I am not sure if this exists or is unnecessary but I couldn't figure out how to set the configuration files directory through the CLI and I want to save it in a different location than homedir. So I decided to add this to the code, let me know if that works out for you. Thanks.

cURL: The -u flag and the 'Authorization' header may contain plaintext or base64-encoded secrets. URL: A URL may contain a login combination. wget: various flags pass around username and passsword combinations.

Fixes #64 (and more).

Suggestion / Feature Request

Curl, wget, and other http tools can be used with authorization headers, like the Basic Authorization header, which contains a base64-encoded username:password combo.

For example: curl -H 'Authorization: Basic $(printf username:password|base64)' website.com is the same as curl -H 'Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=' website.com

According to https://reqbin.com/req/c-haxm0xgr/curl-basic-auth-example, a user can also use the command curl -u username:password website.com

It would be great if shellclear could detect instances of this, as well as in other programs like wget, for example.

Suggestion / Feature Request

Today, shellclear presents the findings directly to the stdout using the command shellclear find. To make more secure, we can mask the secrets and show part of the secret. Optional libraries to use: https://github.com/rusty-ferris-club/mask-text https://github.com/rusty-ferris-club/redact-engine

The second problem is when we use shellcelar clear, the command deletes the finding from the history. In some cases, we want to keep the command and just hind the secrets (we can use the same logic from the first case.

Maybe add a flag for how to act when the user wan to clear mask/delete

Suggestion / Feature Request

The shellclear/ and .shellclear/ directories unnecessarily pollute users' home directory.

The XDGBDS defines where these files should be placed with environment variables in order to avoid this.

The XDG Base Directory Specification is based on the following concepts:

• There is a single base directory relative to which user-specific data files should be written. This directory is defined by the environment variable $XDG_DATA_HOME.

• There is a single base directory relative to which user-specific configuration files should be written. This directory is defined by the environment variable $XDG_CONFIG_HOME.

• There is a single base directory relative to which user-specific state data should be written. This directory is defined by the environment variable $XDG_STATE_HOME.

• There is a single base directory relative to which user-specific executable files may be written.

• There is a set of preference ordered base directories relative to which data files should be searched. This set of directories is defined by the environment variable $XDG_DATA_DIRS.

• There is a set of preference ordered base directories relative to which configuration files should be searched. This set of directories is defined by the environment variable $XDG_CONFIG_DIRS.

• There is a single base directory relative to which user-specific non-essential (cached) data should be written. This directory is defined by the environment variable $XDG_CACHE_HOME.

• There is a single base directory relative to which user-specific runtime files and other file objects should be placed. This directory is defined by the environment variable $XDG_RUNTIME_DIR.

All paths set in these environment variables must be absolute. If an implementation encounters a relative path in any of these variables it should consider the path invalid and ignore it.

What happened?

Installed v0.4.4 via brew. My shell is fish. Sourced, ran shellclear find. Exited 1 with no output.

What type of Operating System?

macOS

Steps to produce this issue.

$ shellclear --init-shell | source
$ shellclear --log TRACE find
[2022-09-15T22:17:03Z DEBUG shellclear::state] state folder found: "/Users/rmartine/.shellclear"
[2022-09-15T22:17:03Z DEBUG shellclear::shell] shell PowerShell not found

     _          _ _      _
 ___| |__   ___| | | ___| | ___  __ _ _ __
/ __| '_ \ / _ \ | |/ __| |/ _ \/ _` | '__|
\__ \ | | |  __/ | | (__| |  __/ (_| | |
|___/_| |_|\___|_|_|\___|_|\___|\__,_|_| 0.4.4
[2022-09-15T22:17:03Z DEBUG shellclear::engine] app config folder not found in path: /Users/rmartine/shellclear
[2022-09-15T22:17:03Z DEBUG shellclear::engine] clear history commands from path: /Users/rmartine/.bash_history, params: is clear: false
[2022-09-15T22:17:03Z DEBUG shellclear::engine] time elapsed to read history file: 505.625µs. found 500 commands
[2022-09-15T22:17:03Z DEBUG shellclear::engine] time elapsed for detect sensitive commands: 10.821583ms
[2022-09-15T22:17:03Z DEBUG shellclear::engine] clear history commands from path: /Users/rmartine/.zsh_history, params: is clear: false
[2022-09-15T22:17:03Z DEBUG shellclear::engine] time elapsed to read history file: 207.292µs. found 18 commands
[2022-09-15T22:17:03Z DEBUG shellclear::engine] time elapsed for detect sensitive commands: 143.667µs
[2022-09-15T22:17:03Z DEBUG shellclear::engine] clear history commands from path: /Users/rmartine/.local/share/fish/fish_history, params: is clear: false
[2022-09-15T22:17:03Z DEBUG shellclear] mapping values are not allowed in this context at line 2563 column 58

    Caused by:
        mapping values are not allowed in this context at line 2563 column 58

When installing shellclear via install.sh we need to install xz-utils for open the compressing tar file. The compressing tar creates in .github/workflows/release.yml.