From c9d95c0c9aaac0598a8fc4f1103871a96811e970 Mon Sep 17 00:00:00 2001
From: Valera Cogut <info@valeracogut.com>
Date: Tue, 16 Oct 2018 10:30:47 +0300
Subject: [PATCH 1/5] Safer way to handle unlock command of cli_wallet #1171

---
 CMakeLists.txt         |  2 +-
 include/fc/rpc/cli.hpp |  2 ++
 src/rpc/cli.cpp        | 54 ++++++++++++++++++++++++++++++++----------
 vendor/editline        |  2 +-
 4 files changed, 46 insertions(+), 14 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 7b76491..a07b213 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -34,7 +34,7 @@ endif()
 SET (ORIGINAL_LIB_SUFFIXES ${CMAKE_FIND_LIBRARY_SUFFIXES})
 
 SET(BOOST_COMPONENTS)
-LIST(APPEND BOOST_COMPONENTS thread date_time system filesystem program_options signals serialization chrono unit_test_framework context locale iostreams)
+LIST(APPEND BOOST_COMPONENTS thread date_time system filesystem program_options signals serialization chrono unit_test_framework context locale iostreams regex)
 SET( Boost_USE_STATIC_LIBS ON CACHE STRING "ON or OFF" )
 
 IF( ECC_IMPL STREQUAL openssl )
diff --git a/include/fc/rpc/cli.hpp b/include/fc/rpc/cli.hpp
index 6670a14..00714a8 100644
--- a/include/fc/rpc/cli.hpp
+++ b/include/fc/rpc/cli.hpp
@@ -32,6 +32,8 @@ namespace fc { namespace rpc {
 
          void set_prompt( const string& prompt );
 
+         void set_regex_secret( const string& expr );
+
       private:
          void run();
 
diff --git a/src/rpc/cli.cpp b/src/rpc/cli.cpp
index 0021ada..d715514 100644
--- a/src/rpc/cli.cpp
+++ b/src/rpc/cli.cpp
@@ -14,8 +14,16 @@
 # endif
 #endif
 
+#include <boost/regex.hpp>
+
 namespace fc { namespace rpc {
 
+static std::string& cli_regex_secret()
+{
+   static std::string* regex_secret = new std::string();
+   return *regex_secret;
+}
+
 static std::vector<std::string>& cli_commands()
 {
    static std::vector<std::string>* cmds = new std::vector<std::string>();
@@ -72,6 +80,11 @@ void cli::set_prompt( const string& prompt )
    _prompt = prompt;
 }
 
+void cli::set_regex_secret( const string& expr )
+{
+   cli_regex_secret() = expr;
+}
+
 void cli::run()
 {
    while( !_run_complete.canceled() )
@@ -87,9 +100,19 @@ void cli::run()
          {
             break;
          }
-         std::cout << line << "\n";
+         
+         // We have to hide sensitive information on the fly
+#ifdef HAVE_EDITLINE
+         if (rl_check_secret(rl_line_buffer))
+            std::cout << " *** secret *** " << "\n";
+         else
+#endif
+         {
+            std::cout << line << "\n";
+         }
+
          line += char(EOF);
-         fc::variants args = fc::json::variants_from_string(line);;
+         fc::variants args = fc::json::variants_from_string(line);
          if( args.size() == 0 )
             continue;
 
@@ -190,6 +213,21 @@ static int cli_completion(char *token, char ***array)
    return total_matches;
 }
 
+/***
+ * @brief regex match for secret information
+ * @param source the incoming text source
+ * @returns integer 1 in event of regex match for secret information, otherwise 0
+ */
+static int cli_check_secret(const char *source)
+{
+   boost::regex expr{cli_regex_secret()};
+
+   if (boost::regex_match(source, expr))
+      return 1;
+   
+   return 0;
+}
+
 /***
  * @brief Read input from the user
  * @param prompt the prompt to display
@@ -213,6 +251,7 @@ void cli::getline( const fc::string& prompt, fc::string& line)
    {
       rl_set_complete_func(my_rl_complete);
       rl_set_list_possib_func(cli_completion);
+      rl_set_check_secret_func(cli_check_secret);
 
       static fc::thread getline_thread("getline");
       getline_thread.async( [&](){
@@ -222,16 +261,7 @@ void cli::getline( const fc::string& prompt, fc::string& line)
          if( line_read == nullptr )
             FC_THROW_EXCEPTION( fc::eof_exception, "" );
          line = line_read;
-         try
-         {
-            if (*line_read)
-               add_history(line_read);
-         }
-         catch(...)
-         {
-            free(line_read);
-            throw;
-         }
+         // we don't need here to add line in editline's history, cause it will be doubled
          free(line_read);
       }).wait();
    }
diff --git a/vendor/editline b/vendor/editline
index 405f091..e519028 160000
--- a/vendor/editline
+++ b/vendor/editline
@@ -1 +1 @@
-Subproject commit 405f09188868eb69483c2efc55b9837c9ce04494
+Subproject commit e519028a373cb926b67d7bd414b9d266540605d4

From e00bbdaf72cbcaa5a3b2b25bd48c1ba03263d13d Mon Sep 17 00:00:00 2001
From: Valera Cogut <info@valeracogut.com>
Date: Tue, 16 Oct 2018 18:52:44 +0300
Subject: [PATCH 2/5] removed not required output to console

---
 src/rpc/cli.cpp | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/src/rpc/cli.cpp b/src/rpc/cli.cpp
index d715514..46d94c6 100644
--- a/src/rpc/cli.cpp
+++ b/src/rpc/cli.cpp
@@ -100,16 +100,8 @@ void cli::run()
          {
             break;
          }
-         
-         // We have to hide sensitive information on the fly
-#ifdef HAVE_EDITLINE
-         if (rl_check_secret(rl_line_buffer))
-            std::cout << " *** secret *** " << "\n";
-         else
-#endif
-         {
-            std::cout << line << "\n";
-         }
+
+         std::cout << "\n";
 
          line += char(EOF);
          fc::variants args = fc::json::variants_from_string(line);

From e14b7c6fc632a00d59948bdf230fdd4aa57efa9a Mon Sep 17 00:00:00 2001
From: Valera Cogut <info@valeracogut.com>
Date: Wed, 24 Oct 2018 23:38:14 +0300
Subject: [PATCH 3/5] bump editline to latest upstream master

---
 vendor/editline | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vendor/editline b/vendor/editline
index e519028..fbb1f88 160000
--- a/vendor/editline
+++ b/vendor/editline
@@ -1 +1 @@
-Subproject commit e519028a373cb926b67d7bd414b9d266540605d4
+Subproject commit fbb1f8800adbb70264fa3893dc221f524e25708c

From 44896485d165926aec8c2d9bf0f2ae6a0c2b990c Mon Sep 17 00:00:00 2001
From: Valera Cogut <info@valeracogut.com>
Date: Thu, 25 Oct 2018 22:58:22 +0300
Subject: [PATCH 4/5] Optimized regex expression and other little improvements

---
 src/rpc/cli.cpp | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/src/rpc/cli.cpp b/src/rpc/cli.cpp
index 46d94c6..46dc129 100644
--- a/src/rpc/cli.cpp
+++ b/src/rpc/cli.cpp
@@ -18,10 +18,10 @@
 
 namespace fc { namespace rpc {
 
-static std::string& cli_regex_secret()
+static boost::regex& cli_regex_secret()
 {
-   static std::string* regex_secret = new std::string();
-   return *regex_secret;
+   static boost::regex* regex_expr = new boost::regex();
+   return *regex_expr;
 }
 
 static std::vector<std::string>& cli_commands()
@@ -101,8 +101,6 @@ void cli::run()
             break;
          }
 
-         std::cout << "\n";
-
          line += char(EOF);
          fc::variants args = fc::json::variants_from_string(line);
          if( args.size() == 0 )
@@ -212,9 +210,7 @@ static int cli_completion(char *token, char ***array)
  */
 static int cli_check_secret(const char *source)
 {
-   boost::regex expr{cli_regex_secret()};
-
-   if (boost::regex_match(source, expr))
+   if (boost::regex_match(source, cli_regex_secret()))
       return 1;
    
    return 0;

From edd6fa8dede0ce21719627808be9f7680dfa03e4 Mon Sep 17 00:00:00 2001
From: Valera Cogut <info@valeracogut.com>
Date: Sat, 27 Oct 2018 19:06:24 +0300
Subject: [PATCH 5/5] Removed pointer for regex expression

---
 src/rpc/cli.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/rpc/cli.cpp b/src/rpc/cli.cpp
index 46dc129..a95ff2f 100644
--- a/src/rpc/cli.cpp
+++ b/src/rpc/cli.cpp
@@ -20,8 +20,8 @@ namespace fc { namespace rpc {
 
 static boost::regex& cli_regex_secret()
 {
-   static boost::regex* regex_expr = new boost::regex();
-   return *regex_expr;
+   static boost::regex regex_expr;
+   return regex_expr;
 }
 
 static std::vector<std::string>& cli_commands()