Skip to content
This repository has been archived by the owner on Aug 19, 2023. It is now read-only.

Commit

Permalink
Stop using shell in subprocess calls (#6)
Browse files Browse the repository at this point in the history
* restrict access to temp directory and files, and add optional --cache CLI arg to pass down to op

* stop using shell=True when calling subprocess
  • Loading branch information
verterok authored May 3, 2022
1 parent 3be1119 commit 63afed9
Showing 1 changed file with 26 additions and 18 deletions.
44 changes: 26 additions & 18 deletions qute_1pass.py
Original file line number Diff line number Diff line change
Expand Up @@ -23,16 +23,16 @@
LAST_ITEM_DURATION = timedelta(seconds=10)

OP_SUBDOMAIN = "my"
CMD_PASSWORD_PROMPT = (
"rofi -password -dmenu -p 'Vault Password' -l 0 -sidebar -width 20"
)
CMD_ITEM_SELECT = "echo -e '{items}' | rofi -dmenu -p 'Select login'"
CMD_LIST_PROMPT = "echo {items} | rofi -dmenu"
CMD_PASSWORD_PROMPT = [
"rofi", "-password", "-dmenu", "-p", "Vault Password", "-l", "0", "-sidebar", "-width", "20"
]
CMD_LIST_PROMPT = ["rofi", "-dmenu"]
CMD_ITEM_SELECT = CMD_LIST_PROMPT + ["-p", "Select login"]

CMD_OP_LOGIN = "echo -n '{password}' | op signin {subdomain} --output=raw"
CMD_OP_LIST_ITEMS = "op list items --categories Login --session={session_id}"
CMD_OP_GET_ITEM = "op get item {uuid} --session={session_id}"
CMD_OP_GET_TOTP = "op get totp {uuid} --session={session_id}"
CMD_OP_LOGIN = ["op", "signin", "--output=raw"]
CMD_OP_LIST_ITEMS = "op list items --categories Login --session {session_id}"
CMD_OP_GET_ITEM = "op get item --session {session_id} {uuid}"
CMD_OP_GET_TOTP = "op get totp --session {session_id} {uuid}"

QUTE_FIFO = os.environ["QUTE_FIFO"]

Expand Down Expand Up @@ -116,7 +116,7 @@ class ExecuteError(Exception):

def execute_command(command):
"""Executes a command, mainly used to launch commands for user input and the op cli"""
result = subprocess.run(command, shell=True, capture_output=True, encoding="utf-8")
result = subprocess.run(command, capture_output=True, encoding="utf-8")

if result.returncode != 0:
logger.error(result.stderr)
Expand All @@ -125,6 +125,14 @@ def execute_command(command):
return result.stdout.strip()


def pipe_commands(cmd1, cmd2):
p1 = subprocess.Popen(cmd1, stdout=subprocess.PIPE)
p2 = subprocess.Popen(cmd2, stdin=p1.stdout, stdout=subprocess.PIPE)
p1.stdout.close()

return p2.communicate()[0].decode("utf-8").strip()


def extract_host(url):
"""Extracts the host from a given URL"""
_, host, *_ = urlsplit(url)
Expand All @@ -143,9 +151,9 @@ def login(cls):
sys.exit(0)

try:
session_id = execute_command(
CMD_OP_LOGIN.format(password=password, subdomain=OP_SUBDOMAIN)
)
session_id = pipe_commands(
["echo", "-n", password],
CMD_OP_LOGIN + [OP_SUBDOMAIN])
except ExecuteError:
Qute.message_error("Login error")
sys.exit(0)
Expand Down Expand Up @@ -177,7 +185,7 @@ def get_session(cls):
@classmethod
def list_items(cls):
session_id = cls.get_session()
result = execute_command(CMD_OP_LIST_ITEMS.format(session_id=session_id))
result = execute_command(CMD_OP_LIST_ITEMS.format(session_id=session_id).split())
parsed = json.loads(result)
return parsed

Expand All @@ -186,7 +194,7 @@ def get_item(cls, uuid):
session_id = cls.get_session()
try:
result = execute_command(
CMD_OP_GET_ITEM.format(uuid=uuid, session_id=session_id)
CMD_OP_GET_ITEM.format(uuid=uuid, session_id=session_id).split()
)
except ExecuteError:
logger.error("Error retrieving credential", exc_info=True)
Expand Down Expand Up @@ -215,8 +223,8 @@ def filter_host(item):
raise cls.NoItemsFoundError(f"No items found for host {host}")

try:
credential = execute_command(
CMD_ITEM_SELECT.format(items="\n".join(mapping.keys()))
credential = pipe_commands(
["echo", "\n".join(mapping.keys())], CMD_ITEM_SELECT
)
except ExecuteError:
pass
Expand Down Expand Up @@ -251,7 +259,7 @@ def get_totp(cls, uuid):
session_id = cls.get_session()
try:
return execute_command(
CMD_OP_GET_TOTP.format(uuid=uuid, session_id=session_id)
CMD_OP_GET_TOTP.format(uuid=uuid, session_id=session_id).split()
)
except ExecuteError:
logger.error("Error retrieving TOTP", exc_info=True)
Expand Down

0 comments on commit 63afed9

Please sign in to comment.