diff options
| -rw-r--r-- | json.lua | 388 | ||||
| -rwxr-xr-x | lclipd.lua | 190 |
2 files changed, 531 insertions, 47 deletions
diff --git a/json.lua b/json.lua new file mode 100644 index 0000000..711ef78 --- /dev/null +++ b/json.lua @@ -0,0 +1,388 @@ +-- +-- json.lua +-- +-- Copyright (c) 2020 rxi +-- +-- Permission is hereby granted, free of charge, to any person obtaining a copy of +-- this software and associated documentation files (the "Software"), to deal in +-- the Software without restriction, including without limitation the rights to +-- use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies +-- of the Software, and to permit persons to whom the Software is furnished to do +-- so, subject to the following conditions: +-- +-- The above copyright notice and this permission notice shall be included in all +-- copies or substantial portions of the Software. +-- +-- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +-- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +-- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +-- AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +-- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +-- OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +-- SOFTWARE. +-- + +local json = { _version = "0.1.2" } + +------------------------------------------------------------------------------- +-- Encode +------------------------------------------------------------------------------- + +local encode + +local escape_char_map = { + [ "\\" ] = "\\", + [ "\"" ] = "\"", + [ "\b" ] = "b", + [ "\f" ] = "f", + [ "\n" ] = "n", + [ "\r" ] = "r", + [ "\t" ] = "t", +} + +local escape_char_map_inv = { [ "/" ] = "/" } +for k, v in pairs(escape_char_map) do + escape_char_map_inv[v] = k +end + + +local function escape_char(c) + return "\\" .. (escape_char_map[c] or string.format("u%04x", c:byte())) +end + + +local function encode_nil(val) + return "null" +end + + +local function encode_table(val, stack) + local res = {} + stack = stack or {} + + -- Circular reference? + if stack[val] then error("circular reference") end + + stack[val] = true + + if rawget(val, 1) ~= nil or next(val) == nil then + -- Treat as array -- check keys are valid and it is not sparse + local n = 0 + for k in pairs(val) do + if type(k) ~= "number" then + error("invalid table: mixed or invalid key types") + end + n = n + 1 + end + if n ~= #val then + error("invalid table: sparse array") + end + -- Encode + for i, v in ipairs(val) do + table.insert(res, encode(v, stack)) + end + stack[val] = nil + return "[" .. table.concat(res, ",") .. "]" + + else + -- Treat as an object + for k, v in pairs(val) do + if type(k) ~= "string" then + error("invalid table: mixed or invalid key types") + end + table.insert(res, encode(k, stack) .. ":" .. encode(v, stack)) + end + stack[val] = nil + return "{" .. table.concat(res, ",") .. "}" + end +end + + +local function encode_string(val) + return '"' .. val:gsub('[%z\1-\31\\"]', escape_char) .. '"' +end + + +local function encode_number(val) + -- Check for NaN, -inf and inf + if val ~= val or val <= -math.huge or val >= math.huge then + error("unexpected number value '" .. tostring(val) .. "'") + end + return string.format("%.14g", val) +end + + +local type_func_map = { + [ "nil" ] = encode_nil, + [ "table" ] = encode_table, + [ "string" ] = encode_string, + [ "number" ] = encode_number, + [ "boolean" ] = tostring, +} + + +encode = function(val, stack) + local t = type(val) + local f = type_func_map[t] + if f then + return f(val, stack) + end + error("unexpected type '" .. t .. "'") +end + + +function json.encode(val) + return ( encode(val) ) +end + + +------------------------------------------------------------------------------- +-- Decode +------------------------------------------------------------------------------- + +local parse + +local function create_set(...) + local res = {} + for i = 1, select("#", ...) do + res[ select(i, ...) ] = true + end + return res +end + +local space_chars = create_set(" ", "\t", "\r", "\n") +local delim_chars = create_set(" ", "\t", "\r", "\n", "]", "}", ",") +local escape_chars = create_set("\\", "/", '"', "b", "f", "n", "r", "t", "u") +local literals = create_set("true", "false", "null") + +local literal_map = { + [ "true" ] = true, + [ "false" ] = false, + [ "null" ] = nil, +} + + +local function next_char(str, idx, set, negate) + for i = idx, #str do + if set[str:sub(i, i)] ~= negate then + return i + end + end + return #str + 1 +end + + +local function decode_error(str, idx, msg) + local line_count = 1 + local col_count = 1 + for i = 1, idx - 1 do + col_count = col_count + 1 + if str:sub(i, i) == "\n" then + line_count = line_count + 1 + col_count = 1 + end + end + error( string.format("%s at line %d col %d", msg, line_count, col_count) ) +end + + +local function codepoint_to_utf8(n) + -- http://scripts.sil.org/cms/scripts/page.php?site_id=nrsi&id=iws-appendixa + local f = math.floor + if n <= 0x7f then + return string.char(n) + elseif n <= 0x7ff then + return string.char(f(n / 64) + 192, n % 64 + 128) + elseif n <= 0xffff then + return string.char(f(n / 4096) + 224, f(n % 4096 / 64) + 128, n % 64 + 128) + elseif n <= 0x10ffff then + return string.char(f(n / 262144) + 240, f(n % 262144 / 4096) + 128, + f(n % 4096 / 64) + 128, n % 64 + 128) + end + error( string.format("invalid unicode codepoint '%x'", n) ) +end + + +local function parse_unicode_escape(s) + local n1 = tonumber( s:sub(1, 4), 16 ) + local n2 = tonumber( s:sub(7, 10), 16 ) + -- Surrogate pair? + if n2 then + return codepoint_to_utf8((n1 - 0xd800) * 0x400 + (n2 - 0xdc00) + 0x10000) + else + return codepoint_to_utf8(n1) + end +end + + +local function parse_string(str, i) + local res = "" + local j = i + 1 + local k = j + + while j <= #str do + local x = str:byte(j) + + if x < 32 then + decode_error(str, j, "control character in string") + + elseif x == 92 then -- `\`: Escape + res = res .. str:sub(k, j - 1) + j = j + 1 + local c = str:sub(j, j) + if c == "u" then + local hex = str:match("^[dD][89aAbB]%x%x\\u%x%x%x%x", j + 1) + or str:match("^%x%x%x%x", j + 1) + or decode_error(str, j - 1, "invalid unicode escape in string") + res = res .. parse_unicode_escape(hex) + j = j + #hex + else + if not escape_chars[c] then + decode_error(str, j - 1, "invalid escape char '" .. c .. "' in string") + end + res = res .. escape_char_map_inv[c] + end + k = j + 1 + + elseif x == 34 then -- `"`: End of string + res = res .. str:sub(k, j - 1) + return res, j + 1 + end + + j = j + 1 + end + + decode_error(str, i, "expected closing quote for string") +end + + +local function parse_number(str, i) + local x = next_char(str, i, delim_chars) + local s = str:sub(i, x - 1) + local n = tonumber(s) + if not n then + decode_error(str, i, "invalid number '" .. s .. "'") + end + return n, x +end + + +local function parse_literal(str, i) + local x = next_char(str, i, delim_chars) + local word = str:sub(i, x - 1) + if not literals[word] then + decode_error(str, i, "invalid literal '" .. word .. "'") + end + return literal_map[word], x +end + + +local function parse_array(str, i) + local res = {} + local n = 1 + i = i + 1 + while 1 do + local x + i = next_char(str, i, space_chars, true) + -- Empty / end of array? + if str:sub(i, i) == "]" then + i = i + 1 + break + end + -- Read token + x, i = parse(str, i) + res[n] = x + n = n + 1 + -- Next token + i = next_char(str, i, space_chars, true) + local chr = str:sub(i, i) + i = i + 1 + if chr == "]" then break end + if chr ~= "," then decode_error(str, i, "expected ']' or ','") end + end + return res, i +end + + +local function parse_object(str, i) + local res = {} + i = i + 1 + while 1 do + local key, val + i = next_char(str, i, space_chars, true) + -- Empty / end of object? + if str:sub(i, i) == "}" then + i = i + 1 + break + end + -- Read key + if str:sub(i, i) ~= '"' then + decode_error(str, i, "expected string for key") + end + key, i = parse(str, i) + -- Read ':' delimiter + i = next_char(str, i, space_chars, true) + if str:sub(i, i) ~= ":" then + decode_error(str, i, "expected ':' after key") + end + i = next_char(str, i + 1, space_chars, true) + -- Read value + val, i = parse(str, i) + -- Set + res[key] = val + -- Next token + i = next_char(str, i, space_chars, true) + local chr = str:sub(i, i) + i = i + 1 + if chr == "}" then break end + if chr ~= "," then decode_error(str, i, "expected '}' or ','") end + end + return res, i +end + + +local char_func_map = { + [ '"' ] = parse_string, + [ "0" ] = parse_number, + [ "1" ] = parse_number, + [ "2" ] = parse_number, + [ "3" ] = parse_number, + [ "4" ] = parse_number, + [ "5" ] = parse_number, + [ "6" ] = parse_number, + [ "7" ] = parse_number, + [ "8" ] = parse_number, + [ "9" ] = parse_number, + [ "-" ] = parse_number, + [ "t" ] = parse_literal, + [ "f" ] = parse_literal, + [ "n" ] = parse_literal, + [ "[" ] = parse_array, + [ "{" ] = parse_object, +} + + +parse = function(str, idx) + local chr = str:sub(idx, idx) + local f = char_func_map[chr] + if f then + return f(str, idx) + end + decode_error(str, idx, "unexpected character '" .. chr .. "'") +end + + +function json.decode(str) + if type(str) ~= "string" then + error("expected argument of type string, got " .. type(str)) + end + local res, idx = parse(str, next_char(str, 1, space_chars, true)) + idx = next_char(str, idx, space_chars, true) + if idx <= #str then + decode_error(str, idx, "trailing garbage") + end + return res +end + + +return json @@ -4,11 +4,11 @@ -- luarocks-5.3 install --local luaposix -- luarocks-5.3 install --local argparse -- luarocks-5.3 install --local lsqlite3 --- front-end example: sqlite3 $(cat /tmp/lclipd/lclipd_db_name) 'select content from lclipd;' | dmenu -l 10 | xsel -ib +-- pipx install detect-secrets local string = require("string") --- Adds the lua rocks modules to the require path for this script -local function default_luarocks_modules() +--- Adds LUA_PATH and LUA_CPATH to the current interpreters path. +local function add_luarocks_modules() local luarocks_handle = io.popen("luarocks-5.3 path --bin") local path_b = false local cpath_b = false @@ -26,7 +26,7 @@ local function default_luarocks_modules() if path_b then os.exit(1) end if cpath_b then os.exit(1) end end -default_luarocks_modules() +add_luarocks_modules() -- we want to delete a pidfile if we wrote one, otherwise we won't local wrote_a_pidfile = false @@ -38,6 +38,14 @@ local unistd = require("posix.unistd") local posix_syslog = require("posix.syslog") local sqlite3 = require("lsqlite3") local posix_wait = require("posix.sys.wait") +local posix_socket = require("posix.sys.socket") +local libgen = require("posix.libgen") + +-- vendored dependency +-- https://github.com/rxi/json.lua +local base_path = libgen.dirname(arg[0]) +package.path = package.path .. ";" .. base_path .. "/?.lua" +local json = require("json") local sql_create_table = [=[ create table if not exists lclipd ( @@ -70,20 +78,17 @@ insert into lclipd(content,dateAdded) values('%s', unixepoch()); -- using a heredoc string without expansion bypasses the need for escaping local detect_secrets_cmd = [=[ -detect-secrets scan %s --string <<- STR | grep -v False +detect-secrets scan %s --string <<- STR | grep True %s STR ]=] local tmp_dir = "/tmp/lclipd" local pid_file = "/tmp/lclipd/lclipd.pid" -local db_file_name = "/tmp/lclipd/lclipd_db_name" --- We are not longer running. local function remove_pid_file() if wrote_a_pidfile then os.remove(pid_file) end end ---- Adds LUA_PATH and LUA_CPATH to the current interpreters path. - local function lclip_exit(n) os.exit(n) remove_pid_file() @@ -94,6 +99,8 @@ parser:option("-s --hist_size", "number of distinct entries for clipboard history", 200) parser:option("-d --detect_secrets_args", "options that will be passed to detect secrets", "") +parser:option("-a --address", "address to bind to", "127.0.0.1") +parser:option("-p --port", "port to bind to", 9999) --- Log the given string to syslog with the given priority. -- @param log_str the string passed to the logging facility @@ -114,16 +121,6 @@ local function check_uid_gid() posix_syslog.LOG_INFO) end ---- Change the permission to user read/write i.e. chmod 600 --- @param path to the database file whose permissions will be set -local function set_db_permissions(db_path) - local ret = sys_stat.chmod(db_path, sys_stat.S_IRUSR | sys_stat.S_IWUSR) - if ret ~= 0 then - log_to_syslog(tostring(ret), posix_syslog.LOG_CRIT) - lclip_exit(1) - end -end - --- Creates the necessary dirs local function make_tmp_dirs() local f = sys_stat.stat(tmp_dir) @@ -210,12 +207,11 @@ local function detect_secrets(clipboard_content, detect_secrets_args) unistd.close(pipe_read) local cmd = string.format(detect_secrets_cmd, detect_secrets_args, clipboard_content) - local _, secrets_baseline_handle = pcall(io.popen, cmd) - local secrets_baseline = secrets_baseline_handle:read("*a") - if secrets_baseline == "" then - unistd.write(pipe_write, "1") - else + local ret = os.execute(cmd) + if ret == 0 then unistd.write(pipe_write, "0") + else + unistd.write(pipe_write, "1") end unistd.close(pipe_write) @@ -258,6 +254,7 @@ local function get_clipboard_content() local _, handle_x = pcall(io.popen, "xsel -ob") if handle_x ~= nil then local last_clip_entry_x = handle_x:read("*a") + handle_x:close() if last_clip_entry_x ~= "" and last_clip_entry_x ~= nil then return last_clip_entry_x end @@ -266,6 +263,7 @@ local function get_clipboard_content() local _, handle_w = pcall(io.popen, "wl-paste") if handle_w ~= nil then local last_clip_entry_w = handle_w:read("*a") + handle_w:close() if last_clip_entry_w ~= "" and last_clip_entry_w ~= nil then return last_clip_entry_w end @@ -277,33 +275,122 @@ end --- Get the sqlite DB handle. local function get_sqlite_handle() - local tmp_db_name = "/tmp/" .. - io.popen( - "tr -dc A-Za-z0-9 </dev/urandom | head -c 17"):read( - "*a") - log_to_syslog(tmp_db_name, posix_syslog.LOG_INFO) - local clipDB = sqlite3.open(tmp_db_name, - sqlite3.OPEN_READWRITE + sqlite3.OPEN_CREATE) + local clipDB = sqlite3.open("/dev/shm/lclipd") + -- local clipDB = sqlite3.open("") if clipDB == nil then log_to_syslog("could not open the database", posix_syslog.LOG_CRIT) lclip_exit(1) end - set_db_permissions(tmp_db_name) - - local tmp_db_file = io.open(db_file_name, "w") - local stdout = io.output() - io.output(tmp_db_file) - io.write(tmp_db_name .. "\n") - io.close(tmp_db_file) - io.output(stdout) return clipDB end +--- Callback function to get the result when we receive a query from the socket +local function server_query_callback(conn, columns, values, _) + local result_table = {} + for i = 1, columns do result_table[i] = values[i] end + + local result_json = json.encode(result_table) + + local bytes_sent, errmsg = posix_socket.send(conn, result_json) + if bytes_sent == nil then + log_to_syslog(errmsg, posix_syslog.LOG_WARNING) + unistd._exit(1) + end + return 0 +end + +--- Start the lclipd server +-- @param bind_address +-- @param bind_port +local function run_server(bind_address, bind_port, sqlite_handle) + local server_pid, errmsg = unistd.fork() + if server_pid == nil then -- error + log_to_syslog(errmsg, posix_syslog.LOG_CRIT) + lclip_exit(1) + elseif server_pid == 0 then -- child + log_to_syslog("server component forked", posix_syslog.LOG_INFO) + local sock, errmsg = posix_socket.socket(posix_socket.AF_INET, + posix_socket.SOCK_STREAM, 0) + if sock == nil then + log_to_syslog(errmsg, posix_syslog.LOG_CRIT) + lclip_exit(1) + end + + local ret, errmsg = posix_socket.bind(sock, { + port = bind_port, + addr = bind_address, + family = posix_socket.AF_INET, + socktype = posix_socket.SOCK_STREAM + }) + if ret == nil then + log_to_syslog(errmsg, posix_syslog.LOG_CRIT) + lclip_exit(1) + end + + ret, errmsg = posix_socket.listen(sock, posix_socket.SOMAXCONN) + if ret == nil then + log_to_syslog(errmsg, posix_syslog.LOG_CRIT) + lclip_exit(1) + end + log_to_syslog("listening on " .. bind_address .. ":" .. + tostring(bind_port), posix_syslog.LOG_INFO) + + while true do + local conn, conn_addr = posix_socket.accept(sock) + if conn == nil then + log_to_syslog(conn_addr, posix_syslog.LOG_CRIT) + lclip_exit(1) + end + + -- we fork on every incoming connection + local pid, errmsg = unistd.fork() -- connection fork + if pid == nil then -- error + log_to_syslog(errmsg, posix_syslog.LOG_WARNING) + elseif pid == 0 then -- child + local msg = {} + log_to_syslog("forked on incoming connection", + posix_syslog.LOG_INFO) + while true do + local b = posix_socket.recv(conn, 2 ^ 14) + if not b or #b == 0 then break end + table.insert(msg, b) + end + if msg == nil then + log_to_syslog(errmsg, posix_syslog.LOG_WARNING) + unistd.close(conn) + unistd._exit(1) + end + msg = table.concat(msg) + log_to_syslog(msg, posix_syslog.LOG_INFO) + local return_code = sqlite_handle:exec(msg, + server_query_callback, + conn) + if return_code ~= sqlite3.OK then + log_to_syslog(tostring(return_code), + posix_syslog.LOG_WARNING) + unistd.close(conn) + unistd._exit(1) + end + unistd.close(conn) + unistd._exit(0) + -- nothing to do for the parent here, we want the parent to return + -- and wait on accept for a new incoming connection + end + unistd.close(conn) + end + elseif server_pid > 0 then -- parent + -- the parent process can just return at this point + -- we are simply achieving asynchronicity with this + -- for the server component + return + end +end + --- The clipboard's main loop -- @param clip_hist_size number of entries limit for the clip history file -- @param detect_secrets_artgs args to pass to detect-secrets scan -local function loop(clip_hist_size, detect_secrets_args) +local function loop(args) local sqlite_handle = get_sqlite_handle() -- create the table if it does not exist @@ -315,7 +402,8 @@ local function loop(clip_hist_size, detect_secrets_args) end -- add the old_reap trigger - sql_old_reap_trigger = string.format(sql_old_reap_trigger, clip_hist_size) + sql_old_reap_trigger = + string.format(sql_old_reap_trigger, args["hist_size"]) return_code = sqlite_handle:exec(sql_old_reap_trigger) if return_code ~= sqlite3.OK then log_to_syslog(tostring(return_code), posix_syslog.LOG_CRIT) @@ -324,6 +412,9 @@ local function loop(clip_hist_size, detect_secrets_args) lclip_exit(1) end + -- fork the server component and give control back to the clipboard + run_server(args["address"], args["port"], sqlite_handle) + log_to_syslog("starting the main loop", posix_syslog.LOG_INFO) while true do local clip_content = get_clipboard_content() @@ -334,11 +425,11 @@ local function loop(clip_hist_size, detect_secrets_args) if clip_content == nil then goto continue end local insert_string = string.format(sql_insert, clip_content) - if detect_secrets(clip_content, detect_secrets_args) then - sqlite_handle:exec(insert_string) - end - if return_code ~= sqlite3.OK then - log_to_syslog(tostring(return_code), posix_syslog.LOG_WARNING) + if detect_secrets(clip_content, args["detect_secrets_args"]) then + return_code = sqlite_handle:exec(insert_string) + if return_code ~= sqlite3.OK then + log_to_syslog(tostring(return_code), posix_syslog.LOG_WARNING) + end end ::continue:: end @@ -356,14 +447,19 @@ local function main() io.write("\n") os.exit(128 + signum) end) + -- we reap dead processes so we dont end up with zombies all over. + -- in our case, we dont really care how a child is terminated as + -- long as it terminates. + -- signal.signal(signal.SIGCHILD, function(_) + -- while posix_wait.wait(-1, posix_wait.WNOHANG) > 0 do end + -- end) make_tmp_dirs() local args = parser:parse() check_pid_file() write_pid_file() check_uid_gid() - local status, err = pcall(loop, args["hist_size"], - args["detect_secrets_args"]) + local status, err = pcall(loop, args) if status ~= true then log_to_syslog(err, posix_syslog.LOG_CRIT) end end |