From b10a3f2dae32f3bfe1e325c4de9ba3af6d513bba Mon Sep 17 00:00:00 2001
From: Jan Pokorný <jpokorny@redhat.com>
Date: Fri, 19 Apr 2013 19:52:38 +0200
Subject: avoid exposing password as a part of bugzilla command-line
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

-> new (optional, but recommended) dependency: expect

Signed-off-by: Jan Pokorný <jpokorny@redhat.com>
---
 watch-bz | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/watch-bz b/watch-bz
index f8cea93..a54dcfa 100755
--- a/watch-bz
+++ b/watch-bz
@@ -12,6 +12,7 @@
 #      (or pass such string as a 1st argument)
 #    - optionally set BZUSER to avoid the need to login manually before
 #      the "watch session"; you can set BZPASSWORD as well but be careful!
+# 3. optionally install expect package (-> security++)
 
 set -u
 export LANG=C
@@ -88,7 +89,21 @@ do_init () {
 		[ -n "$BZPASSWORD" ] \
 		  || read -s -t 60 -p 'Password (1 min timeout): ' BZPASSWORD \
 		  || exit $?
-		"$BUGZILLA" --cookiefile="${BUGZILLA_COOKIE}" login "$BZUSER" $BZPASSWORD
+		if which expect &>/dev/null; then
+			expect - <<-EOF
+			log_user 0
+			spawn $BUGZILLA --cookiefile=${BUGZILLA_COOKIE} login $BZUSER
+			expect "Password: "
+			send "${BZPASSWORD}\r"
+			send_user "wait a bit..."
+			expect eof
+			EOF
+		else
+			echo "Passing password through command-line argument is DANGEROUS"
+			local yn; read -p 'Continue? [yN]' yn
+			[ "${yn}" -ne "y" ] && exit
+			spawn $BUGZILLA --cookiefile=${BUGZILLA_COOKIE} login $BZUSER $BZPASSWORD
+		fi
 		if [ $? -ne 0 ]; then
 			echo "Cannot log in"
 			exit 2
-- 
cgit