YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add the -F flag to prevent grep from using the user password as a regex pattern

Browse source
This commit is contained in:
Saxodwarf 2021-01-10 12:09:04 +01:00
parent 807b577cf2
commit bca527aca5
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/yunohost/utils/password.py
View file

@ -171,7 +171,7 @@ class PasswordValidator(object):
# Grep the password in the file # Grep the password in the file
# We use '-f -' to feed the pattern (= the password) through # We use '-f -' to feed the pattern (= the password) through
# stdin to avoid it being shown in ps -ef --forest... # stdin to avoid it being shown in ps -ef --forest...
command = "grep -q -f - %s" % MOST_USED_PASSWORDS command = "grep -q -F -f - %s" % MOST_USED_PASSWORDS
p = subprocess.Popen(command.split(), stdin=subprocess.PIPE) p = subprocess.Popen(command.split(), stdin=subprocess.PIPE)
p.communicate(input=password) p.communicate(input=password)
return not bool(p.returncode) return not bool(p.returncode)