Is there anyway to open the clipboard.alfdb in a text editor, terminal or script?

[JaredWilliams]

Is there any way to open the clipboard.alfdb in any terminal program so that I can remove sensitive data and replace it with something like "PASSWORDREMOVED" without corrupting the data file?

Is it in any certain data format? Like if it was SQLite I could make the changes through there

I know you can do function-backspace to remove entries from the clipboard, however, i just want to remove the sensitive data not the whole line from the clipboard.

 

Thank you,

 

Jared

https://jared.nyc

https://devopschat.co

[JaredWilliams]

just tried doing

sqlite3 clipboard.alfdb

and that worked

So I wrote this quick update statement anyone in the future might want to use

Steps:

1. Open the DB by doing:

sqlite3 "~/Library/Application Support/Alfred 3/Databases/clipboard.alfdb"

2. If you want to see how many times your password, or sensitive data, is in the clipboard run this query (replace where it says YOURPASSWORD with your password or any sensitive data):

SELECT COUNT(item) FROM clipboard WHERE item LIKE '%YOURPASSWORD%';

3. Run this query (replace where it says YOURPASSWORD with your password or any sensitive data you want to remove like APIKeys, etc):

UPDATE clipboard SET item = replace( item, 'YOURPASSWORD', 'PasswordRemoved') WHERE item LIKE '%YOURPASSWORD%';

4. Run the SELECT from step 2 again

 

And heres a quick script i wrote that you can run whenever. Change where it says 'PasswordToRemove' to your password. Also you can pass data to the script as a parameter, however, if that parameter is missing it just defaults to whatever text you have as 'PasswordToRemove'

#!/bin/bash

DInput=$1
YourPassword="PasswordToRemove"
StringToRemove="${DInput:-$YourPassword}"

COUNT=$(sqlite3 "~/Library/Application Support/Alfred 3/Databases/clipboard.alfdb" "SELECT COUNT(item) FROM clipboard WHERE item LIKE '%$StringToRemove%';")
sqlite3 "~/Library/Application Support/Alfred 3/Databases/clipboard.alfdb" "UPDATE clipboard SET item = replace( item, '$StringToRemove', 'PasswordRemoved') WHERE item LIKE '%$StringToRemove%';"
POSTCOUNT=$(sqlite3 "~/Library/Application Support/Alfred 3/Databases/clipboard.alfdb" "SELECT COUNT(item) FROM clipboard WHERE item LIKE '%$StringToRemove%';")

echo "Sensitive Data Count: $COUNT"
echo "Removing Sensitive Data....."
echo "Count after Scrubbing: $POSTCOUNT"

So you can run
/usr/local/bin/AlfredDataScrubber
and it will replace the string 'PasswordToRemove' with 'PasswordRemoved'
or you can run
/usr/local/bin/AlfredDataScrubber "LongAPIKey"
and it will replace the string 'LongAPIKey' with 'PasswordRemoved'

Edited June 15, 2017 by JaredWilliams

[deanishe]

Which password program are you using?

 

Properly written ones mark copied passwords as sensitive and Alfred doesn't remember them in the first place. 

 

Editing Alfred's (or any app's) internal data is not a particularly smart thing to do.

 

[JaredWilliams]

I work a lot in the terminal and a lot of other programs. I use 1password and it doesn't save the password. But there has been stuff I've copied from safari like API keys and passwords. etc. 

so it helps to have a way to remove it. and since its SQLite and I've tested this for a couple hours now, doesn't affect Alfred in any negative way. 

[deanishe]

44 minutes ago, JaredWilliams said:

I've tested this for a couple hours now

 

You aren't escaping the input. Any password with ' in it will cause the script to die in flames.

 

I also have to question the wisdom of saving a password in a script. That's a great way to accidentally upload sensitive data to GitHub.

 

Finally, if you pass it a password on the command line, you're just swapping a password in your clipboard history for one in your shell history.

 

The proper solution would be to file a feature request for an alternate Hotkey that copies text without remembering it or the ability to delete entries from the history via Alfred.

 

Edited June 15, 2017 by deanishe

[vitor]

Agreed with @deanishe. Particularly since all you’re doing is moving your password from one place to another — you’re still saving it in plain text in the script — so it’s not really that much secure.

 

But since you need the feature now, you could indeed just change the script to get the password as an argument from the command line. That would make it more flexible, even. But make sure you HISTCONTROL=ignorespace in bash or setopt hist_ignore_space in zsh. Add that to your shell’s startup files and any command you type that’s preceded by a space will not be saved to history.

 

Alternatively, save the password to the Keychain and use security to retrieve it in the script.

[deanishe]

Or read the password from STDIN instead of ARGV. That's how it's usually done in command-line programs. Keychain is definitely the best way, though, if there can be a "best way" of messing with an application's private data while it's running.