From f7e4447b66f7b5bf5a9242c7167874a817b4e55a Mon Sep 17 00:00:00 2001
From: Kovid Goyal <kovid@kovidgoyal.net>
Date: Sun, 13 Mar 2022 15:43:14 +0530
Subject: [PATCH] Dont transmit sensitive data unless actually needed

---
 kittens/ssh/main.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/kittens/ssh/main.py b/kittens/ssh/main.py
index 8e8b31bd9..f87ceb699 100644
--- a/kittens/ssh/main.py
+++ b/kittens/ssh/main.py
@@ -234,11 +234,15 @@ def bootstrap_script(
         shm.write_data_with_size(db)
         shm.flush()
         atexit.register(shm.unlink)
+    sensitive_data = {'REQUEST_ID': request_id, 'DATA_PASSWORD': pw, 'PASSWORD_FILENAME': shm.name}
     replacements = {
-        'DATA_PASSWORD': pw, 'PASSWORD_FILENAME': shm.name, 'EXEC_CMD': exec_cmd, 'TEST_SCRIPT': test_script,
-        'REQUEST_ID': request_id, 'REQUEST_DATA': '1' if request_data else '0', 'ECHO_ON': '1' if echo_on else '0',
+        'EXEC_CMD': exec_cmd, 'TEST_SCRIPT': test_script, 'REQUEST_DATA': '1' if request_data else '0', 'ECHO_ON': '1' if echo_on else '0',
     }
-    return prepare_script(ans, replacements), replacements, shm
+    sd = replacements.copy()
+    if request_data:
+        sd.update(sensitive_data)
+    replacements.update(sensitive_data)
+    return prepare_script(ans, sd), replacements, shm
 
 
 def get_ssh_cli() -> Tuple[Set[str], Set[str]]: