Handle win style CRLF newlines in vault text (#27590)

When parsing a vaulttext blob, use .splitlines() instead of split(b'\n') to handle \n newlines and windows style \r\n (CRLF) new lines. The vaulttext enevelope at this point is just the header line and a hexlify()'ed blob, so CRLF is a valid newline here. Fixes #22914
7 years ago · 2b0a7338d4
parent 8f18ca45f1
commit 2b0a7338d4
2 changed files with 9 additions and 1 deletions
--- a/lib/ansible/parsing/vault/init.py
+++ b/lib/ansible/parsing/vault/init.py
@ -159,7 +159,7 @@ def parse_vaulttext_envelope(b_vaulttext_envelope, default_vault_id=None):
    # used by decrypt
    default_vault_id = default_vault_id or C.DEFAULT_VAULT_IDENTITY

-    b_tmpdata = b_vaulttext_envelope.split(b'\n')
+    b_tmpdata = b_vaulttext_envelope.splitlines()
    b_tmpheader = b_tmpdata[0].strip().split(b';')

    b_version = b_tmpheader[1].strip()
--- a/test/units/parsing/vault/test_vault.py
+++ b/test/units/parsing/vault/test_vault.py
@ -516,6 +516,14 @@ class TestVaultLib(unittest.TestCase):
        self.assertEqual(cipher_name, u'TEST', msg="cipher name was not properly set")
        self.assertEqual(b_version, b"9.9", msg="version was not properly set")

+    def test_parse_vaulttext_envelope_crlf(self):
+        b_vaulttext = b"$ANSIBLE_VAULT;9.9;TEST\r\nansible"
+        b_ciphertext, b_version, cipher_name, vault_id = vault.parse_vaulttext_envelope(b_vaulttext)
+        b_lines = b_ciphertext.split(b'\n')
+        self.assertEqual(b_lines[0], b"ansible", msg="Payload was not properly split from the header")
+        self.assertEqual(cipher_name, u'TEST', msg="cipher name was not properly set")
+        self.assertEqual(b_version, b"9.9", msg="version was not properly set")
+
    def test_encrypt_decrypt_aes(self):
        self.v.cipher_name = u'AES'
        vault_secrets = self._vault_secrets_from_password('default', 'ansible')