Skip to content
This repository was archived by the owner on Jul 28, 2023. It is now read-only.

Commit a5cc00a

Browse files
davco01adavco01a
authored
Merge pull request #244 from davco01a/latest
pentest fixes
2 parents b76a3d6 + 9ee483f commit a5cc00a

File tree

1 file changed

+53
-14
lines changed

1 file changed

+53
-14
lines changed

cmd/login.go

Lines changed: 53 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -88,7 +88,6 @@ func HandleTLSFLag(insecureTLS bool) {
8888
if err != nil {
8989
messageAndExit("There was a problem writing to the cli config")
9090
}
91-
9291
if clientCert != "" {
9392
cliConfig.Set(CertKey, clientCert)
9493
err = cliConfig.WriteConfig()
@@ -101,7 +100,6 @@ func HandleTLSFLag(insecureTLS bool) {
101100
if !insecureTLS && clientCert == "" {
102101

103102
fmt.Print("Are you sure you want to continue with an insecure connection to " + cliConfig.GetString(KabURLKey) + " (y/n): ")
104-
105103
reader := bufio.NewReader(os.Stdin)
106104
char, _, err := reader.ReadRune()
107105
if err != nil {
@@ -155,24 +153,54 @@ var loginCmd = &cobra.Command{
155153
RunE: func(cmd *cobra.Command, args []string) error {
156154
Debug.log("login called")
157155
var err error
156+
var ePass = ""
157+
var eUser = ""
158158

159+
fmt.Println(ePass)
160+
fmt.Println(eUser)
159161
username, _ := cmd.Flags().GetString("username")
160162
password, _ := cmd.Flags().GetString("password")
161163

164+
if username == "" {
165+
fmt.Printf("Username:")
166+
bytePwd, err := terminal.ReadPassword(int(syscall.Stdin))
167+
if err != nil {
168+
return err
169+
}
170+
eUser = base64.StdEncoding.EncodeToString(bytePwd)
171+
for i := 0; i < len(bytePwd); i++ {
172+
bytePwd[i] = 0
173+
}
174+
bytePwd = nil
175+
if bytePwd == nil {
176+
fmt.Print()
177+
}
178+
fmt.Println()
179+
} else {
180+
eUser = base64.StdEncoding.EncodeToString([]byte(username))
181+
}
162182
if password == "" {
163183
fmt.Printf("Password:")
164184
bytePwd, err := terminal.ReadPassword(int(syscall.Stdin))
165185
if err != nil {
166186
return err
167187
}
168-
password = strings.TrimSpace(string(bytePwd))
188+
ePass = base64.StdEncoding.EncodeToString(bytePwd)
189+
for i := 0; i < len(bytePwd); i++ {
190+
bytePwd[i] = 0
191+
}
192+
bytePwd = nil
193+
if bytePwd == nil {
194+
fmt.Print()
195+
}
169196
fmt.Println()
197+
} else {
198+
ePass = base64.StdEncoding.EncodeToString([]byte(password))
170199
}
171200

172201
var kabLoginURL string
173202

174203
viper.SetEnvPrefix("KABANERO")
175-
176204
if len(args) > 0 {
177205
cliConfig.Set(KabURLKey, parseKabURL(args[0]))
178206
err = cliConfig.WriteConfig()
@@ -188,14 +216,24 @@ var loginCmd = &cobra.Command{
188216
HandleTLSFLag(InsecureTLS)
189217

190218
kabLoginURL = getRESTEndpoint("login")
191-
ePass := base64.StdEncoding.EncodeToString([]byte(password))
192-
eUser := base64.StdEncoding.EncodeToString([]byte(username))
193-
requestBody, _ := json.Marshal(map[string]string{"000_ERG_TEN_TWENTY": eUser, "010_BOHM_THIRTY_FIVE": ePass})
194219

220+
requestBody, _ := json.Marshal(map[string]string{"000_ERG_TEN_TWENTY": eUser, "010_BOHM_THIRTY_FIVE": ePass})
195221
resp, err := sendHTTPRequest("POST", kabLoginURL, requestBody)
196222
if err != nil {
197223
messageAndExit("login: Error on sendHTTPRequest:")
198224
}
225+
requestBody = nil
226+
if requestBody == nil {
227+
fmt.Print()
228+
}
229+
eUser = ""
230+
if eUser == "" {
231+
fmt.Print()
232+
}
233+
ePass = ""
234+
if ePass == "" {
235+
fmt.Print()
236+
}
199237

200238
Debug.log("RESPONSE ", kabLoginURL, resp.StatusCode, http.StatusText(resp.StatusCode))
201239
if resp.StatusCode == 404 {
@@ -210,20 +248,18 @@ var loginCmd = &cobra.Command{
210248
}
211249
key := security.Create32BKey((time.Now().String()))
212250
cliConfig.Set("key", key)
213-
214251
encryptedJWT := security.EncryptString(data.JWT, key)
215252
cliConfig.Set("jwt", encryptedJWT)
216-
217253
err = cliConfig.WriteConfig()
218254
if err != nil {
219255
return err
220256
}
221257
if cliConfig.GetString("jwt") == "" {
222258
messageAndExit("Unable to validate user: " + username + " to " + cliConfig.GetString(KabURLKey))
223259
}
224-
260+
key = ""
261+
fmt.Println(key)
225262
if !is06Compatible() {
226-
227263
url := getRESTEndpoint("logout")
228264
resp, err := sendHTTPRequest("POST", url, nil)
229265
if err != nil {
@@ -237,12 +273,14 @@ var loginCmd = &cobra.Command{
237273
return err
238274
}
239275
} else {
240-
241276
fmt.Println("Logged in to Kabanero instance: " + cliConfig.GetString(KabURLKey))
242277
Debug.log("Logged in to Kabanero instance: " + cliConfig.GetString(KabURLKey))
243278
}
244279
defer resp.Body.Close()
245-
280+
cliConfig = nil
281+
if cliConfig == nil {
282+
fmt.Print()
283+
}
246284
return nil
247285
},
248286
}
@@ -252,7 +290,8 @@ func init() {
252290

253291
loginCmd.Flags().StringP("username", "u", "", "github username")
254292

255-
_ = loginCmd.MarkFlagRequired("username")
293+
//_ = loginCmd.MarkFlagRequired("username") // possibly comment out to make username flad not required and add promot for username
294+
//loginCmd.Flags().String("username", "u", "", "github username. If no username is provided, prompt will appear")
256295
loginCmd.Flags().StringP("password", "p", "", "github password/PAT. If no password is provided, prompt will appear")
257296
loginCmd.Flags().BoolVar(&InsecureTLS, "insecure-skip-tls-verify", false, "If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure")
258297
loginCmd.Flags().StringVar(&clientCert, "certificate-authority", "", "Path to a cert file for the certificate authority")

0 commit comments

Comments
 (0)