Use mcdsl/terminal for all password prompts
Replace direct golang.org/x/term calls with mcdsl/terminal.ReadPassword across mciasctl (6 sites), mciasgrpcctl (1 site), and mciasdb (1 site). Aligns with the new CLI security standard in engineering-standards.md. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
36
vendor/git.wntrmute.dev/mc/mcdsl/terminal/terminal.go
vendored
Normal file
36
vendor/git.wntrmute.dev/mc/mcdsl/terminal/terminal.go
vendored
Normal file
@@ -0,0 +1,36 @@
|
||||
// Package terminal provides secure terminal input helpers for CLI tools.
|
||||
package terminal
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
|
||||
"golang.org/x/term"
|
||||
)
|
||||
|
||||
// ReadPassword prints the given prompt to stderr and reads a password
|
||||
// from the terminal with echo disabled. It prints a newline after the
|
||||
// input is complete so the cursor advances normally.
|
||||
func ReadPassword(prompt string) (string, error) {
|
||||
b, err := readRaw(prompt)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
return string(b), nil
|
||||
}
|
||||
|
||||
// ReadPasswordBytes is like ReadPassword but returns a []byte so the
|
||||
// caller can zeroize the buffer after use.
|
||||
func ReadPasswordBytes(prompt string) ([]byte, error) {
|
||||
return readRaw(prompt)
|
||||
}
|
||||
|
||||
func readRaw(prompt string) ([]byte, error) {
|
||||
fmt.Fprint(os.Stderr, prompt)
|
||||
b, err := term.ReadPassword(int(os.Stdin.Fd())) //nolint:gosec // fd fits in int
|
||||
fmt.Fprintln(os.Stderr)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return b, nil
|
||||
}
|
||||
Reference in New Issue
Block a user