From 55db5c8470eedd958ea9e15807f1a59e1367a7e8 Mon Sep 17 00:00:00 2001
From: Eric MacDonald <eric.macdonald@windriver.com>
Date: Mon, 15 May 2023 07:55:20 -0400
Subject: [PATCH] Add multi special character password handling to collect
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Add handling for passwords that have duplicate special
characters.
For instance without this update, passing collect the following
sudo password would fail while with this update it succeeds.
[[Pa$$word123]]
The following characters are verified to require escapes.
1. [ and ] (square brackets) [$$Copper1$$] … escaped by collect
2. ? (question mark) ?Copper123? … escaped by collect
3. $ (dollar sign) $Copper123$ … escaped by collect
4. " (double quotes) “<Mooser123>” … escaped by collect
5. \ (backslash) \Mooser1\ … escaped by collect
Note that the backslash '\' must be escaped by the user. For instance to enter a password with backslashes that reads like this \Copper123\ it must be escaped going in like this \\Copper123\\
The following special characters are verified to not require escapes.
6. & (ampersand) &Copper123& … no escape needed
7. ( and ) (parentheses) (Duffy123) … no escape needed
8. { and } (curly braces) {HealthCare123} … no escape needed
9. ; (semicolon) ;Copper123; … no escape needed
10. | (pipe) |PasswdTst123| … no escape needed
11. < (less than) <Mooser123> … no escape needed
12. > (greater than) <|>Copper123<|> … no escape needed
13. >> (double greater than) >>Mooser321<< … no escape needed
14. ' (single quotes) ‘Copper911’ … no escape needed
15. * (asterisk) *Mooser123* … no escape needed
16. # (hash or pound sign) #Mooser123# … no escape needed
17. ! (exclamation mark) !!@$Mooser1$@!! … no escape needed
18. ~ (tilde) ~Copper1~ … no escape needed
19. @ (at symbol) @Passwd1@ … no escape needed
20. ^ (caret) @^Myword1^@ … no escape needed
Test Plan:
PASS: Build and Install Debian Image
PASS: Run collect with typical password
The following password patterns were verified to be parsed
properly and all verified to work with collect.
PASS: [[Pa$$word123]] -> \[\[Pa\$\$word123\]\]
PASS: $$Passwd123$$ -> \$\$Passwd123\$\$
PASS: \Passwd1\ -> \\Passwd1\\
PASS: "Passwd1" -> \"Passwd1\"
PASS: [Passwd1] -> \[Passwd1\]
PASS: $Passwd1$ -> \$Passwd1\$
PASS: Li69nux* -> Li69nux*
PASS: "[Li69nux*]" -> \"\[Li69nux*\]\"
PASS: St8rlingX* -> St8rlingX*
PASS: $t8rlingX* -> \$t8rlingX*
PASS: $[$$Passwd1$$]$ -> \$\[\$\$Passwd1\$\$\]\$
PASS: "]\\$Passwd1$\\[" -> \"\]\\\\\$Passwd1\$\\\\\[\"
PASS: [[$$$[Passwd1]$$$] -> \[\[\$\$\$\[Passwd1\]\$\$\$\]
PASS: ""[[[$$$Passwd1$$$]]]"" -> \"\"\[\[\[\$\$\$Passwd1\$\$\$\]\]\]\"\"
Closes-Bug: 2019511
Change-Id: I7d1f3b1e3814b6acb017994bc3a2822ea3ff0244
Signed-off-by: Eric MacDonald <eric.macdonald@windriver.com>
---
tools/collector/debian-scripts/collect | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/tools/collector/debian-scripts/collect b/tools/collector/debian-scripts/collect
index f4a45384..2581646e 100644
--- a/tools/collector/debian-scripts/collect
+++ b/tools/collector/debian-scripts/collect
@@ -1112,11 +1112,11 @@ fi
# input for the purposes of storing it in ${pw}, expect
# will need certain special characters to be backslash
# delimited
-pw=${pw/\\/\\\\} # replace '\' with '\\'
-pw=${pw/\]/\\\]} # replace ']' with '\]'
-pw=${pw/\[/\\\[} # replace '[' with '\['
-pw=${pw/$/\\$} # replace '$' with '\$'
-pw=${pw/\"/\\\"} # replace '"' with '\"'
+pw=$(echo "${pw}" | sed 's/\\/\\\\/g') # replace all '\' with '\\'
+pw=$(echo "${pw}" | sed 's/\]/\\]/g') # replace all ']' with '\]'
+pw=$(echo "${pw}" | sed 's/\[/\\[/g') # replace all '[' with '\['
+pw=$(echo "${pw}" | sed 's/\$/\\$/g') # replace all '$' with '\$'
+pw=$(echo "${pw}" | sed 's/\"/\\"/g') # replace all '"' with '\"'
ilog "collect bundle timeout set to $((${TIMEOUT}/60)) minutes"