tgerla

import ansible.utils as utils
#
# Put this file in lookup_plugins/ alongside your playbooks.
#
# Lookup plugins can be called two ways: via with_ as a task loop
# construct, or via lookup('name').
# 
# You can find the code for the basic lookup plugins here:
# v1: https://github.com/ansible/ansible/tree/devel/v1/ansible/runner/lookup_plugins
# v2: https://github.com/ansible/ansible/tree/devel/lib/ansible/plugins/lookup

tgerla

#!/bin/bash
#
# Requires: jq, yq, grype, sed

# Check if a file path is provided as a command-line argument
if [ "$#" -ne 1 ]; then
    echo "Usage: $0 path/to/your/deployment.yaml"
    exit 1
fi

tgerla

tgerla@Timothys-MacBook-Pro-2 grype % grype -q alpine:3.7 -o json | go run cmd/grype/main.go explain --id CVE-2022-48174
CVE-2022-48174 from nvd:cpe (Critical)
There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.
Matched packages:
    - Package: busybox, version: 1.27.2-r11
      PURL: pkg:apk/alpine/busybox@1.27.2-r11?arch=aarch64&distro=alpine-3.7.3
      Match explanation(s):
          - nvd:cpe:CVE-2022-48174 CPE match on `cpe:2.3:a:busybox:busybox:1.27.2-r11:*:*:*:*:*:*:*`.
      Locations:
          - /lib/apk/db/installed

tgerla

---

- hosts: all

  tasks:

  # this task runs 'getenforce' and registers the result into the "sestatus" variable
  # changed_when: false tells ansible never to mark this task as "changed"
  - name: test to see if selinux is running
    command: getenforce

tgerla

! 7/12/2018, 11:43:10 AM https://www.newsobserver.com/news/politics-government/article214685620.html
www.newsobserver.com###newsletter-signUpWidget

! 7/12/2018, 11:43:45 AM https://www.newsobserver.com/news/politics-government/article214685620.html
www.newsobserver.com###player-210759034-1531403234422_html5_api

! 7/12/2018, 11:44:04 AM https://www.newsobserver.com/news/politics-government/article214685620.html
www.newsobserver.com##.video.lead-item

! 7/12/2018, 11:44:48 AM https://www.newsobserver.com/news/politics-government/article214685620.html

tgerla

Total household income in 2011: $13T (https://www.bizjournals.com/bizjournals/on-numbers/scott-thomas/2012/12/nations-total-personal-income.html)

Number of families in the United States (2011): 118M (https://www.statista.com/statistics/183635/number-of-households-in-the-us/)

13,000,000,000,000/118,000,000 = $110,170

tgerla

diff --git a/lib/ansible/runner/__init__.py b/lib/ansible/runner/__init__.py
index 1755879..d305a38 100644
--- a/lib/ansible/runner/__init__.py
+++ b/lib/ansible/runner/__init__.py
@@ -411,6 +411,7 @@ class Runner(object):
         inject = utils.combine_vars(inject, self.module_vars)
         inject = utils.combine_vars(inject, self.setup_cache[host])
         inject.setdefault('ansible_ssh_user', self.remote_user)
+        inject.setdefault('ansible_connection', host_connection)
         inject['hostvars'] = HostVars(self.setup_cache, self.inventory)

tgerla

Timothys-MacBook-Pro:ansible-test tgerla$ tree
.
├── roles
│   └── myrole
│       └── tasks
│           └── main.yml
├── templates
│   └── mytemplate.j2
└── test-roles.yml

tgerla

- name: my thing
  command: this might fail or whatever
  failed_when: false
  register: testcommand

tgerla

Timothys-MacBook-Pro:ansible-test tgerla$ ansible-playbook -i localhost, test-includes.yml -e myvar=this

PLAY [localhost] **************************************************************

GATHERING FACTS ***************************************************************
ok: [localhost]

TASK: [debug msg=hi] **********************************************************
skipping: [localhost]