You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
risky-shell-pipe: Shells that use pipes should set the pipefail option.
tasks/example.yaml:1 Task/Handler: shell executable=/usr/bin/bash cmd=echo {{
values | first
}}
BUT
- vars:
values:
- 'itemA'
- 'itemB'ansible.builtin.shell:
executable: '/usr/bin/bash'cmd: >- set -o pipefail; echo {{ values | first }}
While the result of the last 2 examples is expected, the first one is not. If pipe operators are only part of a Jinja template in the cmd string value the rule should not match regardless whether it's multi-line or single-line.
The text was updated successfully, but these errors were encountered:
Summary
Using Jinja template with operator
|
in multi-line (!) shellcmd
string is recognized as risky-shell-pipe violation.Issue Type
OS / ENVIRONMENT
Actual / Desired Behavior
fails while it's not supposed to:
BUT
and
succeed.
While the result of the last 2 examples is expected, the first one is not. If pipe operators are only part of a Jinja template in the
cmd
string value the rule should not match regardless whether it's multi-line or single-line.The text was updated successfully, but these errors were encountered: