Insecure Relative Path Resolution
- Query id: 8d22ae91-6ac1-459f-95be-d37bd373f244
- Query name: Insecure Relative Path Resolution
- Platform: Ansible
- Severity: Low
- Category: Best Practices
- CWE: Ongoing
- URL: Github
Description¶
Using relative paths can lead to unexpected behavior as the path is resolved relative to the current working directory, which can change.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
---
- name: Positive Example
hosts: localhost
tasks:
- name: One
ansible.builtin.template:
src: ../templates/foo.j2
dest: /etc/file.conf
mode: "0644"
- name: Two
ansible.builtin.copy:
src: ../files/foo.conf
dest: /etc/foo.conf
mode: "0644"
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
---
- name: Negative Example
hosts: localhost
tasks:
- name: One
ansible.builtin.copy:
content:
dest: /etc/mine.conf
mode: "0644"
- name: Two
ansible.builtin.copy:
src: /home/example/files/foo.conf
dest: /etc/foo.conf
mode: "0644"
---
- name: Negative Example 2
hosts: localhost
tasks:
- name: One
ansible.builtin.template:
src: ../example/foo.j2
dest: /etc/file.conf
mode: "0644"
- name: Two
ansible.builtin.copy:
src: ../example/foo.conf
dest: /etc/foo.conf
mode: "0644"
- name: Three
win_template:
src: ../example/foo2.j2
dest: /etc/file.conf
mode: "0644"