)]}'
{"zuul/ansible/base/action/normal.py":[{"author":{"_account_id":4146,"name":"Clark Boylan","email":"cboylan@sapwetik.org","username":"cboylan"},"change_message_id":"a5391cc541838c9e00a4b218c62233e8bae7b3a3","unresolved":false,"context_lines":[{"line_number":114,"context_line":"        if not isinstance(find_paths, list):"},{"line_number":115,"context_line":"            find_paths \u003d (find_paths,)"},{"line_number":116,"context_line":"        for path in find_paths:"},{"line_number":117,"context_line":"            paths._fail_if_unsafe(path)"}],"source_content_type":"text/x-python","patch_set":1,"id":"9f560f44_8b2a948e","line":117,"updated":"2020-09-30 19:32:34.000000000","message":"Reading up on the find module I believe this is generally safe. However, the find module does allow you to follow symlinks. I think we need to error here if the symlink follow flag is set to yes/true because you could set a symlink in the zuul workspace to point to / then find everything on the system.","commit_id":"1625c07b885fcf99adb9eade5e499b5258764e9d"},{"author":{"_account_id":7118,"name":"Ian Wienand","email":"iwienand@redhat.com","username":"iwienand"},"change_message_id":"3d9b2adf1a21b4bb320e330c5d98bd026bb9dc1d","unresolved":false,"context_lines":[{"line_number":114,"context_line":"        if not isinstance(find_paths, list):"},{"line_number":115,"context_line":"            find_paths \u003d (find_paths,)"},{"line_number":116,"context_line":"        for path in find_paths:"},{"line_number":117,"context_line":"            paths._fail_if_unsafe(path)"}],"source_content_type":"text/x-python","patch_set":1,"id":"9f560f44_c1474d7a","line":117,"in_reply_to":"9f560f44_8b2a948e","updated":"2020-09-30 22:25:13.000000000","message":"Ahh I should have mentioned that, I did look at fail_if_unsafe and I believe it will walk the path and check for symlinks [1] so I considered this safe\n\n[1] https://opendev.org/zuul/zuul/src/branch/master/zuul/ansible/paths.py#L57","commit_id":"1625c07b885fcf99adb9eade5e499b5258764e9d"},{"author":{"_account_id":4146,"name":"Clark Boylan","email":"cboylan@sapwetik.org","username":"cboylan"},"change_message_id":"c8535318f0445a2f35fa4ee4ca4247fd2a8e4f09","unresolved":false,"context_lines":[{"line_number":114,"context_line":"        if not isinstance(find_paths, list):"},{"line_number":115,"context_line":"            find_paths \u003d (find_paths,)"},{"line_number":116,"context_line":"        for path in find_paths:"},{"line_number":117,"context_line":"            paths._fail_if_unsafe(path)"}],"source_content_type":"text/x-python","patch_set":1,"id":"9f560f44_257294b1","line":117,"in_reply_to":"9f560f44_c1474d7a","updated":"2020-09-30 22:47:29.000000000","message":"Wow, that checking code seems to basically implement the bulk of what find must be doing too. Anyway that should make this safe.","commit_id":"1625c07b885fcf99adb9eade5e499b5258764e9d"}]}