add additional field validation to AWX_TASK_ENV

AWX_TASK_ENV should only allow simple key-value assignment (since we're
using it to set environment variables).

see: #3508

awx/conf/fields.py

@@ -9,6 +9,8 @@ from django.utils.translation import ugettext_lazy as _
 # Django REST Framework
 from rest_framework.fields import *  # noqa
 
+import six
+
 logger = logging.getLogger('awx.conf.fields')
 
 # Use DRF fields to convert/validate settings:
@@ -84,3 +86,17 @@ class URLField(CharField):
             except:
                 raise  # If something fails here, just fall through and let the validators check it.
         super(URLField, self).run_validators(value)
+
+
+class KeyValueField(DictField):
+    child = CharField()
+    default_error_messages = {
+        'invalid_child': _('"{input}" is not a valid string.')
+    }
+
+    def to_internal_value(self, data):
+        ret = super(KeyValueField, self).to_internal_value(data)
+        for value in data.values():
+            if not isinstance(value, six.string_types + six.integer_types + (float,)):
+                self.fail('invalid_child', input=value)
+        return ret

awx/main/conf.py

@@ -227,7 +227,7 @@ register(
 
 register(
     'AWX_TASK_ENV',
-    field_class=fields.DictField,
+    field_class=fields.KeyValueField,
     default={},
     label=_('Extra Environment Variables'),
     help_text=_('Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending.'),