ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-27 15:11:23 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

Prevent rewriting the encrypted file if decryption fails

Browse source
This commit is contained in:
James Tanner 2014-03-19 16:31:03 -04:00
commit b8f627d1d5
1 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
lib/ansible/utils/vault.py
View file

@ -113,7 +113,6 @@ class VaultLib(object):
# clean out header # clean out header
data = self._split_header(data) data = self._split_header(data)
# create the cipher object # create the cipher object
if 'Vault' + self.cipher_name in globals() and self.cipher_name in CIPHER_WHITELIST: if 'Vault' + self.cipher_name in globals() and self.cipher_name in CIPHER_WHITELIST:
cipher = globals()['Vault' + self.cipher_name] cipher = globals()['Vault' + self.cipher_name]
@ -123,6 +122,8 @@ class VaultLib(object):
# try to unencrypt data # try to unencrypt data
data = this_cipher.decrypt(data, self.password) data = this_cipher.decrypt(data, self.password)
if not data:
raise errors.AnsibleError("Decryption failed")
return data return data
@ -209,6 +210,9 @@ class VaultEditor(object):
this_vault = VaultLib(self.password) this_vault = VaultLib(self.password)
if this_vault.is_encrypted(tmpdata): if this_vault.is_encrypted(tmpdata):
dec_data = this_vault.decrypt(tmpdata) dec_data = this_vault.decrypt(tmpdata)
if not dec_data:
raise errors.AnsibleError("Decryption failed")
else:
self.write_data(dec_data, self.filename) self.write_data(dec_data, self.filename)
else: else:
raise errors.AnsibleError("%s is not encrypted" % self.filename) raise errors.AnsibleError("%s is not encrypted" % self.filename)