Merge pull request #53141 from Ch3LL/shadow_fed_fix

Check for all non-word characters when calling secure_password

salt/utils/pycrypto.py

@@ -54,7 +54,7 @@ def secure_password(length=20, use_random=True):
                     except UnicodeDecodeError:
                         continue
                 pw += re.sub(
-                    salt.utils.stringutils.to_str(r'\W'),
+                    salt.utils.stringutils.to_str(r'[\W_]'),
                     str(),  # future lint: disable=blacklisted-function
                     char
                 )

tests/unit/utils/test_pycrypto.py

@@ -0,0 +1,43 @@
+# -*- coding: utf-8 -*-
+
+# Import python libs
+from __future__ import absolute_import, print_function, unicode_literals
+import logging
+import re
+
+# Import Salt Libs
+import salt.utils.pycrypto
+
+# Import Salt Testing Libs
+from tests.support.unit import TestCase
+
+log = logging.getLogger(__name__)
+
+
+class PycryptoTestCase(TestCase):
+    '''
+    TestCase for salt.utils.pycrypto module
+    '''
+
+    def test_gen_hash(self):
+        '''
+        Test gen_hash
+        '''
+        passwd = 'test_password'
+        ret = salt.utils.pycrypto.gen_hash(password=passwd)
+        self.assertTrue(ret.startswith('$6$'))
+
+        ret = salt.utils.pycrypto.gen_hash(password=passwd, algorithm='md5')
+        self.assertTrue(ret.startswith('$1$'))
+
+        ret = salt.utils.pycrypto.gen_hash(password=passwd, algorithm='sha256')
+        self.assertTrue(ret.startswith('$5$'))
+
+    def test_secure_password(self):
+        '''
+        test secure_password
+        '''
+        ret = salt.utils.pycrypto.secure_password()
+        check = re.compile(r'[!@#$%^&*()_=+]')
+        assert check.search(ret) is None
+        assert ret