cmd/obscure: Allow obscure command to accept password on STDIN

`rclone obscure` currently only accepts a command line argument of `password` to generate
an obfuscated password. This is an issue since generating obfuscated passwords programatically
requires sending the plain text password as a shell argument, which can cause problems if the
password contains shell characters, or if the password is from an untrusted source.

This patch opens up STDIN which will allow developers to open the STDIN source and print a password
directly to `rclone obscure`, which can increase safety and convenince.
This commit is contained in:
David Ibarra 2020-07-30 21:32:28 -05:00 committed by Nick Craig-Wood
parent a2afa9aadd
commit 49cf2eb7e4

View File

@ -3,6 +3,9 @@ package obscure
import ( import (
"fmt" "fmt"
"io/ioutil"
"os"
"github.com/rclone/rclone/cmd" "github.com/rclone/rclone/cmd"
"github.com/rclone/rclone/fs/config/obscure" "github.com/rclone/rclone/fs/config/obscure"
"github.com/spf13/cobra" "github.com/spf13/cobra"
@ -26,13 +29,29 @@ Many equally important things (like access tokens) are not obscured in
the config file. However it is very hard to shoulder surf a 64 the config file. However it is very hard to shoulder surf a 64
character hex token. character hex token.
This command can also accept a password through STDIN instead of an
argument by passing a hyphen as an argument. Example:
echo "secretpassword" | rclone obscure -
If there is no data on STDIN to read, rclone obscure will default to
obfuscating the hyphen itself.
If you want to encrypt the config file then please use config file If you want to encrypt the config file then please use config file
encryption - see [rclone config](/commands/rclone_config/) for more encryption - see [rclone config](/commands/rclone_config/) for more
info.`, info.`,
Run: func(command *cobra.Command, args []string) { Run: func(command *cobra.Command, args []string) {
cmd.CheckArgs(1, 1, command, args) cmd.CheckArgs(1, 1, command, args)
var password string
fi, _ := os.Stdin.Stat()
if args[0] == "-" && (fi.Mode()&os.ModeCharDevice) == 0 {
bytes, _ := ioutil.ReadAll(os.Stdin)
password = string(bytes)
} else {
password = args[0]
}
cmd.Run(false, false, command, func() error { cmd.Run(false, false, command, func() error {
obscured := obscure.MustObscure(args[0]) obscured := obscure.MustObscure(password)
fmt.Println(obscured) fmt.Println(obscured)
return nil return nil
}) })