From 8e9df58f4302bf877f0f4898fce37a23f8d03b92 Mon Sep 17 00:00:00 2001 From: Ethan Paul <24588726+enpaul@users.noreply.github.com> Date: Thu, 21 Apr 2022 15:20:08 -0400 Subject: [PATCH] Fix replacement bug when the same vaulted block appears twice in a file --- vault2vault.py | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/vault2vault.py b/vault2vault.py index 788ac8c..a3c8823 100644 --- a/vault2vault.py +++ b/vault2vault.py @@ -10,8 +10,6 @@ from typing import Any from typing import Iterable from typing import List from typing import Optional -from typing import Tuple -from typing import Union import ruamel.yaml @@ -79,7 +77,9 @@ def _process_file( # pylint: disable=too-many-statements logger.debug(f"Processing file {path}") - def _process_yaml_data(content: bytes, data: Any, ignore: bool, name: str = ""): + def _process_yaml_data( # pylint: disable=too-many-locals + content: bytes, data: Any, ignore: bool, name: str = "" + ): if isinstance(data, dict): for key, value in data.items(): content = _process_yaml_data( @@ -182,9 +182,13 @@ def _process_file( # pylint: disable=too-many-statements ] ) - # 5. Finally, we actually replace the content. We also need to re-encode it back to bytes - # because all file operations with vault are done in bytes mode - content = content_decoded.replace(padded_old_data, padded_new_data).encode() + # 5. Finally, we actually replace the content. This needs to have a count=1 so that if the same + # encrypted block appears twice in the same file we only replace the first occurance of it, + # otherwise the later replacement attempts will fail. We also need to re-encode it back to + # bytes because all file operations with vault are done in bytes mode + content = content_decoded.replace( + padded_old_data, padded_new_data, 1 + ).encode() return content with path.open("rb") as infile: