LouisdeLooze · March 23, 2026 11:31
diff --git a/polyshell_check.yaml b/polyshell_check.yaml
 ---
 - name: PolyShell check
  hosts: all
  gather_facts: false

  tasks:
    - name: Get all base URLs via magerun2
      register: base_url_result
      changed_when: false
      shell: >
        . ~/.profile; cd ~/public_html && magerun2 sys:store:config:base-url:list --format json --with-admin-store

    - name: Parse JSON output
      ansible.builtin.set_fact:
        base_urls: "{{ base_url_result.stdout | from_json }}"

    - name: Extract admin (store 0) base URL
      ansible.builtin.set_fact:
        magento_base_url: "{{ base_urls['0'].unsecure_baseurl | default(base_urls['0'].secure_baseurl) }}"

    - name: Ensure base URL ends with /
      ansible.builtin.set_fact:
        magento_base_url: "{{ magento_base_url.rstrip('/') + '/' }}"

    - name: Ensure directory
      shell: "mkdir -p ~/shared/pub/media/custom_options/quote/p/s"

    - name: Create PolyShell test file in vulnerable path
      ansible.builtin.copy:
        dest: "~/shared/pub/media/custom_options/quote/p/s/index.php"
        content: "<?php echo 'PolyShell Test'; ?>"

    - name: Check if we can access the PolyShell test file
      delegate_to: localhost
      register: polyshell_response
      failed_when: false
      ansible.builtin.uri:
        url: "{{ magento_base_url }}media/custom_options/quote/p/s/index.php"
        method: GET
        return_content: true
        validate_certs: false
        http_agent: "Flightdeck-Healthcheck/1.0"

    - name: Assert PolyShell Vulnerability Status
      delegate_to: localhost
      ansible.builtin.assert:
        that:
          - polyshell_response.status != 200 or 'PolyShell Test' not in polyshell_response.content
        fail_msg: "Store is VULNERABLE to PolyShell."
        success_msg: "Store is NOT vulnerable to PolyShell."
	---
	- name: PolyShell check
	hosts: all
	gather_facts: false

	tasks:
	- name: Get all base URLs via magerun2
	register: base_url_result
	changed_when: false
	shell: >
	. ~/.profile; cd ~/public_html && magerun2 sys:store:config:base-url:list --format json --with-admin-store

	- name: Parse JSON output
	ansible.builtin.set_fact:
	base_urls: "{{ base_url_result.stdout \| from_json }}"

	- name: Extract admin (store 0) base URL
	ansible.builtin.set_fact:
	magento_base_url: "{{ base_urls['0'].unsecure_baseurl \| default(base_urls['0'].secure_baseurl) }}"

	- name: Ensure base URL ends with /
	ansible.builtin.set_fact:
	magento_base_url: "{{ magento_base_url.rstrip('/') + '/' }}"

	- name: Ensure directory
	shell: "mkdir -p ~/shared/pub/media/custom_options/quote/p/s"

	- name: Create PolyShell test file in vulnerable path
	ansible.builtin.copy:
	dest: "~/shared/pub/media/custom_options/quote/p/s/index.php"
	content: "<?php echo 'PolyShell Test'; ?>"

	- name: Check if we can access the PolyShell test file
	delegate_to: localhost
	register: polyshell_response
	failed_when: false
	ansible.builtin.uri:
	url: "{{ magento_base_url }}media/custom_options/quote/p/s/index.php"
	method: GET
	return_content: true
	validate_certs: false
	http_agent: "Flightdeck-Healthcheck/1.0"

	- name: Assert PolyShell Vulnerability Status
	delegate_to: localhost
	ansible.builtin.assert:
	that:
	- polyshell_response.status != 200 or 'PolyShell Test' not in polyshell_response.content
	fail_msg: "Store is VULNERABLE to PolyShell."
	success_msg: "Store is NOT vulnerable to PolyShell."
No results found