bruno/Tools
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

gen-password: fix unsanitized strings for yad

Browse Source
This commit is contained in:
Bruno Raoult
2022-08-10 22:08:29 +02:00
parent 32032d956f
commit 66fb96a7c8
1 changed files with 21 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
bash/gen-password.sh
View File

@@ -210,11 +210,25 @@ check_dict() {
return 0 return 0
} }
# sanitize() - sanitize string for HTML characters
# $1: string to cleanup
#
# @return: 0, $1 will contain the sanitized string
sanitize() {
local str="$1"
str=${str//&/&}
str=${str//</&lt;}
str=${str//>/&gt;}
str=${str//'"'/&quot;}
log "sanitized string: '%s' -> '%s'" "$1" "$str"
printf -- "%str" "$str"
}
# srandom() - use RANDOM to simulate SRANDOM # srandom() - use RANDOM to simulate SRANDOM
# $1: Reference of variable to hold result # $1: Reference of variable to hold result
# #
# Note: RANDOM is 15 bits, SRANDOM is 15 bits. # Note: RANDOM is 15 bits, SRANDOM is 32 bits.
# #
# @return: 0, $1 will contain the 32 bits random number # @return: 0, $1 will contain the 32 bits random number
srandom() { srandom() {
@@ -305,12 +319,12 @@ rnd_charset() {
local charset="$1" ret="" local charset="$1" ret=""
local -i len=$2 _i local -i len=$2 _i
log "rnd_charset: %d from '%s'" "$len" "$charset" #log "rnd_charset: %d from '%s'" "$len" "$charset"
for ((_i=0; _i<len; ++_i)); do for ((_i=0; _i<len; ++_i)); do
ret+=${charset:$(rnd ${#charset}):1} ret+=${charset:$(rnd ${#charset}):1}
done done
log "rnd_charset: return '%s'" "$ret" #log "rnd_charset: return '%s'" "$ret"
printf "%s" "$ret" printf "%s" "$ret"
} }
@@ -446,6 +460,7 @@ pwd_string() {
log "" log ""
log "string before shuffle : %s" "$str" log "string before shuffle : %s" "$str"
str="$(shuffle "$str")" str="$(shuffle "$str")"
log "string after shuffle : %s" "$str"
# cut string if too long (may happen if too many mandatory chars) # cut string if too long (may happen if too many mandatory chars)
(( ${#str} > n)) && log "truncating '%s' to '%s'" "$str" "${str:0:n}" (( ${#str} > n)) && log "truncating '%s' to '%s'" "$str" "${str:0:n}"
printf "%s" "${str:0:n}" printf "%s" "${str:0:n}"
@@ -473,11 +488,12 @@ print_command() {
# @return: 0 # @return: 0
gui_passwd() { gui_passwd() {
local -a _command=("$@") local -a _command=("$@")
local passwd="" res=0 local passwd="" res=0 sane=""
while while
passwd=$("${_command[@]}") passwd=$("${_command[@]}")
yad --title="Password Generator" --text-align=center --text="$passwd" \ sane=$(sanitize "$passwd")
yad --title="Password Generator" --text-align=center --text="$sane" \
--borders=20 --button=gtk-copy:0 --button=gtk-refresh:1 \ --borders=20 --button=gtk-copy:0 --button=gtk-refresh:1 \
--button=gtk-ok:252 --window-icon=dialog-password --button=gtk-ok:252 --window-icon=dialog-password
res=$? res=$?