From 2ec5dda1d8bc61b0b1bc827f9b2ad8a3bee53d9b Mon Sep 17 00:00:00 2001
From: Ahmed RAHAL <arahal@syntax.com>
Date: Fri, 25 Oct 2019 16:39:34 -0400
Subject: [PATCH] Add quotes to shell variables with user input

The last update of this file added default values for passwords
but removed the 'quote' filter.
This is extremely problematic for database passwords that should always
be complex and contain special characters that the shell may interpret
wrongly.
As a sanity measure, adding the quote filter to all fields.
---
 .../local_docker/templates/environment.sh.j2  | 22 +++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/installer/roles/local_docker/templates/environment.sh.j2 b/installer/roles/local_docker/templates/environment.sh.j2
index 7d78b8c96f..832f112d6d 100644
--- a/installer/roles/local_docker/templates/environment.sh.j2
+++ b/installer/roles/local_docker/templates/environment.sh.j2
@@ -1,12 +1,12 @@
-DATABASE_USER={{ pg_username }}
-DATABASE_NAME={{ pg_database }}
-DATABASE_HOST={{ pg_hostname|default('postgres') }}
-DATABASE_PORT={{ pg_port|default('5432') }}
-DATABASE_PASSWORD={{ pg_password|default('awxpass') }}
-DATABASE_ADMIN_PASSWORD={{ pg_admin_password|default('postgrespass') }}
+DATABASE_USER={{ pg_username|quote }}
+DATABASE_NAME={{ pg_database|quote }}
+DATABASE_HOST={{ pg_hostname|default('postgres')|quote }}
+DATABASE_PORT={{ pg_port|default('5432')|quote }}
+DATABASE_PASSWORD={{ pg_password|default('awxpass')|quote }}
+DATABASE_ADMIN_PASSWORD={{ pg_admin_password|default('postgrespass')|quote }}
 MEMCACHED_HOST={{ memcached_hostname|default('memcached') }}
-MEMCACHED_PORT={{ memcached_port|default('11211') }}
-RABBITMQ_HOST={{ rabbitmq_hostname|default('rabbitmq') }}
-RABBITMQ_PORT={{ rabbitmq_port|default('5672') }}
-AWX_ADMIN_USER={{ admin_user }}
-AWX_ADMIN_PASSWORD={{ admin_password | quote }}
+MEMCACHED_PORT={{ memcached_port|default('11211')|quote }}
+RABBITMQ_HOST={{ rabbitmq_hostname|default('rabbitmq')|quote }}
+RABBITMQ_PORT={{ rabbitmq_port|default('5672')|quote }}
+AWX_ADMIN_USER={{ admin_user|quote }}
+AWX_ADMIN_PASSWORD={{ admin_password|quote }}