foreman icon indicating copy to clipboard operation
foreman copied to clipboard

Published 20 hours ago verified publisher icon theforeman

Fixes #35530 - Make save_to_file macro safer

Open adamruzicka opened this issue 1 year ago • 3 comments

End to end example:

Use this job template

<%#
name: eof
snippet: false
template_inputs:
- name: script
  required: false
  input_type: user
  advanced: false
  value_type: plain
  resource_type: AnsibleRole
  hidden_value: false
model: JobTemplate
job_category: Miscellaneous
provider_type: script
kind: job_template
organizations:
- Default Organization
locations:
- Default Location
%>

<%= save_to_file('/tmp/test', input('script')) %>
cat /tmp/test
echo

echo "====="
chmod +x /tmp/test
/tmp/test

Run it on a host with script input using a heredoc

cat <<EOF
hello heredoc
EOF

Actual job output:

   1: /var/tmp/foreman-ssh-cmd-c252e59a-05dd-4247-96d6-8473e2a9c872/script: line 5: EOF: not found
   2: cat <<EOF
   3: hello heredoc
   4: 
   5: =====
   6: hello heredoc
   7: »Exit status: 0«

Expected job output:

   1: cat <<EOF
   2: hello heredoc
   3: EOF
   4: 
   5: =====
   6: hello heredoc
   7: »Exit status: 0«

adamruzicka avatar Sep 16 '22 09:09 adamruzicka

Issues: #35530

theforeman-bot avatar Sep 16 '22 09:09 theforeman-bot

I'm not the smartest guy in the family, but.. do we actually add empty spaces just to remove them later as a solution?

ofedoren avatar Sep 16 '22 15:09 ofedoren

I'm not proud of this one, but it does the trick. Alternatively we could check if the terminator save_to_file wants to use is already present in $content and if yes, pick a different one (and repeat until we find one that's available).

adamruzicka avatar Sep 16 '22 15:09 adamruzicka

ok to test

ofedoren avatar Sep 26 '22 14:09 ofedoren