winrm sessions failing with complex passwords.

pytest-dev / pytest-testinfra

Testinfra test your infrastructures

https://testinfra.readthedocs.io

Apache License 2.0

2.34k stars 356 forks source link

winrm sessions failing with complex passwords. #599

Open arnav-bnrj opened 3 years ago

arnav-bnrj commented 3 years ago

Firstly, apologies if this is not the correct way to do this. I am new to GitHub and haven't contributed to anything before. The code section concerned: https://github.com/pytest-dev/pytest-testinfra/blob/d40f6efff10a24c5f887dfb0caab390ef590e1a4/testinfra/backend/base.py#L208

Since it is hard-coded to look for '@' character in the host value if you were to enter a host with password: Abc@123@cdf, it fails to identify the password. Let me know if I need to provide more info on this.

Regards.

arnav-bnrj commented 3 years ago

Update: I corrected the problem by making changes to base.py file: Previously:

 if '@' in name:
            user, name = name.split('@', 1)
            if ':' in user:
                user, password = user.split(':', 1)

My modification:

if '@' in name:
            user, name = name.rsplit('@', 1)
            if ':' in user:
                user, password = user.split(':', 1)

Reason: the structure is supposed to be user:password@host -- rightmost is hostname string in the list is the hostname.
Let me know if this sounds fair, although, it worked for me.

philpep commented 3 years ago

Hi, indeed this is problematic (also with the : char). I think the correct way to handle this is to url encode these characters, and properly parse "$user:$pass@host" string with https://docs.python.org/3/library/urllib.parse.html

However I'm fine with your suggestion until someone (or I) have time to code the proper fix.

arnav-bnrj commented 3 years ago

Hi @philpep ,

Thanks for the quick response. I can see your approach, too. As for ":", this is quite an interesting piece as I don't expect a problem with it. This is where rsplit and split work. Assuming: username: "alpha" and password: "bet@:". The structure becomes alpha:bet@:@hostname. So, rsplit splitting from right, gets "alpha:bet@:". Then when split is applied it does split from left, as long as a username doesn't have ":", it won't split the password. And I think ":" and "@" are not allowed in the username for any system. This is possibly the quickest fix. But I expect problems with "\" unless properly fixed in code. Just wanted to bring it to your attention so we can have a more awesome and improved tool! BTW, just to mention you guys are awesome! I needed to properly test it before using it in my company environment, so hopefully, I am helping the cause. :+1:

Regards, Arnav.