summaryrefslogtreecommitdiff
path: root/test/integration/targets/ansible-galaxy-role/tasks/dir-traversal.yml
blob: 1c17daf7dd4eafbe1b47f1c58e9c6595d87c2363 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130

- name: create test directories
  file:
    path: '{{ remote_tmp_dir }}/dir-traversal/{{ item }}'
    state: directory
  loop:
    - source
    - target
    - roles

- name: create test content
  copy:
    dest: '{{ remote_tmp_dir }}/dir-traversal/source/content.txt'
    content: |
      some content to write

- name: build dangerous dir traversal role
  script:
    chdir: '{{ remote_tmp_dir }}/dir-traversal/source'
    cmd: create-role-archive.py dangerous.tar content.txt {{ remote_tmp_dir }}/dir-traversal/target/target-file-to-overwrite.txt
    executable: '{{ ansible_playbook_python }}'

- name: install dangerous role
  command:
    cmd: ansible-galaxy role install --roles-path '{{ remote_tmp_dir }}/dir-traversal/roles' dangerous.tar
    chdir: '{{ remote_tmp_dir }}/dir-traversal/source'
  environment:
    ANSIBLE_NOCOLOR: True
    ANSIBLE_FORCE_COLOR: False
  ignore_errors: true
  register: galaxy_install_dangerous

- name: check for overwritten file
  stat:
    path: '{{ remote_tmp_dir }}/dir-traversal/target/target-file-to-overwrite.txt'
  register: dangerous_overwrite_stat

- name: get overwritten content
  slurp:
    path: '{{ remote_tmp_dir }}/dir-traversal/target/target-file-to-overwrite.txt'
  register: dangerous_overwrite_content
  when: dangerous_overwrite_stat.stat.exists

- assert:
    that:
      - dangerous_overwrite_content.content|default('')|b64decode == ''
      - not dangerous_overwrite_stat.stat.exists
      - galaxy_install_dangerous is failed
      - "'is not a subpath of the role' in (galaxy_install_dangerous.stderr | regex_replace('\n', ' '))"

- name: remove tarfile for next test
  file:
    path: '{{ item }}'
    state: absent
  loop:
    - '{{ remote_tmp_dir }}/dir-traversal/source/dangerous.tar'
    - '{{ remote_tmp_dir }}/dir-traversal/roles/dangerous.tar'

- name: build dangerous dir traversal role that includes .. in the symlink path
  script:
    chdir: '{{ remote_tmp_dir }}/dir-traversal/source'
    cmd: create-role-archive.py dangerous.tar content.txt {{ remote_tmp_dir }}/dir-traversal/source/../target/target-file-to-overwrite.txt
    executable: '{{ ansible_playbook_python }}'

- name: install dangerous role
  command:
    cmd: 'ansible-galaxy role install --roles-path {{ remote_tmp_dir }}/dir-traversal/roles dangerous.tar'
    chdir: '{{ remote_tmp_dir }}/dir-traversal/source'
  environment:
    ANSIBLE_NOCOLOR: True
    ANSIBLE_FORCE_COLOR: False
  ignore_errors: true
  register: galaxy_install_dangerous

- name: check for overwritten file
  stat:
    path: '{{ remote_tmp_dir }}/dir-traversal/target/target-file-to-overwrite.txt'
  register: dangerous_overwrite_stat

- name: get overwritten content
  slurp:
    path: '{{ remote_tmp_dir }}/dir-traversal/target/target-file-to-overwrite.txt'
  register: dangerous_overwrite_content
  when: dangerous_overwrite_stat.stat.exists

- assert:
    that:
      - dangerous_overwrite_content.content|default('')|b64decode == ''
      - not dangerous_overwrite_stat.stat.exists
      - galaxy_install_dangerous is failed
      - "'is not a subpath of the role' in (galaxy_install_dangerous.stderr | regex_replace('\n', ' '))"

- name: remove tarfile for next test
  file:
    path: '{{ remote_tmp_dir }}/dir-traversal/source/dangerous.tar'
    state: absent

- name: build dangerous dir traversal role that includes .. in the relative symlink path
  script:
    chdir: '{{ remote_tmp_dir }}/dir-traversal/source'
    cmd: create-role-archive.py dangerous_rel.tar content.txt ../context.txt

- name: install dangerous role with relative symlink
  command:
    cmd: 'ansible-galaxy role install --roles-path {{ remote_tmp_dir }}/dir-traversal/roles dangerous_rel.tar'
    chdir: '{{ remote_tmp_dir }}/dir-traversal/source'
  environment:
    ANSIBLE_NOCOLOR: True
    ANSIBLE_FORCE_COLOR: False
  ignore_errors: true
  register: galaxy_install_dangerous

- name: check for symlink outside role
  stat:
    path: "{{ remote_tmp_dir | realpath }}/dir-traversal/roles/symlink"
  register: symlink_outside_role

- assert:
    that:
      - not symlink_outside_role.stat.exists
      - galaxy_install_dangerous is failed
      - "'is not a subpath of the role' in (galaxy_install_dangerous.stderr | regex_replace('\n', ' '))"

- name: remove test directories
  file:
    path: '{{ remote_tmp_dir }}/dir-traversal/{{ item }}'
    state: absent
  loop:
    - source
    - target
    - roles
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-02 15:39:49 +0000