`
			`+ # they can contain special chars and trigger it incorrectly`
			`+ if sshpass:`
			`+ sshpass = AnsibleUnsafeBytes(sshpass)`
			`+ if becomepass:`
			`+ becomepass = AnsibleUnsafeBytes(becomepass)`
			`+`
			`return (sshpass, becomepass)`

			`def validate_conflicts(self, op, vault_opts=False, runas_opts=False, fork_opts=False, vault_rekey_opts=False):`
			`--- a/lib/ansible/utils/unsafe_proxy.py`
			`+++ b/lib/ansible/utils/unsafe_proxy.py`
			`@@ -53,7 +53,7 @@`
			`from __future__ import (absolute_import, division, print_function)`
			`__metaclass__ = type`

			`-from ansible.module_utils.six import string_types, text_type`
			`+from ansible.module_utils.six import string_types, text_type, binary_type`
			`from ansible.module_utils._text import to_text`
			`from ansible.module_utils.common._collections_compat import Mapping, MutableSequence, Set`

			`@@ -69,15 +69,18 @@ class AnsibleUnsafeText(text_type, Ansib`
			`pass`


			`+class AnsibleUnsafeBytes(binary_type, AnsibleUnsafe):`
			`+ pass`
			`+`
			`+`
			`class UnsafeProxy(object):`
			`def __new__(cls, obj, args, *kwargs):`
			`# In our usage we should only receive unicode strings.`
			`# This conditional and conversion exists to sanity check the values`
			`# we're given but we may want to take it out for testing and sanitize`
			`# our input instead.`
			`- if isinstance(obj, string_types):`
			`- obj = to_text(obj, errors='surrogate_or_strict')`
			`- return AnsibleUnsafeText(obj)`
			`+ if isinstance(obj, string_types) and not isinstance(obj, AnsibleUnsafeBytes):`
			`+ obj = AnsibleUnsafeText(to_text(obj, errors='surrogate_or_strict'))`
			`return obj`