YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #1132 from Saxodwarf/fix-1435-pass-user-password-to-grep-as-raw-string

Browse source 
Add the -F flag to prevent grep from using the user password as a regex pattern
This commit is contained in:
Alexandre Aubin 2021-01-10 21:43:47 +01:00 committed by GitHub
commit adaf539e98
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/yunohost/utils/password.py
View file

@ -171,7 +171,7 @@ class PasswordValidator(object):
# Grep the password in the file
# We use '-f -' to feed the pattern (= the password) through
# stdin to avoid it being shown in ps -ef --forest...
command = "grep -q -f - %s" % MOST_USED_PASSWORDS
command = "grep -q -F -f - %s" % MOST_USED_PASSWORDS
p = subprocess.Popen(command.split(), stdin=subprocess.PIPE)
p.communicate(input=password)
return not bool(p.returncode)