cvtsudoers outputs invalid JSON (duplicate sha256 key) · Issue #370 · sudo-project/sudo (original) (raw)

Using the following sudoers file in /etc/sudoers.d/test5:

Cmnd_Alias SH_TEST = sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=, \
sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= /bin/sh
Cmnd_Alias EDIT = sudoedit /etc/motd

Using the command:

cvtsudoers --defaults=all --output-format=JSON --input-format=SUDOERS --output=- /etc/sudoers.d/test5

We get the following invalid JSON output:

{ "Command_Aliases": { "EDIT": [ { "command": "sudoedit /etc/motd" } ], "SH_TEST": [ { "command": "/bin/sh", "sha256": "hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=", "sha256": "1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4=" } ] } }

The issue here is the duplicated sha256 key in the dict/hash. Potential results of parsing this with various library are:

• parsing exception outright ("duplicated key")
• loss of the first sha256 sum (the last one simply overwriting the first one)

Instead, it should probably output this:

{ "Command_Aliases": { "EDIT": [ { "command": "sudoedit /etc/motd" } ], "SH_TEST": [ { "command": "/bin/sh", "sha256": [ "hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=", "1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4=" ] } ] } }

I haven't tested other checksums, but the rest of them probably have the same issue.