readSecretFromStdin reads the secret from r and returns it as a string. It trims terminal line-endings (LF, CRLF, or CR), which may be added when inputting interactively or piping input. The value is otherwise treated as opaque, preserving any other whitespace, including newlines, per [NIST SP 800-6
(r io.Reader)
| 102 | // [NIST SP 800-63B §5.1.1.2]: https://pages.nist.gov/800-63-3/sp800-63b.html#memsecretver |
| 103 | // [NIST SP 800-63B (revision 4) §3.1.1.2]: https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver |
| 104 | func readSecretFromStdin(r io.Reader) (string, error) { |
| 105 | b, err := io.ReadAll(r) |
| 106 | if err != nil { |
| 107 | return "", err |
| 108 | } |
| 109 | if len(b) == 0 { |
| 110 | return "", nil |
| 111 | } |
| 112 | |
| 113 | for _, eol := range [][]byte{[]byte("\r\n"), []byte("\n"), []byte("\r")} { |
| 114 | var ok bool |
| 115 | b, ok = bytes.CutSuffix(b, eol) |
| 116 | if ok { |
| 117 | break |
| 118 | } |
| 119 | } |
| 120 | |
| 121 | return string(b), nil |
| 122 | } |
| 123 | |
| 124 | func verifyLoginOptions(dockerCLI command.Streams, opts *loginOptions) error { |
| 125 | if opts.password == "-" { |
no outgoing calls
no test coverage detected
searching dependent graphs…