cvtsudoers outputs invalid JSON (duplicate sha256 key)

[es-fabricemarie]

Using the following sudoers file in /etc/sudoers.d/test5:

Cmnd_Alias SH_TEST = sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=, \
sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= /bin/sh
Cmnd_Alias EDIT = sudoedit /etc/motd

Using the command:

cvtsudoers --defaults=all --output-format=JSON --input-format=SUDOERS --output=- /etc/sudoers.d/test5

We get the following invalid JSON output:

{
    "Command_Aliases": {
        "EDIT": [
            { "command": "sudoedit /etc/motd" }
        ],
        "SH_TEST": [
            {
                "command": "/bin/sh",
                "sha256": "hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=",
                "sha256": "1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4="
            }
        ]
    }
}

The issue here is the duplicated sha256 key in the dict/hash. Potential results of parsing this with various library are:

• parsing exception outright ("duplicated key")
• loss of the first sha256 sum (the last one simply overwriting the first one)

Instead, it should probably output this:

{
    "Command_Aliases": {
        "EDIT": [
            { "command": "sudoedit /etc/motd" }
        ],
        "SH_TEST": [
            {
                "command": "/bin/sh",
                "sha256": [
                    "hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=",
                    "1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4="
                ]
            }
        ]
    }
}

I haven't tested other checksums, but the rest of them probably have the same issue.

[millert]

Yes, that makes sense. I've made that change in c429220. This no longer preserves the order of the digests but I don't think that is a problem as the order doesn't really matter.