Gopass: YAML support bad behavior

Created on 10 Dec 2017  路  2Comments  路  Source: gopasspw/gopass

Hi,
I use gopass for a couple of month because I found the YAML support very interesting.
However, I find that it's behavior is getting worse
These points have certainly been chosen and reflected but I do not find them justified :

PROBLEMS (from my point of view)

1rst, addition of characters to the secret

ACTION
saving YAML (without secret on first line, because i don't need it)
gopass edit path/secret

key_one: value_one
key_two: value_two

RESULT
when showing the secret, it has change from my original......
gopass path/secret

---  <-----------------------------------this
---
key_one: value_one
key_two: value_two

2nd, line re-order

(guess this one is due to the YAML plugin)
ACTION
saving YAML (still without secret)
gopass edit path/secret

z_is_at_first: value_of_z
a_is_at_second: value_of_a

RESULT
when showing the secret, it has change from my original......
gopass path/secret

--- <-----------------------------------still this
---
a_is_at_second: value_of_a <------------and this
z_is_at_first: value_of_z

(looks harmless, i just don't like that my secret are changed)

3rd, characters deletion......

ACTION
saving YAML (again without secret on first line, because that is my secret)
gopass edit path/secret

key_1: 'value_1'
key_2: 'value_2 '
key_3: ' value_3'
key_4: ' value_4 '
key_5: "value_5"
key_6: "value_6 "
key_7: " value_7"
key_8: " value_8 "

RESULT
when showing the secret, it has change from my original......
gopass path/secret

--- <-----------------------------------still this
---
key_1: value_1 <------------------------this
key_2: 'value_2 '
key_3: ' value_3'
key_4: ' value_4 '
key_5: value_5 <------------------------this
key_6: 'value_6 ' <---------------------this
key_7: ' value_7' <---------------------this
key_8: ' value_8 ' <--------------------this

here, quotes have disapears and double quotes have been change into quotes...

4th, important characters deletion......

ACTION
saving YAML (again without secret on first line, because that is my secret)
gopass edit path/secret

key1: 0123456789
key2: '0123456789'
key3: "0123456789"
0123456789_1: 0123456789
0123456789_2: '0123456789'
0123456789_3: "0123456789"
key4: 05
key5: 0
key6: 1
key7: 2
key8: 3
key9: 4
key10: 5
key11: 6
key12: 7
key13: 8
key14: 9

RESULT
when showing the secret, it has change from my original......
gopass path/secret

--- <-----------------------------------still this and
---
"0123456789_1": 1.2345679e+08 
"0123456789_2": "0123456789"
"0123456789_3": "0123456789"
key1: 1.2345679e+08
key2: "0123456789"
key3: "0123456789"                           _ _ 
key4: 5                                     | | |
key5: 0                                 __ _| | |
key6: 1                      __        / _` | | |
key7: 2                     / /_____  | (_| | | |
key8: 3                    / /______|  \__,_|_|_|
key9: 4                   ( ( ______   _   _     _     
key10: 5                   \ \______| | | | |   (_)    
key11: 6                    \_\       | |_| |__  _ ___ 
key12: 7                              | __| '_ \| / __|
key13: 8                              | |_| | | | \__ \
key14: 9                               \__|_| |_|_|___/

I must say here.... what the actual fuck happen to my secret..?
I notice this one saving a pinpad password

ADVICE

I could only advice you to considere a secret a secret: encrypt it without any modifications.
the gopass -c could copy the whole text if it starts with --- and behave like actual (copy only first line when it doesn't)

picture laedanrex

Most helpful comment

Thank you very much for your detailed bug report / advice.

What you are reporting is a mix of (small) bugs, how the YAML parser works and some oversight on my side.

  1. This is probably a bug (I think we already fixed that, maybe you're not running the latest version?)
  2. This is due to the YAML parser ordering the keys
  3. The YAML parser is removing unnecessary quotations here
  4. The YAML parser is parsing unquoted numbers as int (?), thus the leading zeros are removed

In the end most of these can probably easily fixed by implementing your advice, i.e. leaving the secret untouched. There are some corner cases we'll have to consider, but it should be possible to address most of these.

I definitely understand your point and we'll look into this.

picture dominikschulz on 10 Dec 2017
👍2

All 2 comments

Thank you very much for your detailed bug report / advice.

What you are reporting is a mix of (small) bugs, how the YAML parser works and some oversight on my side.

  1. This is probably a bug (I think we already fixed that, maybe you're not running the latest version?)
  2. This is due to the YAML parser ordering the keys
  3. The YAML parser is removing unnecessary quotations here
  4. The YAML parser is parsing unquoted numbers as int (?), thus the leading zeros are removed

In the end most of these can probably easily fixed by implementing your advice, i.e. leaving the secret untouched. There are some corner cases we'll have to consider, but it should be possible to address most of these.

I definitely understand your point and we'll look into this.

dominikschulz picture dominikschulz on 10 Dec 2017
👍2

Tried it, nice ! thx

laedanrex picture laedanrex on 12 Dec 2017
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Zamiell picture Zamiell  路  6Comments
gnosthi picture gnosthi  路  5Comments
jungle-boogie picture jungle-boogie  路  7Comments
petobens picture petobens  路  5Comments
prune998 picture prune998  路  6Comments