Jump to content
JaredWilliams

Is there anyway to open the clipboard.alfdb in a text editor, terminal or script?

Recommended Posts

Is there any way to open the clipboard.alfdb in any terminal program so that I can remove sensitive data and replace it with something like "PASSWORDREMOVED" without corrupting the data file?

Is it in any certain data format? Like if it was SQLite I could make the changes through there

I know you can do function-backspace to remove entries from the clipboard, however, i just want to remove the sensitive data not the whole line from the clipboard.

 

Thank you,

 

Jared

https://jared.nyc

https://devopschat.co

Share this post


Link to post

just tried doing

sqlite3 clipboard.alfdb

and that worked

So I wrote this quick update statement anyone in the future might want to use

Steps:

1. Open the DB by doing:

sqlite3 "~/Library/Application Support/Alfred 3/Databases/clipboard.alfdb"

2. If you want to see how many times your password, or sensitive data, is in the clipboard run this query (replace where it says YOURPASSWORD with your password or any sensitive data):

SELECT COUNT(item) FROM clipboard WHERE item LIKE '%YOURPASSWORD%';

3. Run this query (replace where it says YOURPASSWORD with your password or any sensitive data you want to remove like APIKeys, etc):

UPDATE clipboard SET item = replace( item, 'YOURPASSWORD', 'PasswordRemoved') WHERE item LIKE '%YOURPASSWORD%';

4. Run the SELECT from step 2 again

 

And heres a quick script i wrote that you can run whenever. Change where it says 'PasswordToRemove' to your password. Also you can pass data to the script as a parameter, however, if that parameter is missing it just defaults to whatever text you have as 'PasswordToRemove'

#!/bin/bash

DInput=$1
YourPassword="PasswordToRemove"
StringToRemove="${DInput:-$YourPassword}"

COUNT=$(sqlite3 "~/Library/Application Support/Alfred 3/Databases/clipboard.alfdb" "SELECT COUNT(item) FROM clipboard WHERE item LIKE '%$StringToRemove%';")
sqlite3 "~/Library/Application Support/Alfred 3/Databases/clipboard.alfdb" "UPDATE clipboard SET item = replace( item, '$StringToRemove', 'PasswordRemoved') WHERE item LIKE '%$StringToRemove%';"
POSTCOUNT=$(sqlite3 "~/Library/Application Support/Alfred 3/Databases/clipboard.alfdb" "SELECT COUNT(item) FROM clipboard WHERE item LIKE '%$StringToRemove%';")

echo "Sensitive Data Count: $COUNT"
echo "Removing Sensitive Data....."
echo "Count after Scrubbing: $POSTCOUNT"

So you can run
/usr/local/bin/AlfredDataScrubber
and it will replace the string 'PasswordToRemove' with 'PasswordRemoved'
or you can run
/usr/local/bin/AlfredDataScrubber "LongAPIKey"
and it will replace the string 'LongAPIKey' with 'PasswordRemoved'

Edited by JaredWilliams

Share this post


Link to post

Which password program are you using?

 

Properly written ones mark copied passwords as sensitive and Alfred doesn't remember them in the first place. 

 

Editing Alfred's (or any app's) internal data is not a particularly smart thing to do.

 

Share this post


Link to post

I work a lot in the terminal and a lot of other programs. I use 1password and it doesn't save the password. But there has been stuff I've copied from safari like API keys and passwords. etc. 

so it helps to have a way to remove it. and since its SQLite and I've tested this for a couple hours now, doesn't affect Alfred in any negative way. 

Share this post


Link to post
44 minutes ago, JaredWilliams said:

I've tested this for a couple hours now

 

You aren't escaping the input. Any password with ' in it will cause the script to die in flames.

 

I also have to question the wisdom of saving a password in a script. That's a great way to accidentally upload sensitive data to GitHub.

 

Finally, if you pass it a password on the command line, you're just swapping a password in your clipboard history for one in your shell history.

 

The proper solution would be to file a feature request for an alternate Hotkey that copies text without remembering it or the ability to delete entries from the history via Alfred.

 

Edited by deanishe

Share this post


Link to post

Agreed with @deanishe. Particularly since all you’re doing is moving your password from one place to another — you’re still saving it in plain text in the script — so it’s not really that much secure.

 

But since you need the feature now, you could indeed just change the script to get the password as an argument from the command line. That would make it more flexible, even. But make sure you HISTCONTROL=ignorespace in bash or setopt hist_ignore_space in zsh. Add that to your shell’s startup files and any command you type that’s preceded by a space will not be saved to history.

 

Alternatively, save the password to the Keychain and use security to retrieve it in the script.

Share this post


Link to post

Or read the password from STDIN instead of ARGV. That's how it's usually done in command-line programs. Keychain is definitely the best way, though, if there can be a "best way" of messing with an application's private data while it's running.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...