diff options
author | Joey Hess <joeyh@joeyh.name> | 2017-05-04 18:51:36 -0400 |
---|---|---|
committer | Joey Hess <joeyh@joeyh.name> | 2017-05-04 18:58:31 -0400 |
commit | 699687f503c63541a6e28501fa5f523b89c1915b (patch) | |
tree | f74fd9da7533b744d33bae9a714403d985047fad /ControlWindow.hs | |
parent | e8f408e6456ac445c53fe50594ee0effc136f86c (diff) | |
download | debug-me-699687f503c63541a6e28501fa5f523b89c1915b.tar.gz |
sanitize gpg output and chat messages
Just in case, only allow printable characters in this, not control
characters.
Diffstat (limited to 'ControlWindow.hs')
-rw-r--r-- | ControlWindow.hs | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/ControlWindow.hs b/ControlWindow.hs index c921fbb..99fd4d3 100644 --- a/ControlWindow.hs +++ b/ControlWindow.hs @@ -15,6 +15,7 @@ import ControlSocket import VirtualTerminal import Gpg import Gpg.Wot +import Output import System.IO import System.Environment @@ -24,8 +25,7 @@ import Control.Exception import Control.Concurrent.Async import Control.Concurrent.STM import Control.Concurrent.STM.TMChan -import qualified Data.ByteString as B -import Data.ByteString.UTF8 (fromString) +import Data.ByteString.UTF8 (fromString, toString) import Data.Char import Control.Monad import Data.Monoid @@ -128,7 +128,8 @@ displayInput ochan ichan promptchan responsechan = loop displayChatMessage :: ControlAction -> IO () displayChatMessage (ChatMessage username msg) = do - B.putStr $ "<" <> val username <> "> " <> val msg <> "\n" + putStrLn $ sanitizeForDisplay $ toString $ + "<" <> val username <> "> " <> val msg hFlush stdout displayChatMessage _ = return () @@ -138,7 +139,8 @@ askToAllow ochan _ _ (UnSigned pk) = atomically $ writeTMChan ochan $ askToAllow ochan promptchan responsechan k@(GpgSigned pk _ _) = do putStrLn "Someone wants to connect to this debug-me session." putStrLn "Checking their GnuPG signature ..." - v <- gpgVerify k + (v, gpgoutput) <- gpgVerify k + putStr $ unlines $ map sanitizeForDisplay $ lines $ toString gpgoutput case v of Nothing -> do putStrLn "Unable to download their GnuPG key, or signature verification failed." @@ -147,7 +149,8 @@ askToAllow ochan promptchan responsechan k@(GpgSigned pk _ _) = do putStrLn "Checking the GnuPG web of trust ..." ss <- isInStrongSet gpgkeyid ws <- downloadWotStats gpgkeyid - putStrLn $ describeWot ws ss + putStrLn $ unlines $ map sanitizeForDisplay $ + describeWot ws ss promptconnect where promptconnect :: IO () |