Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

shellsafe returns unsafe chars in 0.0.11 #19

Merged
merged 2 commits into from
Dec 25, 2014
Merged

shellsafe returns unsafe chars in 0.0.11 #19

merged 2 commits into from
Dec 25, 2014

Conversation

asquelt
Copy link
Contributor

@asquelt asquelt commented Dec 22, 2014

chars method was called before shellsafe method and @chars were initialized with characters which should never appear in shell. please issue 0.0.12 as this might be security related.

debug with print on charsets methods:

$ trocla create foobar plain '{ length: 33, charset: shellsafe }' ; trocla delete foobar plain
CHARS
SHELLSAFE
ALPHA
ALPHA
SHELLSAFE
CHARSET shellsafe ["a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "+", "%", "/", "@", "=", "?", "_", ".", ",", ":", "*", "(", ")", "&", "!", "[", "]", "{", "}", "-"]
QR&AbAKSR=%9c{,+-N,0JD/6{=hxe!wZ9
QR&AbAKSR=%9c{,+-N,0JD/6{=hxe!wZ9

@asquelt asquelt mentioned this pull request Dec 22, 2014
Closed
@asquelt
Copy link
Contributor Author

asquelt commented Dec 22, 2014

i've added fix for x509 as of 2015 we should be using SHA2 digest instead of SHA1.
parametrized (as hash option) plus added SHA2 as default.

duritong
duritong reviewed Dec 25, 2014
View reviewed changes
lib/trocla/util.rb
@@ -27,7 +27,7 @@ def chars
@chars ||= shellsafe + special_chars
end
def shellsafe
@chars ||= alphanumeric + shellsafe_chars
@shellsafe ||= alphanumeric + shellsafe_chars
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

bleh, good catch!

duritong added a commit that referenced this pull request Dec 25, 2014
@duritong
Merge pull request #19 from asquelt/master
ec8593b 
shellsafe returns unsafe chars in 0.0.11
@duritong duritong merged commit ec8593b into duritong:master Dec 25, 2014
@duritong
Copy link
Owner

Thanks a lot, will do a release later that day/week.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@asquelt @duritong