internet/community.general
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2026-05-07 05:42:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

passwordstore: Prevent using path as password (#4192)

Browse Source 
Given a password stored in _path/to/secret_, requesting the password
_path/to_ will literally return `path/to`. This can lead to using
weak passwords by accident/mess up logic in code, based on the
state of the password store.

This is worked around by applying the same logic `pass` uses:
If a password was returned, check if there is a .gpg file it could
have come from. If not, treat it as missing.

Fixes ansible-collections/community.general#4185
This commit is contained in:
grembo
2022-02-17 20:58:36 +01:00
committed by GitHub
parent 1e4b8e30a9
commit da49c0968d
2 changed files with 27 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
changelogs/fragments/4192-improve-passwordstore-consistency.yml Normal file
View File

@@ -0,0 +1,2 @@
bugfixes:
- passwordstore lookup plugin - prevent returning path names as passwords by accident (https://github.com/ansible-collections/community.general/issues/4185, https://github.com/ansible-collections/community.general/pull/4192).