Handle win style CRLF newlines in vault text (#27590)
When parsing a vaulttext blob, use .splitlines() instead of split(b'\n') to handle \n newlines and windows style \r\n (CRLF) new lines. The vaulttext enevelope at this point is just the header line and a hexlify()'ed blob, so CRLF is a valid newline here. Fixes #22914
This commit is contained in:
Adrian Likins
GitHub
parent
8f18ca45f1
commit
2b0a7338d4
2 changed files with 9 additions and 1 deletions
|
|
@ -159,7 +159,7 @@ def parse_vaulttext_envelope(b_vaulttext_envelope, default_vault_id=None):
|
|||
# used by decrypt
|
||||
default_vault_id = default_vault_id or C.DEFAULT_VAULT_IDENTITY
|
||||
|
||||
b_tmpdata = b_vaulttext_envelope.split(b'\n')
|
||||
b_tmpdata = b_vaulttext_envelope.splitlines()
|
||||
b_tmpheader = b_tmpdata[0].strip().split(b';')
|
||||
|
||||
b_version = b_tmpheader[1].strip()
|
||||
|
|
|
|||
|
|
@ -516,6 +516,14 @@ class TestVaultLib(unittest.TestCase):
|
|||
self.assertEqual(cipher_name, u'TEST', msg="cipher name was not properly set")
|
||||
self.assertEqual(b_version, b"9.9", msg="version was not properly set")
|
||||
|
||||
def test_parse_vaulttext_envelope_crlf(self):
|
||||
b_vaulttext = b"$ANSIBLE_VAULT;9.9;TEST\r\nansible"
|
||||
b_ciphertext, b_version, cipher_name, vault_id = vault.parse_vaulttext_envelope(b_vaulttext)
|
||||
b_lines = b_ciphertext.split(b'\n')
|
||||
self.assertEqual(b_lines[0], b"ansible", msg="Payload was not properly split from the header")
|
||||
self.assertEqual(cipher_name, u'TEST', msg="cipher name was not properly set")
|
||||
self.assertEqual(b_version, b"9.9", msg="version was not properly set")
|
||||
|
||||
def test_encrypt_decrypt_aes(self):
|
||||
self.v.cipher_name = u'AES'
|
||||
vault_secrets = self._vault_secrets_from_password('default', 'ansible')
|
||||
|
|
|
|||
Loading…
Reference in a new issue