Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: revert to using is mapping in Jinja2 #497

Merged
merged 1 commit into from
Mar 2, 2021
Merged

fix: revert to using is mapping in Jinja2 #497

merged 1 commit into from
Mar 2, 2021

Conversation

dafyddj
Copy link
Contributor

@dafyddj dafyddj commented Feb 28, 2021
edited
Loading

PR progress checklist (to be filled in by reviewers)

  • Changes to documentation are appropriate (or tick if not required)
  • Changes to tests are appropriate (or tick if not required)
  • Reviews completed

What type of PR is this?

Primary type

  • [build] Changes related to the build system
  • [chore] Changes to the build process or auxiliary tools and libraries such as documentation generation
  • [ci] Changes to the continuous integration configuration
  • [feat] A new feature
  • [fix] A bug fix
  • [perf] A code change that improves performance
  • [refactor] A code change that neither fixes a bug nor adds a feature
  • [revert] A change used to revert a previous commit
  • [style] Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc.)

Secondary type

  • [docs] Documentation changes
  • [test] Adding missing or correcting existing tests

Does this PR introduce a BREAKING CHANGE?

No.

Related issues and/or pull requests

Describe the changes you're proposing

  • In v3002.5 (and probably other patched versions), the fix for CVE-2021-25283 enables Jinja2 safe mode, which breaks use of the 'dict' in x.__class__.__name__ workaround
  • Workaround no longer needed as CentOS 6 is EOL

Pillar / config required to test the proposed changes

salt:
  master:
    ext_pillar:
      - cmd_yaml: cat /etc/salt/yaml
      - git:
          - develop https://gitserver/git-pillar.git:
              - env: base
      - reclass:
          inventory_base_uri: /etc/reclass

Debug log showing how the proposed changes work

Unable to manage file: Jinja syntax error: access to attribute '__class__' of 'list' object is unsafe.; line 1206
              
              ---
              [...]
              {%- for pillar in cfg_master['ext_pillar'] -%}
                {%- for key in pillar -%}
                  {%- if pillar[key] is string %}
                - {{ key }}: {{ pillar[key] }}
                  {#- Workaround for missing `is mapping` on CentOS 6, see #193: #}
                  {%- elif pillar[key] is iterable and 'dict' not in pillar[key].__class__.__name__ %}    <======================
                - {{ key }}:
                    {%- for parameter in pillar[key] %}
                      {%- if parameter is iterable and parameter is not string %}
                      {%- for param, children in parameter.items() %}
                  - {{ param }}:
              [...]
              ---

Documentation checklist

  • Updated the README (e.g. Available states).
  • Updated pillar.example.

Testing checklist

  • Included in Kitchen (i.e. under state_top).
  • Covered by new/existing tests (e.g. InSpec, Serverspec, etc.).
  • Updated the relevant test pillar.

Additional context

@dafyddj dafyddj requested review from myii and a team as code owners February 28, 2021 20:51
@dafyddj dafyddj marked this pull request as draft February 28, 2021 20:59
@dafyddj dafyddj force-pushed the fix/is-mapping-v3002.5 branch from f664bd7 to b951408 Compare March 2, 2021 00:19
@dafyddj
fix: revert to using is mapping in Jinja2
a89fb3f 
* CVE-2021-25283 enables Jinja2 safe mode, which breaks use of
  `'dict' in x.__class__.__name__` workaround
* Workaround no longer needed as CentOS 6 is EOL
@dafyddj dafyddj force-pushed the fix/is-mapping-v3002.5 branch from b951408 to a89fb3f Compare March 2, 2021 00:40
@dafyddj dafyddj marked this pull request as ready for review March 2, 2021 00:46
@myii myii merged commit 840624f into saltstack-formulas:master Mar 2, 2021
@myii
Copy link
Member

myii commented Mar 2, 2021

Merged, thanks for the quick fix, @dafyddj.

@saltstack-formulas-travis
Copy link

🎉 This PR is included in version 1.7.5 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

@dafyddj dafyddj deleted the fix/is-mapping-v3002.5 branch March 2, 2021 12:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@myii myii myii approved these changes

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dafyddj @myii @saltstack-formulas-travis