0

I'm writing a small software that must pass to bash one string. the problem is that bash can't handle characters ", ', `. I've do a bruteforce software force gpg (if i use only digits and letters, this work without problems), but when my software generate a string that contains one (or more) of these character, i receive some bash errors. then i need to escape every markquotes inside the string. so for example, if the software, generate the string a"bc'1, i need to pass this string to bash a\"bc\'1. but i don't know how to do.

this is the code

subprocess.call('gpg -d --output '+decripted+' --passphrase "'+password+'" '+target+' 2>/dev/null', shell=True)

Can i use sed? I don't know how to incorporate sed. I've also thinked to save the generated password to a file, and then read the string from file like this

cat fileWithPassword | gpg -d --output OUTPUT_FILE -- passphrase-fd 0 TARGET_FILE

i've noticed that in this way (from bash) works, but i think that is not really efficient save and read a file. is there any way to escape every markquote withoud save it on a file?

Dea1993
  • 11
  • this work, but i've the same problem with \ character, how can i pass \? – Dea1993 Mar 29 '18 at 19:16
  • Sorry, what? Backslashes should be escaped just like all other special characters. What's the problem, exactly? – Aran-Fey Mar 29 '18 at 19:20
  • the problem is that if i write `.replace("\\","\\\\")` this replace also the escaped " and ', so instead having `\"` i've `\\"`, so the firts backspace escape the second backspace, and `"` is passed to bash – Dea1993 Mar 29 '18 at 19:49
  • Are you using the code from the accepted answer? Scroll past that junk, use `shlex.quote` from the 2nd answer. You shouldn't be doing anything with `str.replace`. – Aran-Fey Mar 29 '18 at 19:50
  • I've solved. just mut `.replace("\\","\\\\")` before the others `.replace()`. i didn't know that the order was important – Dea1993 Mar 29 '18 at 19:54
  • Alternatively, skip subprocess and shell and use GPGME, [like this](http://files.au.adversary.org/crypto/GPGMEpythonHOWTOen.html#howto-basic-decryption). – Ben Mar 31 '18 at 12:39

0 Answers0