Xjyuk

Was there an original and definitive use of alternate dimensions/realities in fiction?

What is the definition of Product

How to run a command 1 out of N times in Bash

What is causing gaps in logs?

Why do fuses burn at a specific current?

How to say "too quickly", "too recklessly" etc

Heuristic argument for the Riemann Hypothesis

Polarity of gas discharge tubes?

Turn off Google Chrome's Notification for "Flash Player will no longer be supported after December 2020."

Different past tense for various *et words

Visiting girlfriend in the USA

Can my UK debt be collected because I have to return to US?

What happens if you just start drawing from the Deck of Many Things without declaring any number of cards?

Datasets of Large Molecules

How can an F-22 Raptor reach supersonic speeds without having supersonic inlets?

Cheap oscilloscope showing 16 MHz square wave

How can I modify a line which contains 2nd occurence of a string?

Received email from ISP saying one of my devices has malware

Table alignment (make the content centre)

Tasha's Hideous Laughter used on a deaf person?

Can a country avoid prosecution for crimes against humanity by denying it happened?

What are the electrical characteristics of a PC gameport?

From non-IT background to being a programmer

Does the telecom provider need physical access to the SIM card to clone it?

Inserting command output into multiline string

Functions for scanning command line optionsRunning a shell command and getting outputShortcut script for elusive grep commandBash command helper in C++Command line google searchingSimple Command Line Password ManagerBash function to generate colored output

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;

2

$begingroup$

I'm writing a bash script to that picks up a user password from an environment variable, hashes this, and inserts the results into a postgres database.

What I have works and looks fairly readable to me but I'm no expert on bash. Are there better conventions I could be following for what I'm doing?

#!/bin/bash
HASHED=$(echo -n $GUAC_PASSWORD | sha256sum | head -c 64)

PGPASSWORD=$POSTGRES_PASSWORD psql -U postgres << EOF
INSERT INTO guacamole_entity (name, type) VALUES ('guacadmin', 'USER');
INSERT INTO guacamole_user (entity_id, password_hash, password_salt, password_date)
SELECT
 entity_id,
 decode('$HASHED', 'hex'), 
 null,
 CURRENT_TIMESTAMP
FROM guacamole_entity WHERE name = 'guacadmin' AND guacamole_entity.type = 'USER';
EOF

Edit: I thought up a way to do it without sed feels neater to me.

bash

share|improve this question

edited 4 hours ago

russau

asked 8 hours ago

russaurussau

13855 bronze badges

$endgroup$

add a comment | 

2

$begingroup$

I'm writing a bash script to that picks up a user password from an environment variable, hashes this, and inserts the results into a postgres database.

What I have works and looks fairly readable to me but I'm no expert on bash. Are there better conventions I could be following for what I'm doing?

#!/bin/bash
HASHED=$(echo -n $GUAC_PASSWORD | sha256sum | head -c 64)

PGPASSWORD=$POSTGRES_PASSWORD psql -U postgres << EOF
INSERT INTO guacamole_entity (name, type) VALUES ('guacadmin', 'USER');
INSERT INTO guacamole_user (entity_id, password_hash, password_salt, password_date)
SELECT
 entity_id,
 decode('$HASHED', 'hex'), 
 null,
 CURRENT_TIMESTAMP
FROM guacamole_entity WHERE name = 'guacadmin' AND guacamole_entity.type = 'USER';
EOF

Edit: I thought up a way to do it without sed feels neater to me.

bash

share|improve this question

edited 4 hours ago

russau

asked 8 hours ago

russaurussau

13855 bronze badges

$endgroup$

add a comment | 

$begingroup$

I'm writing a bash script to that picks up a user password from an environment variable, hashes this, and inserts the results into a postgres database.

What I have works and looks fairly readable to me but I'm no expert on bash. Are there better conventions I could be following for what I'm doing?

#!/bin/bash
HASHED=$(echo -n $GUAC_PASSWORD | sha256sum | head -c 64)

PGPASSWORD=$POSTGRES_PASSWORD psql -U postgres << EOF
INSERT INTO guacamole_entity (name, type) VALUES ('guacadmin', 'USER');
INSERT INTO guacamole_user (entity_id, password_hash, password_salt, password_date)
SELECT
 entity_id,
 decode('$HASHED', 'hex'), 
 null,
 CURRENT_TIMESTAMP
FROM guacamole_entity WHERE name = 'guacadmin' AND guacamole_entity.type = 'USER';
EOF

Edit: I thought up a way to do it without sed feels neater to me.

bash

share|improve this question

edited 4 hours ago

russau

asked 8 hours ago

russaurussau

13855 bronze badges

$endgroup$

#!/bin/bash
HASHED=$(echo -n $GUAC_PASSWORD | sha256sum | head -c 64)

PGPASSWORD=$POSTGRES_PASSWORD psql -U postgres << EOF
INSERT INTO guacamole_entity (name, type) VALUES ('guacadmin', 'USER');
INSERT INTO guacamole_user (entity_id, password_hash, password_salt, password_date)
SELECT
 entity_id,
 decode('$HASHED', 'hex'), 
 null,
 CURRENT_TIMESTAMP
FROM guacamole_entity WHERE name = 'guacadmin' AND guacamole_entity.type = 'USER';
EOF

share|improve this question

edited 4 hours ago

russau

asked 8 hours ago

russaurussau

13855 bronze badges

share|improve this question

edited 4 hours ago

russau

asked 8 hours ago

russaurussau

13855 bronze badges

asked 8 hours ago

russaurussau

13855 bronze badges

asked 8 hours ago

russaurussau

13855 bronze badges

1 Answer
1

active

oldest

votes

3

$begingroup$

If GUAC_PASSWORD is a string like -e foo or /etc/*, that's going to create problems.

Quote the input and avoid echo altogether. While you're at it, whitelist the checksum output, making head redundant:

HASHED=$( sha256sum <<<"$GUAC_PASSWORD" | tr -dc a-f0-9 )

share|improve this answer

answered 4 hours ago

Oh My GoodnessOh My Goodness

3,11611 gold badge33 silver badges2020 bronze badges

$endgroup$

• 
  
  
  

  
  

  
  
  
  
  
  

  
  $begingroup$
  Is this to avoid an injection attack?
  $endgroup$
  – russau
  4 hours ago
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "196"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f227285%2finserting-command-output-into-multiline-string%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

3

$begingroup$

If GUAC_PASSWORD is a string like -e foo or /etc/*, that's going to create problems.

Quote the input and avoid echo altogether. While you're at it, whitelist the checksum output, making head redundant:

HASHED=$( sha256sum <<<"$GUAC_PASSWORD" | tr -dc a-f0-9 )

share|improve this answer

answered 4 hours ago

Oh My GoodnessOh My Goodness

3,11611 gold badge33 silver badges2020 bronze badges

$endgroup$

• 
  
  
  

  
  

  
  
  
  
  
  

  
  $begingroup$
  Is this to avoid an injection attack?
  $endgroup$
  – russau
  4 hours ago
  

  
  
  
  

add a comment | 

3

$begingroup$

If GUAC_PASSWORD is a string like -e foo or /etc/*, that's going to create problems.

Quote the input and avoid echo altogether. While you're at it, whitelist the checksum output, making head redundant:

HASHED=$( sha256sum <<<"$GUAC_PASSWORD" | tr -dc a-f0-9 )

share|improve this answer

answered 4 hours ago

Oh My GoodnessOh My Goodness

3,11611 gold badge33 silver badges2020 bronze badges

$endgroup$

• 
  
  
  

  
  

  
  
  
  
  
  

  
  $begingroup$
  Is this to avoid an injection attack?
  $endgroup$
  – russau
  4 hours ago
  

  
  
  
  

add a comment | 

$begingroup$

If GUAC_PASSWORD is a string like -e foo or /etc/*, that's going to create problems.

Quote the input and avoid echo altogether. While you're at it, whitelist the checksum output, making head redundant:

HASHED=$( sha256sum <<<"$GUAC_PASSWORD" | tr -dc a-f0-9 )

share|improve this answer

answered 4 hours ago

Oh My GoodnessOh My Goodness

3,11611 gold badge33 silver badges2020 bronze badges

$endgroup$

HASHED=$( sha256sum <<<"$GUAC_PASSWORD" | tr -dc a-f0-9 )

share|improve this answer

answered 4 hours ago

Oh My GoodnessOh My Goodness

3,11611 gold badge33 silver badges2020 bronze badges

answered 4 hours ago

Oh My GoodnessOh My Goodness

3,11611 gold badge33 silver badges2020 bronze badges

answered 4 hours ago

Oh My GoodnessOh My Goodness

3,11611 gold badge33 silver badges2020 bronze badges