only allow the task dispatch worker to import and run decorated tasks

this _technically_ prevents a remote code exploit where a user who has access to publish AMQP messages to the dispatch queue could craft a special message that would import and run arbitrary Python functions; that said, the types of user with this privilege level are generally _already_ the awx user (so they can already do this by hand if they want)
2026-04-18 05:51:47 -05:00 · 2018-12-12 17:01:11 -05:00
parent ca16787e7c
commit 5950f26c69
2 changed files with 48 additions and 0 deletions
--- a/awx/main/dispatch/worker/task.py
+++ b/awx/main/dispatch/worker/task.py
@@ -30,11 +30,18 @@ class TaskWorker(BaseWorker):
        awx.main.tasks.delete_inventory
        awx.main.tasks.RunProjectUpdate
        '''
+        if not task.startswith('awx.'):
+            raise ValueError('{} is not a valid awx task'.format(task))
        module, target = task.rsplit('.', 1)
        module = importlib.import_module(module)
        _call = None
        if hasattr(module, target):
            _call = getattr(module, target, None)
+        if not (
+            hasattr(_call, 'apply_async') and hasattr(_call, 'delay')
+        ):
+            raise ValueError('{} is not decorated with @task()'.format(task))
+
        return _call

    def run_callable(self, body):
@@ -78,6 +85,7 @@ class TaskWorker(BaseWorker):
        try:
            result = self.run_callable(body)
        except Exception as exc:
+            result = exc

            try:
                if getattr(exc, 'is_awx_task_error', False):