Use mcdsl/terminal for all password prompts

Replace direct golang.org/x/term calls with mcdsl/terminal.ReadPassword across mciasctl (6 sites), mciasgrpcctl (1 site), and mciasdb (1 site). Aligns with the new CLI security standard in engineering-standards.md. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-28 11:40:11 -07:00
parent e4220b840e
commit 5b5e1a7ed6
142 changed files with 10241 additions and 7788 deletions
--- a/cmd/mciasgrpcctl/main.go
+++ b/cmd/mciasgrpcctl/main.go
@@ -59,11 +59,11 @@ import (
 	"time"

 	"github.com/spf13/cobra"
-	"golang.org/x/term"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/metadata"

+	"git.wntrmute.dev/mc/mcdsl/terminal"
 	mciasv1 "git.wntrmute.dev/mc/mcias/gen/mcias/v1"
 )

@@ -213,7 +213,7 @@ func authCmd(ctl *controller) *cobra.Command {
 // lists.
 //
 // Security: terminal echo is disabled during password entry
-// (golang.org/x/term.ReadPassword); the raw byte slice is zeroed after use.
+// (mcdsl/terminal.ReadPassword).
 func authLoginCmd(ctl *controller) *cobra.Command {
 	var (
 		username string
@@ -230,17 +230,10 @@ func authLoginCmd(ctl *controller) *cobra.Command {
 			// Security: always prompt interactively; never accept password as a flag.
 			// This prevents the credential from appearing in shell history, ps output,
 			// and /proc/PID/cmdline.
-			fmt.Fprint(os.Stderr, "Password: ")
-			raw, err := term.ReadPassword(int(os.Stdin.Fd())) //nolint:gosec // uintptr==int on all target platforms
-			fmt.Fprintln(os.Stderr)
+			passwd, err := terminal.ReadPassword("Password: ")
 			if err != nil {
 				fatalf("read password: %v", err)
 			}
-			passwd := string(raw)
-			// Zero the raw byte slice once copied into the string.
-			for i := range raw {
-				raw[i] = 0
-			}

 			authCl := mciasv1.NewAuthServiceClient(ctl.conn)
 			// Login is a public RPC — no auth context needed.