Skip to content
Permalink
Browse files

Fix security issue refs #4

* Update version to 1.0.5
* Update to use yaml.safe_load()
* Update to tomoh1r
  • Loading branch information...
tomoh1r committed Sep 13, 2017
1 parent 1ae50a3 commit 3f8f659ef443ab870bb19f95d43543470168ae04
Showing with 55 additions and 29 deletions.
  1. +13 −7 .travis.yml
  2. +10 −0 CHANGES.txt
  3. +2 −2 README.rst
  4. +1 −0 README_test.rst
  5. +1 −1 ansible_vault/api.py
  6. +7 −0 ansible_vault/test/file/pwned.txt
  7. +8 −2 ansible_vault/test/test_api.py
  8. +8 −0 setup.cfg
  9. +5 −3 setup.py
  10. +0 −14 tox.ini
@@ -1,14 +1,20 @@
---
language: python
sudo: false
cache:
directories:
- $HOME/.cache/pip
python:
- 2.7
env:
matrix:
- TOXENV=py27
- TOXENV=py27-ansible2
- "2.7"
- "3.3"
- "3.4"
- "3.5"
- "3.6"
install:
- pip install tox
script: tox
- python -m pip install -U setuptools pip
- python setup.py setup_test
script:
- python -m pytest
- if [ "$TRAVIS_PYTHON_VERSION" == '2.7' ] ; then python -m pip install -U 'ansible<2.0.0' && python -m pytest ; fi

# vim:st=2 sts=2 sw=2:
@@ -1,3 +1,13 @@
1.0.5 (2017/09/13)

* Update to use yaml.safe_load()$
* Update to tomoh1r$

1.0.4 (2015/11/29)

* Apply to Ansible 2
* Add unit tests

1.0.3 (2015/05/18)

* fix README.rst typo
@@ -2,8 +2,8 @@
ansible-vault
=============

.. image:: https://travis-ci.org/jptomo/ansible-vault.svg?branch=master
:target: https://travis-ci.org/jptomo/ansible-vault
.. image:: https://travis-ci.org/tomoh1r/ansible-vault.svg?branch=master
:target: https://travis-ci.org/tomoh1r/ansible-vault

This project aim to R/W an ansible-vault yaml file

@@ -12,4 +12,5 @@ how to test

.. code-block:: console

$ ./venvtest/bin/python setup.py setup_test
$ ./venvtest/bin/python setup.py test
@@ -15,7 +15,7 @@ def __init__(self, password):

def load(self, stream):
'''read vault steam and return python object'''
return yaml.load(self.vault.decrypt(stream))
return yaml.safe_load(self.vault.decrypt(stream))

def dump(self, data, stream=None):
'''encrypt data and print stdout or write to stream'''
@@ -0,0 +1,7 @@
$ANSIBLE_VAULT;1.1;AES256
31616433623434626463363932323936663066353063393731346536636437633463633137643032
3663656431663830396662646132343735623538346330640a363532326262353732636161633431
61353936346235396464333333653831356638393264343662363362653433353762396663653465
6439366430336336660a363931663030323665633136363362353162333864653933653763656462
31656431653333343834623731393263393865353831333963616165613237376630646665306363
6238373037663462343565643737303136333032386136356438
@@ -1,9 +1,9 @@
import os
from tempfile import mkstemp

from testfixtures import ShouldRaise

from ansible.errors import AnsibleError
from testfixtures import ShouldRaise
from yaml.constructor import ConstructorError


here = os.path.dirname(os.path.abspath(__file__))
@@ -28,6 +28,12 @@ def test_cannot(self):
with ShouldRaise(AnsibleError('Decryption failed')):
vault.load(open(fpath).read())

def test_not_pwned(self):
fpath = os.path.join(here, 'file', 'pwned.txt')
vault = self._makeOne('password')
with ShouldRaise(ConstructorError):
vault.load(open(fpath).read())


class TestVaultDump(object):
def _getTargetClass(self):
@@ -1,2 +1,10 @@
[metadata]
description-file = README.rst

[aliases]
setup_test = develop easy_install ansible-vault[test]
release = register clean --all sdist

[tools:pytest]
norecursedirs = venv
testpaths = ansible_vault/test
@@ -32,19 +32,21 @@ def run_tests(self):

setup(
name='ansible-vault',
version='1.0.4',
version='1.0.5',
author='Tomohiro NAKAMURA',
author_email='quickness.net@gmail.com',
url='https://github.com/jptomo/ansible-vault',
url='https://github.com/tomoh1r/ansible-vault',
description='R/W an ansible-vault yaml file',
long_description=_read('README.rst'),
packages=find_packages(),
install_requires=['ansible'],
tests_require=['pytest', 'testfixtures'],
cmdclass={'test': PyTest},
classifiers=[
'Development Status :: 5 - Production/Stable',
'License :: OSI Approved :: GNU General Public License v3 (GPLv3)',
],
license='GPLv3',
extras_require = {
'test': ['pytest', 'testfixtures'],
}
)
14 tox.ini

This file was deleted.

0 comments on commit 3f8f659

Please sign in to comment.
You can’t perform that action at this time.