cmd/obscure: Allow obscure command to accept password on STDIN
`rclone obscure` currently only accepts a command line argument of `password` to generate an obfuscated password. This is an issue since generating obfuscated passwords programatically requires sending the plain text password as a shell argument, which can cause problems if the password contains shell characters, or if the password is from an untrusted source. This patch opens up STDIN which will allow developers to open the STDIN source and print a password directly to `rclone obscure`, which can increase safety and convenince.
This commit is contained in:
parent
a2afa9aadd
commit
49cf2eb7e4
1 changed files with 20 additions and 1 deletions
|
@ -3,6 +3,9 @@ package obscure
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
|
"io/ioutil"
|
||||||
|
"os"
|
||||||
|
|
||||||
"github.com/rclone/rclone/cmd"
|
"github.com/rclone/rclone/cmd"
|
||||||
"github.com/rclone/rclone/fs/config/obscure"
|
"github.com/rclone/rclone/fs/config/obscure"
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
|
@ -26,13 +29,29 @@ Many equally important things (like access tokens) are not obscured in
|
||||||
the config file. However it is very hard to shoulder surf a 64
|
the config file. However it is very hard to shoulder surf a 64
|
||||||
character hex token.
|
character hex token.
|
||||||
|
|
||||||
|
This command can also accept a password through STDIN instead of an
|
||||||
|
argument by passing a hyphen as an argument. Example:
|
||||||
|
|
||||||
|
echo "secretpassword" | rclone obscure -
|
||||||
|
|
||||||
|
If there is no data on STDIN to read, rclone obscure will default to
|
||||||
|
obfuscating the hyphen itself.
|
||||||
|
|
||||||
If you want to encrypt the config file then please use config file
|
If you want to encrypt the config file then please use config file
|
||||||
encryption - see [rclone config](/commands/rclone_config/) for more
|
encryption - see [rclone config](/commands/rclone_config/) for more
|
||||||
info.`,
|
info.`,
|
||||||
Run: func(command *cobra.Command, args []string) {
|
Run: func(command *cobra.Command, args []string) {
|
||||||
cmd.CheckArgs(1, 1, command, args)
|
cmd.CheckArgs(1, 1, command, args)
|
||||||
|
var password string
|
||||||
|
fi, _ := os.Stdin.Stat()
|
||||||
|
if args[0] == "-" && (fi.Mode()&os.ModeCharDevice) == 0 {
|
||||||
|
bytes, _ := ioutil.ReadAll(os.Stdin)
|
||||||
|
password = string(bytes)
|
||||||
|
} else {
|
||||||
|
password = args[0]
|
||||||
|
}
|
||||||
cmd.Run(false, false, command, func() error {
|
cmd.Run(false, false, command, func() error {
|
||||||
obscured := obscure.MustObscure(args[0])
|
obscured := obscure.MustObscure(password)
|
||||||
fmt.Println(obscured)
|
fmt.Println(obscured)
|
||||||
return nil
|
return nil
|
||||||
})
|
})
|
||||||
|
|
Loading…
Reference in a new issue