Mfcttrf

How to find better food in airports

From non-IT background to being a programmer

Displaying Time in HH:MM Format

Table alignment (make the content centre)

New coworker has strange workplace requirements - how should I deal with them?

Why did the VIC-II and SID use 6 µm technology in the era of 3 µm and 1.5 µm?

What is the definition of Product

Why do fuses burn at a specific current?

How do you manage to study and have a balance in your life at the same time?

Would there be balance issues if I allowed opportunity attacks against any creature, not just hostile ones?

Tiny image scraper for xkcd.com

extending lines in 3d graph

Why are CEOs generally fired rather being demoted?

Playing boules... IN SPACE!

How can I portray a character with no fear of death, without them sounding utterly bored?

How can an F-22 Raptor reach supersonic speeds without having supersonic inlets?

Polarity of gas discharge tubes?

Is there anything in the universe that cannot be compressed?

Can the Tasha's Hideous Laughter spell affect a deaf creature?

Punishment in pacifist society

Received email from ISP saying one of my devices has malware

Using font to highlight a god's speech in dialogue

Get rows that exist exactly once per day for a given period

Missing $ inserted. Extra }, or forgotten $. Missing } inserted

Inserting command output into multiline string

Functions for scanning command line optionsRunning a shell command and getting outputShortcut script for elusive grep commandBash command helper in C++Command line google searchingSimple Command Line Password ManagerBash function to generate colored output

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;

2

$begingroup$

I'm writing a bash script to that picks up a user password from an environment variable, hashes this, and inserts the results into a postgres database.

What I have works and looks fairly readable to me but I'm no expert on bash. Are there better conventions I could be following for what I'm doing?

#!/bin/bash
HASHED=$(echo -n $GUAC_PASSWORD | sha256sum | head -c 64)

PGPASSWORD=$POSTGRES_PASSWORD psql -U postgres << EOF
INSERT INTO guacamole_entity (name, type) VALUES ('guacadmin', 'USER');
INSERT INTO guacamole_user (entity_id, password_hash, password_salt, password_date)
SELECT
 entity_id,
 decode('$HASHED', 'hex'), 
 null,
 CURRENT_TIMESTAMP
FROM guacamole_entity WHERE name = 'guacadmin' AND guacamole_entity.type = 'USER';
EOF

Edit: I thought up a way to do it without sed feels neater to me.

bash

share|improve this question

edited 5 hours ago

russau

asked 8 hours ago

russaurussau

13855 bronze badges

$endgroup$

add a comment | 

2

$begingroup$

I'm writing a bash script to that picks up a user password from an environment variable, hashes this, and inserts the results into a postgres database.

What I have works and looks fairly readable to me but I'm no expert on bash. Are there better conventions I could be following for what I'm doing?

#!/bin/bash
HASHED=$(echo -n $GUAC_PASSWORD | sha256sum | head -c 64)

PGPASSWORD=$POSTGRES_PASSWORD psql -U postgres << EOF
INSERT INTO guacamole_entity (name, type) VALUES ('guacadmin', 'USER');
INSERT INTO guacamole_user (entity_id, password_hash, password_salt, password_date)
SELECT
 entity_id,
 decode('$HASHED', 'hex'), 
 null,
 CURRENT_TIMESTAMP
FROM guacamole_entity WHERE name = 'guacadmin' AND guacamole_entity.type = 'USER';
EOF

Edit: I thought up a way to do it without sed feels neater to me.

bash

share|improve this question

edited 5 hours ago

russau

asked 8 hours ago

russaurussau

13855 bronze badges

$endgroup$

add a comment | 

$begingroup$

I'm writing a bash script to that picks up a user password from an environment variable, hashes this, and inserts the results into a postgres database.

What I have works and looks fairly readable to me but I'm no expert on bash. Are there better conventions I could be following for what I'm doing?

#!/bin/bash
HASHED=$(echo -n $GUAC_PASSWORD | sha256sum | head -c 64)

PGPASSWORD=$POSTGRES_PASSWORD psql -U postgres << EOF
INSERT INTO guacamole_entity (name, type) VALUES ('guacadmin', 'USER');
INSERT INTO guacamole_user (entity_id, password_hash, password_salt, password_date)
SELECT
 entity_id,
 decode('$HASHED', 'hex'), 
 null,
 CURRENT_TIMESTAMP
FROM guacamole_entity WHERE name = 'guacadmin' AND guacamole_entity.type = 'USER';
EOF

Edit: I thought up a way to do it without sed feels neater to me.

bash

share|improve this question

edited 5 hours ago

russau

asked 8 hours ago

russaurussau

13855 bronze badges

$endgroup$

#!/bin/bash
HASHED=$(echo -n $GUAC_PASSWORD | sha256sum | head -c 64)

PGPASSWORD=$POSTGRES_PASSWORD psql -U postgres << EOF
INSERT INTO guacamole_entity (name, type) VALUES ('guacadmin', 'USER');
INSERT INTO guacamole_user (entity_id, password_hash, password_salt, password_date)
SELECT
 entity_id,
 decode('$HASHED', 'hex'), 
 null,
 CURRENT_TIMESTAMP
FROM guacamole_entity WHERE name = 'guacadmin' AND guacamole_entity.type = 'USER';
EOF

share|improve this question

edited 5 hours ago

russau

asked 8 hours ago

russaurussau

13855 bronze badges

share|improve this question

edited 5 hours ago

russau

asked 8 hours ago

russaurussau

13855 bronze badges

asked 8 hours ago

russaurussau

13855 bronze badges

asked 8 hours ago

russaurussau

13855 bronze badges

1 Answer
1

active

oldest

votes

3

$begingroup$

If GUAC_PASSWORD is a string like -e foo or /etc/*, that's going to create problems.

Quote the input and avoid echo altogether. While you're at it, whitelist the checksum output, making head redundant:

HASHED=$( sha256sum <<<"$GUAC_PASSWORD" | tr -dc a-f0-9 )

share|improve this answer

answered 4 hours ago

Oh My GoodnessOh My Goodness

3,11611 gold badge33 silver badges2020 bronze badges

$endgroup$

• 
  
  
  

  
  

  
  
  
  
  
  

  
  $begingroup$
  Is this to avoid an injection attack?
  $endgroup$
  – russau
  4 hours ago
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "196"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f227285%2finserting-command-output-into-multiline-string%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

3

$begingroup$

If GUAC_PASSWORD is a string like -e foo or /etc/*, that's going to create problems.

Quote the input and avoid echo altogether. While you're at it, whitelist the checksum output, making head redundant:

HASHED=$( sha256sum <<<"$GUAC_PASSWORD" | tr -dc a-f0-9 )

share|improve this answer

answered 4 hours ago

Oh My GoodnessOh My Goodness

3,11611 gold badge33 silver badges2020 bronze badges

$endgroup$

• 
  
  
  

  
  

  
  
  
  
  
  

  
  $begingroup$
  Is this to avoid an injection attack?
  $endgroup$
  – russau
  4 hours ago
  

  
  
  
  

add a comment | 

3

$begingroup$

If GUAC_PASSWORD is a string like -e foo or /etc/*, that's going to create problems.

Quote the input and avoid echo altogether. While you're at it, whitelist the checksum output, making head redundant:

HASHED=$( sha256sum <<<"$GUAC_PASSWORD" | tr -dc a-f0-9 )

share|improve this answer

answered 4 hours ago

Oh My GoodnessOh My Goodness

3,11611 gold badge33 silver badges2020 bronze badges

$endgroup$

• 
  
  
  

  
  

  
  
  
  
  
  

  
  $begingroup$
  Is this to avoid an injection attack?
  $endgroup$
  – russau
  4 hours ago
  

  
  
  
  

add a comment | 

$begingroup$

If GUAC_PASSWORD is a string like -e foo or /etc/*, that's going to create problems.

Quote the input and avoid echo altogether. While you're at it, whitelist the checksum output, making head redundant:

HASHED=$( sha256sum <<<"$GUAC_PASSWORD" | tr -dc a-f0-9 )

share|improve this answer

answered 4 hours ago

Oh My GoodnessOh My Goodness

3,11611 gold badge33 silver badges2020 bronze badges

$endgroup$

HASHED=$( sha256sum <<<"$GUAC_PASSWORD" | tr -dc a-f0-9 )

share|improve this answer

answered 4 hours ago

Oh My GoodnessOh My Goodness

3,11611 gold badge33 silver badges2020 bronze badges

answered 4 hours ago

Oh My GoodnessOh My Goodness

3,11611 gold badge33 silver badges2020 bronze badges

answered 4 hours ago

Oh My GoodnessOh My Goodness

3,11611 gold badge33 silver badges2020 bronze badges