ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-08-06 06:04:24 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

passwordstore: Prevent using path as password (#4192) (#4217)

Browse source 
Given a password stored in _path/to/secret_, requesting the password
_path/to_ will literally return `path/to`. This can lead to using
weak passwords by accident/mess up logic in code, based on the
state of the password store.

This is worked around by applying the same logic `pass` uses:
If a password was returned, check if there is a .gpg file it could
have come from. If not, treat it as missing.

Fixes ansible-collections/community.general#4185

(cherry picked from commit da49c0968d)

Co-authored-by: grembo <freebsd@grem.de>
This commit is contained in:
patchback[bot] 2022-02-17 21:33:09 +01:00 committed by GitHub
commit 56c5a8b9b2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 27 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

2
changelogs/fragments/4192-improve-passwordstore-consistency.yml Normal file
View file

@ -0,0 +1,2 @@
bugfixes:
- passwordstore lookup plugin - prevent returning path names as passwords by accident (https://github.com/ansible-collections/community.general/issues/4185, https://github.com/ansible-collections/community.general/pull/4192).