From 4eb9419e9fa4ebf7ce7f000246eeb6cc3afd8b60 Mon Sep 17 00:00:00 2001 From: Mathieu Payrol Date: Thu, 20 Nov 2025 10:29:30 +0100 Subject: [PATCH] fix: correctly handle `salt=0` in `encrypt_cisco_type7` The function `encrypt_cisco_type7` was incorrectly handling the integer `0` as a missing argument because of the thruthiness check (`if not salt:`). This resulted in a random salt being used when the user explicitely requested salt `0`. The condition has been updated to `if salt is None` to differentiate between a provided `0` and the default `None`. --- changes/741.fixed | 1 + netutils/password.py | 2 +- tests/unit/test_password.py | 4 ++++ 3 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 changes/741.fixed diff --git a/changes/741.fixed b/changes/741.fixed new file mode 100644 index 00000000..1c5c7f76 --- /dev/null +++ b/changes/741.fixed @@ -0,0 +1 @@ +Fixed the logic error where `salt=0` was ignored in `encrypt_cisco_type7` \ No newline at end of file diff --git a/netutils/password.py b/netutils/password.py index 21b6a55c..b01f1464 100644 --- a/netutils/password.py +++ b/netutils/password.py @@ -292,7 +292,7 @@ def encrypt_cisco_type7(unencrypted_password: str, salt: t.Optional[int] = None) if len(unencrypted_password) > ENCRYPT_TYPE7_LENGTH: raise ValueError("Password must not exceed 25 characters.") - if not salt: + if salt is None: salt = random.randint(0, 15) # noqa: S311 # Start building the encrypted password - pre-pend the 2 decimal digit offset. encrypted_password = format(salt, "02d") diff --git a/tests/unit/test_password.py b/tests/unit/test_password.py index 9db1895f..bd373fab 100644 --- a/tests/unit/test_password.py +++ b/tests/unit/test_password.py @@ -86,6 +86,10 @@ "sent": {"unencrypted_password": "cisco", "salt": 10}, "received": "104D000A0618", }, + { + "sent": {"unencrypted_password": "cisco", "salt": 0}, + "received": "00071A150754", + }, ] ENCRYPT_CISCO_TYPE9 = [