[PATCH] show, insert: handle password with empty name

Rémi Lapeyre remi.lapeyre at henki.fr
Fri Jul 12 16:45:17 CEST 2019


Saving a password with an empty name could happen (by doing `pass insert
"$passname"` for example) and would break `pass show` as it would show
this passworld instead of listing them all. This behavior would break
some third party integrations like passff.

This changes both `pass insert` to require the --force flag when writing
such a password and fix `pass show` to list the passwords (note that
the empty password won't show up as its file will be ".gpg" and be
hidden).
---
 src/password-store.sh       | 3 ++-
 tests/t0020-show-tests.sh   | 7 +++++++
 tests/t0100-insert-tests.sh | 5 +++++
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/password-store.sh b/src/password-store.sh
index b99460c..b46d692 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -379,7 +379,7 @@ cmd_show() {
 	local path="$1"
 	local passfile="$PREFIX/$path.gpg"
 	check_sneaky_paths "$path"
-	if [[ -f $passfile ]]; then
+	if [[ -f $passfile && ! -z "$path" ]]; then
 		if [[ $clip -eq 0 && $qrcode -eq 0 ]]; then
 			pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | $BASE64)" || exit $?
 			echo "$pass" | $BASE64 -d
@@ -444,6 +444,7 @@ cmd_insert() {
 
 	[[ $err -ne 0 || ( $multiline -eq 1 && $noecho -eq 0 ) || $# -ne 1 ]] && die "Usage: $PROGRAM $COMMAND [--echo,-e | --multiline,-m] [--force,-f] pass-name"
 	local path="${1%/}"
+	[[ -z "$path" && $force -eq 0 ]] && die "Refusing to insert a password with an empty name. Use -f or --force to force it."
 	local passfile="$PREFIX/$path.gpg"
 	check_sneaky_paths "$path"
 	set_git "$passfile"
diff --git a/tests/t0020-show-tests.sh b/tests/t0020-show-tests.sh
index a4b782f..3acdc39 100755
--- a/tests/t0020-show-tests.sh
+++ b/tests/t0020-show-tests.sh
@@ -15,6 +15,13 @@ test_expect_success 'Test "show" command with spaces' '
 	[[ $("$PASS" show "I am a cred with lots of spaces") == "BLAH!!" ]]
 '
 
+test_expect_success 'Test "show" with empty file' '
+	mv "$PASSWORD_STORE_DIR"{cred1.gpg,.gpg}
+	"$PASS" show
+	[[ $("$PASS" show) == "Password Store
+\`-- I\\ am\\ a\\ cred\\ with\\ lots\\ of\\ spaces" ]]
+'
+
 test_expect_success 'Test "show" of nonexistant password' '
 	test_must_fail "$PASS" show cred2
 '
diff --git a/tests/t0100-insert-tests.sh b/tests/t0100-insert-tests.sh
index d8101ab..3bfc482 100755
--- a/tests/t0100-insert-tests.sh
+++ b/tests/t0100-insert-tests.sh
@@ -10,4 +10,9 @@ test_expect_success 'Test "insert" command' '
 	[[ $("$PASS" show cred1) == "Hello world" ]]
 '
 
+test_expect_success 'Test insert empty password' '
+	echo "Hello world" | "$PASS"  insert -e ""
+	[[ $? == 1 ]]
+'
+
 test_done
-- 
2.22.0



More information about the Password-Store mailing list