Handle quotes and backslashes in item names #52
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The item names are being copied inside a jq string literal without being properly escaped, which causes problems when the names have quotes, backslashes or other weird characters in them. The optimal way to escape these names seems to be using jq itself to generate its own string literals.
|
Looking good! I'll merge this when I get back home.
-------- Original message --------From: Diogo Tito Victor Marques <[email protected]> Date: 6/20/20 06:49 (GMT+01:00) To: mattydebie/bitwarden-rofi <[email protected]> Cc: Subscribed <[email protected]> Subject: [mattydebie/bitwarden-rofi] Handle quotes and backslashes in item names (#52) Fixes #35
My vault has an item that has quotes in the name, and it derails bwmenu in a way that forces me to pkill bwmenu
I found that the problem is that the item and folder names are being directly used in some jq filters, artificially wrapped in quotes, like this:
select(.name == \"$item_name\")
If $item_name has quotes or backslashes, its expansion will create a jq syntax error.
I found this solution on StackOverflow that makes jq slurp a string like $item_name from stdin and output the correctly JSON-encoded version of it, and decided to incorporate it in the script.
select(.name == $(echo "$item_name" | jq -Rs))
I am confident that bitwarden-rofi will now be capable of handling the weirdest item names and folder names we can put in our vaults!
PS: I made an alternative branch where my jq_escape function gets the input string from stdin, but I'm afraid it makes the code that uses it a little harder to understand. It also shows that jq_escape is a bit useless by itself, but I believe it make it more obvious what's happening to the names.
You can view, comment on, or merge this pull request online at:
#52
Commit Summary
Handle quotes in item names
File Changes
M
bwmenu
(4)
M
lib-bwmenu
(12)
Patch Links:
https://github.com/mattydebie/bitwarden-rofi/pull/52.patch
https://github.com/mattydebie/bitwarden-rofi/pull/52.diff
—You are receiving this because you are subscribed to this thread.Reply to this email directly, view it on GitHub, or unsubscribe.
[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "#52",
"url": "#52",
"name": "View Pull Request"
},
"description": "View this Pull Request on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]
|
|
Thanks! merge in db3427d |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #35
My vault has an item that has quotes in the name, and it derails
bwmenuin a way that forces me topkill bwmenuI found that the problem is that the item and folder names are being directly used in some jq filters, artificially wrapped in quotes, like this:
If
$item_namehas quotes or backslashes, its expansion will create a jq syntax error.I found this solution on StackOverflow that makes jq slurp a string like
$item_namefrom stdin and output the correctly JSON-encoded version of it, and decided to incorporate it in the script.I am confident that bitwarden-rofi will now be capable of handling the weirdest item names and folder names we can put in our vaults!
PS: I made an alternative branch where my
jq_escapefunction gets the input string from stdin, but I'm afraid it makes the code that uses it a little harder to understand. It also shows thatjq_escapeis a bit useless by itself, but I believe it make it more obvious what's happening to the names.