Allows Pext to do password management through pass
License: GNU General Public License v3.0
This module allows Pext to be used as a front-end to the command-line password manager pass.
GPLv3+.
Special thanks to HaveIBeenPwned for providing a list of breaches. This has been retrieved from https://haveibeenpwned.com/api/v2/breaches.
![dependabot-preview[bot] avatar](https://avatars.githubusercontent.com/in/2141?v=4 "dependabot-preview[bot]")
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Traceback (most recent call last):
File "pext/__main__.py", line 442, in <lambda>
lambda userinput: tab['vm'].module.process_response(userinput))
File "/home/sylvia/.config/pext/modules/pext_module_pass/__init__.py", line 255, in process_response
self._run_command([self.proc['command']] + response.split(" "))
KeyError: 'command'
Dependabot couldn't authenticate with https://pypi.python.org/simple/.
You can provide authentication details in your Dependabot dashboard by clicking into the account menu (in the top right) and selecting 'Config variables'.
The pass module currently depends on the pass shell script, which isn't portable to Windows. It should be rewritten to directly do GPG operations. As a bonus, this should remove any dependencies that need to be manually installed on Linux and macOS too.
Vulnerable Library - PyYAML-3.13.tar.gzYAML parser and emitter for Python
path: /tmp/git/pext_module_pass/requirements.txt
Library home page: https://files.pythonhosted.org/packages/9e/a3/1d13970c3f36777c583f136c136f804d70f500168edc1edea6daa7200769/PyYAML-3.13.tar.gz
Dependency Hierarchy:
Vulnerability Details
In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used.
Publish Date: 2018-06-27
URL: CVE-2017-18342
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Change files
Origin: yaml/pyyaml@ccc40f3
Release Date: 2018-06-30
Fix Resolution: Replace or update the following files: cyaml.py, test_recursive.py, dumper.py, test_constructor.py, __init__.py, cyaml.py, loader.py, dumper.py, test_constructor.py, __init__.py, loader.py, test_recursive.py
Step up your Open Source Security Game with WhiteSource here
Copying GitLab's key as-in without removing spaces:
Exception in thread Thread-34:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.6_1/Frameworks/Python.framework/Versions/3.7/lib/python3.7/threading.py", line 926, in _bootstrap_inner
self.run()
File "/usr/local/Cellar/python/3.7.6_1/Frameworks/Python.framework/Versions/3.7/lib/python3.7/threading.py", line 870, in run
self._target(*self._args, **self._kwargs)
File "/Users/sylviavanos/.config/pext/modules/pext_module_pass/__init__.py", line 499, in _display_results
otp_code = otp.now()
File "/usr/local/lib/python3.7/site-packages/pyotp/totp.py", line 44, in now
return self.generate_otp(self.timecode(datetime.datetime.now()))
File "/usr/local/lib/python3.7/site-packages/pyotp/otp.py", line 45, in generate_otp
hasher = hmac.new(self.byte_secret(), self.int_to_bytestring(input), self.digest)
File "/usr/local/lib/python3.7/site-packages/pyotp/otp.py", line 62, in byte_secret
return base64.b32decode(self.secret, casefold=True)
File "/usr/local/Cellar/python/3.7.6_1/Frameworks/Python.framework/Versions/3.7/lib/python3.7/base64.py", line 231, in b32decode
raise binascii.Error('Non-base32 digit found') from None
binascii.Error: Non-base32 digit found
Also, when scanning the screen, the code doesn't seem to get added at all?!
Describe the bug
Loading the module fails with a missing dependency.
Using locale: en_US (system locale)
Localization loaded: True
Object pext_module_launcher has no metadata_en_US.json file
Object pext_module_emoji has no metadata_en_US.json file
Object pext_theme_lunar has no metadata_en_US.json file
Object pext_module_emoji has no metadata_en_US.json file
WARN: Module Emoji uses old process_response signature and will not be able to receive an identifier if requested
Enumerating objects: 290, done.
Counting objects: 100% (290/290), done.
Compressing objects: 100% (165/165), done.
Total 2236 (delta 141), reused 204 (delta 82), pack-reused 1946
Running command git clone -q https://github.com/TheLastProject/pyotp /tmp/pip-install-0z2owq6w/pyotp
Running command git checkout -q 5d7bf9d10e3bdef8c93917c1f4f5ffcf799a671e
Object pext_module_launcher has no metadata_en_US.json file
Object pext_module_emoji has no metadata_en_US.json file
Object pext_module_pass has no metadata_en_US.json file
Object pext_module_pass has no metadata_en_US.json file
Password Store
No module named 'PIL'
Traceback (most recent call last):
File "/tmp/.mount_Pext-0fs3Xf9/usr/conda/lib/python3.6/site-packages/pext/**main**.py", line 1250, in load
module_import = **import**(module['metadata']['id'].replace('.', '_'), fromlist=['Module'])
File "/home/kouk/.config/pext/modules/pext_module_pass/**init**.py", line 38, in <module>
import pyscreenshot
File "/home/kouk/.config/pext/module_dependencies/pext_module_pass/pyscreenshot/**init**.py", line 4, in <module>
from pyscreenshot.childproc import childprocess_backend_version, childprocess_grab
File "/home/kouk/.config/pext/module_dependencies/pext_module_pass/pyscreenshot/childproc.py", line 4, in <module>
from pyscreenshot.imcodec import codec
File "/home/kouk/.config/pext/module_dependencies/pext_module_pass/pyscreenshot/imcodec.py", line 3, in <module>
from PIL import Image
ModuleNotFoundError: No module named 'PIL'
Desktop (please complete the following information):
Additional context
As reported by @kouk, thank you!
Happened on macOS. It was scanned and detected. But the password file itself didn't seem to contain the new OTP QR code.
The file notification watch for the ~/.password-store folder is triggered for the .git files, so until the module is reloaded / passwords are listed, files like .git/index and the like show up at the top
Edit other fields -> Emptying input -> Save -> Dialog reopens with old input
This probably happens in several places. Empty string could occasionally be valid input. Need to check this properly in all the process_response code.
Module version gd9814a4
Pext v0.30-20-g0856c9d on linux
Traceback (most recent call last):
File "pext/__main__.py", line 1794, in run
threading.Thread.run(self)
File "/usr/lib64/python3.7/threading.py", line 870, in run
self._target(*self._args, **self._kwargs)
File "/home/sylvia/.config/pext/modules/pext_module_pass/__init__.py", line 63, in init
self.password_store = pypass.PasswordStore(self.data_location)
File "/home/sylvia/.local/lib/python3.7/site-packages/pypass/passwordstore.py", line 64, in __init__
raise Exception("could not find .gpg-id file")
Exception: could not find .gpg-id file
Like, whaaaat?
Trying to load the pass module. On clicking "OK", nothing in the pext window changes and this message is printed into the terminal:
WARN: Module pass uses old process_response signature and will not be able to receive an identifier if requested
WARN: Module pass caused exception 'Module' object has no attribute 'observer' on unload
Traceback (most recent call last):
File "/usr/lib64/python3.5/site-packages/pext/__main__.py", line 1087, in unload_module
window.tab_bindings[tab_id]['module'].stop()
File "/home/me/.config/pext/modules/pext_module_pass/__init__.py", line 253, in stop
self.observer.stop()
AttributeError: 'Module' object has no attribute 'observer'
file:///usr/lib64/python3.5/site-packages/pext/qml/ModuleData.qml:27: TypeError: Cannot read property of null
Traceback (most recent call last):
File "/usr/lib64/python3.5/site-packages/pext/__main__.py", line 1377, in run
threading.Thread.run(self)
File "/usr/lib64/python3.5/threading.py", line 862, in run
self._target(*self._args, **self._kwargs)
File "/home/me/.config/pext/modules/pext_module_pass/__init__.py", line 39, in init
lang = gettext.translation('pext_module_pass', localedir=os.path.join(os.path.dirname(os.path.abspath(__file__)), 'locale'), languages=[settings['_locale']])
File "/usr/lib64/python3.5/gettext.py", line 510, in translation
mofiles = find(domain, localedir, languages, all=True)
File "/usr/lib64/python3.5/gettext.py", line 482, in find
for nelang in _expand_lang(lang):
File "/usr/lib64/python3.5/gettext.py", line 206, in _expand_lang
loc = locale.normalize(loc)
File "/usr/lib64/python3.5/locale.py", line 392, in normalize
code = localename.lower()
AttributeError: 'NoneType' object has no attribute 'lower'
Tested with LC_ALL=en_GB.utf8 and LC_ALL=nl_NL.utf8, both have the same results.
Running on Gentoo with PYTHON_SINGLE_TARGET="python3_5" PYTHON_TARGETS="python2_7 python3_5 python3_6":
dev-python/dulwich-0.18.5::gentoo
dev-python/pip-9.0.1-r1::gentoo
dev-python/PyQt5-5.7.1::gentoo
dev-qt/qtquickcontrols-5.7.1:5/5.7::gentoo
app-admin/pass-1.7.1::gentoo
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.