Replace `shell:` with more secure `command` module in Ansible playbook
I just ran into a problem with an SMTP variable that contained a backtick (). That's because the playbook often uses
shellwhile it could use the more secure
commandmodule.
shellis usually only necessary when you want to direct the output of a command with pipes or
>`'s.
None of these occurrences need shell
and they can easily be search-replaced to make the chart more secure/error prone.
git grep 'shell: wp'
wp-cli-docker/roles/wordpress-init/tasks/main.yml: shell: wp {{ cli_args }} core download
wp-cli-docker/roles/wordpress-init/tasks/main.yml: shell: wp {{ cli_args }} core verify-checksums
wp-cli-docker/roles/wordpress-init/tasks/main.yml: shell: wp {{ cli_args }} core install
wp-cli-docker/roles/wordpress-init/tasks/main.yml: shell: wp {{ cli_args }} core update-db
wp-cli-docker/roles/wordpress-init/tasks/main.yml: shell: wp {{ cli_args }} config set FS_METHOD direct --add --type=constant
wp-cli-docker/roles/wordpress-init/tasks/main.yml: shell: wp {{ cli_args }} config set DISALLOW_FILE_EDIT true --add --raw --type=constant
wp-cli-docker/roles/wordpress-init/tasks/main.yml: shell: wp {{ cli_args }} core language install "{{ language }}"
wp-cli-docker/roles/wordpress-init/tasks/main.yml: shell: wp {{ cli_args }} site switch-language "{{ DEFAULT_LANG }}"
wp-cli-docker/roles/wordpress-init/tasks/main.yml: shell: wp config {{ cli_args }} set {{ wp_salt.key }} {{ wp_salt.value }} --add --type=constant
wp-cli-docker/roles/wordpress-init/tasks/main.yml: shell: wp {{ cli_args }} config set 'FS_CHMOD_DIR' {{ WP_DIR_MODE }} --raw --type=constant
wp-cli-docker/roles/wordpress-init/tasks/main.yml: shell: wp {{ cli_args }} config set 'FS_CHMOD_FILE' {{ WP_FILES_MODE }} --raw --type=constant
wp-cli-docker/roles/wordpress-init/tasks/main.yml: shell: wp {{ cli_args }} option set close_comments_days_old 90
wp-cli-docker/roles/wordpress-init/tasks/main.yml: shell: wp {{ cli_args }} option set comment_max_links 1
wp-cli-docker/roles/wordpress-init/tasks/main.yml: shell: wp {{ cli_args }} option set users_can_register 0
wp-cli-docker/roles/wordpress-init/tasks/main.yml: shell: wp {{ cli_args }} option set default_ping_status closed
wp-cli-docker/roles/wordpress-init/tasks/main.yml: shell: wp {{ cli_args }} theme install {{ item }}
wp-cli-docker/roles/wordpress-init/tasks/main.yml: shell: wp {{ cli_args }} theme activate "{{ WP_THEME_ACTIVE }}"
wp-cli-docker/roles/wordpress-init/tasks/main.yml: shell: wp {{ cli_args }} theme install "{{ WP_THEME_FALLBACK }}" --activate
wp-cli-docker/roles/wordpress-init/tasks/main.yml: shell: wp {{ cli_args }} plugin install "{{ wordpress_default_plugin }}" --force --activate
wp-cli-docker/roles/wordpress-init/tasks/main.yml: shell: wp {{ cli_args }} option set {{ WP_ALT_CONFIG }} {{ WP_ALT_PATH }}
wp-cli-docker/roles/wordpress-init/tasks/main.yml: shell: wp {{ cli_args }} config set WP_DEBUG {{ WP_DEBUG }} --raw --type=constant
wp-cli-docker/roles/wordpress-init/tasks/mu-plugins-cron.yml: shell: wp {{ cli_args }} config set 'WP_CONTENT_DIR' "ABSPATH . 'wp-content'" --raw --type=constant
wp-cli-docker/roles/wordpress-init/tasks/mu-plugins-cron.yml: shell: wp {{ cli_args }} config set 'WPMU_PLUGIN_DIR' "ABSPATH . 'wp-content/{{ WP_MU_PLUGINS_DIR }}'" --raw --type=constant
wp-cli-docker/roles/wordpress-init/tasks/mu-plugins-cron.yml: shell: wp {{ cli_args }} config set 'WP_CONTENT_URL' "'{{ WP_URL }}/wp-content'" --raw --type=constant
wp-cli-docker/roles/wordpress-init/tasks/mu-plugins-cron.yml: shell: wp {{ cli_args }} config set 'WPMU_PLUGIN_URL' "'{{ WP_URL }}/wp-content/mu-plugins'" --raw --type=constant
wp-cli-docker/roles/wordpress-init/tasks/mu-plugins-cron.yml: shell: wp {{ cli_args }} config set 'WP_CRON_CONTROL_SECRET' "{{ WP_MU_CRON_SETTINGS.secret }}" --add --type=constant
wp-cli-docker/roles/wordpress-init/tasks/mu-plugins-cron.yml: shell: wp {{ cli_args }} config set DISABLE_WP_CRON true --add --raw --type=constant
wp-cli-docker/roles/wordpress-init/tasks/multilingual.yml: shell: wp {{ cli_args }} config set 'WP_CONTENT_DIR' "ABSPATH . 'wp-content'" --raw --type=constant
wp-cli-docker/roles/wordpress-init/tasks/multilingual.yml: shell: wp {{ cli_args }} config set {{ WP_MULTILINGUAL_CONFIG }}
wp-cli-docker/roles/wordpress-init/tasks/multilingual.yml: shell: wp {{ cli_args }} plugin activate {{ wp_multilingual_plugin }}
wp-cli-docker/roles/wordpress-init/tasks/multilingual.yml: shell: wp {{ cli_args }} plugin deactivate {{ wp_multilingual_plugin }}
wp-cli-docker/roles/wordpress-init/tasks/openid-connect.yml: shell: wp {{ cli_args }} plugin install daggerhart-openid-connect-generic --activate
wp-cli-docker/roles/wordpress-init/tasks/redis.yml: shell: wp {{ cli_args }} config set WP_REDIS_HOST "{{ WP_REDIS_HOST }}" --add --type=constant
wp-cli-docker/roles/wordpress-init/tasks/redis.yml: shell: wp {{ cli_args }} config set WP_REDIS_PASSWORD "{{ WP_REDIS_PASSWORD }}" --add --type=constant
wp-cli-docker/roles/wordpress-init/tasks/redis.yml: shell: wp {{ cli_args }} plugin install redis-cache --activate
wp-cli-docker/roles/wordpress-init/tasks/redis.yml: shell: wp {{ cli_args }} redis enable