1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Hide YAML content on syntax errors when a vault password is specified

Fixes #6601
This commit is contained in:
James Cammarata 2014-04-23 09:16:50 -05:00
parent 0af8ca3fee
commit 93b5769d94

View file

@ -464,9 +464,10 @@ Could be written as:
return msg
def process_yaml_error(exc, data, path=None):
def process_yaml_error(exc, data, path=None, show_content=True):
if hasattr(exc, 'problem_mark'):
mark = exc.problem_mark
if show_content:
if mark.line -1 >= 0:
before_probline = data.split("\n")[mark.line-1]
else:
@ -504,6 +505,14 @@ Should be written as:
"""
msg = process_common_errors(msg, probline, mark.column)
else:
# most likely displaying a file with sensitive content,
# so don't show any of the actual lines of yaml just the
# line number itself
msg = """Syntax error while loading YAML script, %s
The error appears to have been on line %s, column %s, but may actually
be before there depending on the exact syntax problem.
""" % (path, mark.line + 1, mark.column + 1)
else:
# No problem markers means we have to throw a generic
@ -519,6 +528,7 @@ def parse_yaml_from_file(path, vault_password=None):
''' convert a yaml file to a data structure '''
data = None
show_content = True
try:
data = open(path).read()
@ -528,11 +538,12 @@ def parse_yaml_from_file(path, vault_password=None):
vault = VaultLib(password=vault_password)
if vault.is_encrypted(data):
data = vault.decrypt(data)
show_content = False
try:
return parse_yaml(data, path_hint=path)
except yaml.YAMLError, exc:
process_yaml_error(exc, data, path)
process_yaml_error(exc, data, path, show_content)
def parse_kv(args):
''' convert a string of key/value items to a dict '''