extern/rclone
1
0
Fork 0
mirror of https://github.com/rclone/rclone.git synced 2024-11-22 16:34:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
49cf2eb7e4
rclone/cmd/obscure/obscure.go
David Ibarra 49cf2eb7e4 cmd/obscure: Allow obscure command to accept password on STDIN 
`rclone obscure` currently only accepts a command line argument of `password` to generate
an obfuscated password. This is an issue since generating obfuscated passwords programatically
requires sending the plain text password as a shell argument, which can cause problems if the
password contains shell characters, or if the password is from an untrusted source.

This patch opens up STDIN which will allow developers to open the STDIN source and print a password
directly to `rclone obscure`, which can increase safety and convenince.
2020-08-02 11:32:47 +01:00

60 lines
1.7 KiB
Go
Raw Blame History

package obscure
import (
"fmt"
"io/ioutil"
"os"
"github.com/rclone/rclone/cmd"
"github.com/rclone/rclone/fs/config/obscure"
"github.com/spf13/cobra"
)
func init() {
cmd.Root.AddCommand(commandDefinition)
}
var commandDefinition = &cobra.Command{
Use: "obscure password",
Short: `Obscure password for use in the rclone config file`,
Long: `In the rclone config file, human readable passwords are
obscured. Obscuring them is done by encrypting them and writing them
out in base64. This is **not** a secure way of encrypting these
passwords as rclone can decrypt them - it is to prevent "eyedropping"
- namely someone seeing a password in the rclone config file by
accident.
Many equally important things (like access tokens) are not obscured in
the config file. However it is very hard to shoulder surf a 64
character hex token.
This command can also accept a password through STDIN instead of an
argument by passing a hyphen as an argument. Example:
echo "secretpassword" | rclone obscure -
If there is no data on STDIN to read, rclone obscure will default to
obfuscating the hyphen itself.
If you want to encrypt the config file then please use config file
encryption - see [rclone config](/commands/rclone_config/) for more
info.`,
Run: func(command *cobra.Command, args []string) {
cmd.CheckArgs(1, 1, command, args)
var password string
fi, _ := os.Stdin.Stat()
if args[0] == "-" && (fi.Mode()&os.ModeCharDevice) == 0 {
bytes, _ := ioutil.ReadAll(os.Stdin)
password = string(bytes)
} else {
password = args[0]
}
cmd.Run(false, false, command, func() error {
obscured := obscure.MustObscure(password)
fmt.Println(obscured)
return nil
})
},
}
Reference in New Issue View Git Blame Copy Permalink