1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 11:27:35 +00:00

LibCore: Make get_password return SecretString instead of String

We shouldn't let secrets sit around in memory, as they could potentially
be retrieved by an attacker, or left in memory during a core dump.
This commit is contained in:
Brian Gianforcaro 2021-09-11 09:53:25 -07:00 committed by Andreas Kling
parent 3bf6902790
commit 9e667453c7
6 changed files with 12 additions and 10 deletions

View file

@ -22,7 +22,7 @@ int main(int argc, char** argv)
bool tls { false };
String username;
String password;
Core::SecretString password;
bool interactive_password;
@ -40,17 +40,17 @@ int main(int argc, char** argv)
warnln("{}", password_or_err.error().string());
return 1;
}
password = password_or_err.value();
password = password_or_err.release_value();
} else {
auto standard_input = Core::File::standard_input();
password = standard_input->read_all();
password = Core::SecretString::take_ownership(standard_input->read_all());
}
Core::EventLoop loop;
auto client = IMAP::Client(host, port, tls);
client.connect()->await();
auto response = client.login(username, password)->await().release_value();
auto response = client.login(username, password.view())->await().release_value();
outln("[LOGIN] Login response: {}", response.response_text());
response = move(client.send_simple_command(IMAP::CommandType::Capability)->await().value().get<IMAP::SolidResponse>());