aboutsummaryrefslogtreecommitdiffstats
path: root/lclipd.lua
diff options
context:
space:
mode:
authorterminaldweller <thabogre@gmail.com>2023-03-09 15:10:24 +0000
committerterminaldweller <thabogre@gmail.com>2023-03-09 15:10:24 +0000
commit78e617bf7ca44843dffabfe78ab5b284d1602198 (patch)
treee986fbf79d922b19c0a42143fc6381c84d9887b3 /lclipd.lua
parentdetect-secrets support (diff)
downloadlclip-78e617bf7ca44843dffabfe78ab5b284d1602198.tar.gz
lclip-78e617bf7ca44843dffabfe78ab5b284d1602198.zip
properly escaped the string to pass to detect-secrets
Diffstat (limited to 'lclipd.lua')
-rwxr-xr-xlclipd.lua13
1 files changed, 9 insertions, 4 deletions
diff --git a/lclipd.lua b/lclipd.lua
index 28a7b37..49a00bf 100755
--- a/lclipd.lua
+++ b/lclipd.lua
@@ -88,6 +88,12 @@ local sql_insert = [=[
insert into lclipd(content,dateAdded) values('XXX', unixepoch());
]=]
+local detect_secrets_cmd = [=[
+detect-secrets scan --string <<- STR
+XXX
+STR | grep -v False
+]=]
+
local tmp_dir = "/tmp/lclipd"
local pid_file = "/tmp/lclipd/lclipd.pid"
local db_file_name = "/tmp/lclipd/lclipd_db_name"
@@ -188,6 +194,7 @@ end
--- Runs secret detection tests
-- returns true if the string is not a secret
local function detect_secrets(clipboard_content)
+ if clipboard_content == nil or clipboard_content == "" then return false end
local pipe_read, pipe_write = unistd.pipe()
if pipe_read == nil then
log_to_syslog("could not create pipe", posix_syslog.LOG_CRIT)
@@ -205,10 +212,8 @@ local function detect_secrets(clipboard_content)
lclip_exit(1)
elseif pid == 0 then -- child
unistd.close(pipe_read)
- local _, secrets_baseline_handle = pcall(io.popen,
- "detect-secrets scan --string " ..
- clipboard_content ..
- "| grep -v False")
+ local cmd = detect_secrets_cmd:gsub("XXX", clipboard_content)
+ local _, secrets_baseline_handle = pcall(io.popen, cmd)
local secrets_baseline = secrets_baseline_handle:read("*a")
if secrets_baseline == "" then
unistd.write(pipe_write, "1")