ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-28 23:51:23 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

passwordstore: Prevent using path as password (#4192)

Browse source 
Given a password stored in _path/to/secret_, requesting the password
_path/to_ will literally return `path/to`. This can lead to using
weak passwords by accident/mess up logic in code, based on the
state of the password store.

This is worked around by applying the same logic `pass` uses:
If a password was returned, check if there is a .gpg file it could
have come from. If not, treat it as missing.

Fixes ansible-collections/community.general#4185
This commit is contained in:
grembo 2022-02-17 20:58:36 +01:00 committed by GitHub
commit da49c0968d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 27 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

2
changelogs/fragments/4192-improve-passwordstore-consistency.yml Normal file
View file

@ -0,0 +1,2 @@
bugfixes:
- passwordstore lookup plugin - prevent returning path names as passwords by accident (https://github.com/ansible-collections/community.general/issues/4185, https://github.com/ansible-collections/community.general/pull/4192).