From ceb2a9bb176c1d5a2db49705adb789dfa77de0aa Mon Sep 17 00:00:00 2001
From: wangruidong <940853815@qq.com>
Date: Tue, 30 Jul 2024 18:10:46 +0800
Subject: [PATCH] fix: Arbitrary File Read in Ansible Play

---
 apps/ops/ansible/runner.py | 2 +-
 apps/ops/models/job.py     | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/apps/ops/ansible/runner.py b/apps/ops/ansible/runner.py
index d5e6c8379..53ab5e89e 100644
--- a/apps/ops/ansible/runner.py
+++ b/apps/ops/ansible/runner.py
@@ -105,7 +105,7 @@ class PlaybookRunner:
             shutil.rmtree(private_env)
 
         kwargs = dict(kwargs)
-        if self.isolate and not is_macos:
+        if self.isolate and not is_macos():
             kwargs['process_isolation'] = True
             kwargs['process_isolation_executable'] = 'bwrap'
 
diff --git a/apps/ops/models/job.py b/apps/ops/models/job.py
index 689989b9a..9b203fc05 100644
--- a/apps/ops/models/job.py
+++ b/apps/ops/models/job.py
@@ -422,6 +422,7 @@ class JobExecution(JMSOrgBaseModel):
             this.result.update(cb.result)
         else:
             this.result = cb.result
+        this.result = json.loads(json.dumps(this.result).replace('\\u0000', ''))
         this.finish_task()
 
     def finish_task(self):