From 2b0a7338d4778137f93003540cf46d53d592f4ff Mon Sep 17 00:00:00 2001 From: Adrian Likins Date: Tue, 1 Aug 2017 18:53:22 -0400 Subject: [PATCH] Handle win style CRLF newlines in vault text (#27590) When parsing a vaulttext blob, use .splitlines() instead of split(b'\n') to handle \n newlines and windows style \r\n (CRLF) new lines. The vaulttext enevelope at this point is just the header line and a hexlify()'ed blob, so CRLF is a valid newline here. Fixes #22914 --- lib/ansible/parsing/vault/__init__.py | 2 +- test/units/parsing/vault/test_vault.py | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/ansible/parsing/vault/__init__.py b/lib/ansible/parsing/vault/__init__.py index 1d278b883e..8e8af48e07 100644 --- a/lib/ansible/parsing/vault/__init__.py +++ b/lib/ansible/parsing/vault/__init__.py @@ -159,7 +159,7 @@ def parse_vaulttext_envelope(b_vaulttext_envelope, default_vault_id=None): # used by decrypt default_vault_id = default_vault_id or C.DEFAULT_VAULT_IDENTITY - b_tmpdata = b_vaulttext_envelope.split(b'\n') + b_tmpdata = b_vaulttext_envelope.splitlines() b_tmpheader = b_tmpdata[0].strip().split(b';') b_version = b_tmpheader[1].strip() diff --git a/test/units/parsing/vault/test_vault.py b/test/units/parsing/vault/test_vault.py index befb4a0e5a..536fd1b00f 100644 --- a/test/units/parsing/vault/test_vault.py +++ b/test/units/parsing/vault/test_vault.py @@ -516,6 +516,14 @@ class TestVaultLib(unittest.TestCase): self.assertEqual(cipher_name, u'TEST', msg="cipher name was not properly set") self.assertEqual(b_version, b"9.9", msg="version was not properly set") + def test_parse_vaulttext_envelope_crlf(self): + b_vaulttext = b"$ANSIBLE_VAULT;9.9;TEST\r\nansible" + b_ciphertext, b_version, cipher_name, vault_id = vault.parse_vaulttext_envelope(b_vaulttext) + b_lines = b_ciphertext.split(b'\n') + self.assertEqual(b_lines[0], b"ansible", msg="Payload was not properly split from the header") + self.assertEqual(cipher_name, u'TEST', msg="cipher name was not properly set") + self.assertEqual(b_version, b"9.9", msg="version was not properly set") + def test_encrypt_decrypt_aes(self): self.v.cipher_name = u'AES' vault_secrets = self._vault_secrets_from_password('default', 'ansible')