bash/bash_completion.d/pass.bash


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47

# Requires Bash >= 4.0 for globstar
((BASH_VERSINFO[0] >= 4)) || return

# Custom completion for pass(1), because I don't like the one included with the
# distribution
_pass()
{
    # If we can't read the password directory, just bail
    local passdir
    passdir=${PASSWORD_STORE_DIR:-"$HOME"/.password-store}
    [[ -r $passdir ]] || return

    # Iterate through list of .gpg paths, extension stripped, null-delimited,
    # and filter them down to the ones matching the completing word (compgen
    # doesn't seem to do this properly with a null delimiter)
    local entry
    while IFS= read -rd '' entry ; do
        [[ -n $entry ]] || continue
        COMPREPLY+=("$entry")
    done < <(

        # Set shell options to expand globs the way we expect
        shopt -u dotglob
        shopt -s globstar nullglob

        # Make globbing case-insensitive if appropriate
        while read -r _ setting ; do
            case $setting in
                ('completion-ignore-case on')
                    shopt -s nocaseglob
                    break
                    ;;
            esac
        done < <(bind -v)

        # Gather the entries and remove their .gpg suffix
        declare -a entries
        entries=("$passdir"/"${COMP_WORDS[COMP_CWORD]}"*/**/*.gpg \
            "$passdir"/"${COMP_WORDS[COMP_CWORD]}"*.gpg)
        entries=("${entries[@]#"$passdir"/}")
        entries=("${entries[@]%.gpg}")

        # Print quoted entries, null-delimited
        printf '%q\0' "${entries[@]}"
    )
}
complete -F _pass pass
#!/usr/bin/env bash
# Try to find erroneous or insecure URLs
self=urlc

# cURL request timeout
tm=${URLCHECK_TIMEOUT:-8}

# Create temporary files for headers and body content
head=$(mktemp) || exit
body=$(mktemp) || exit

# Set up cleanup function to remove temporary files on exit
cleanup() {
    rm -f -- "$head" "$body"
}
trap cleanup EXIT

# Error count
declare -i errc

# Iterate through input; ignore leading/trailing whitespace
while read -r url ; do

    # Skip anything that doesn't start with HTTP
    [[ $url == 'http'* ]] || continue

    # Make initial request, log head and body to files, cry and skip on error
    if ! curl -A Mozilla -fHLsS -D "$head" -m "$tm" -o "$body" -- "$url" ; then
        printf '%s: %s raises error\n' \
            "$self" "$url" >&2
        ((errc++))
        continue
    fi

    # Iterate through header file, cry about the first redirect we find
    while IFS=': ' read -r header value ; do
        [[ $header == 'Location' ]] || continue
        printf '%s: %s redirects to %s\n' \
            "$self" "$url" "$value" >&2
        ((errc++))
        break
    done < "$head"

    # Skip anything that's already secure
    [[ $url == 'https:'* ]] && continue

    # Form a naïve attempt at a possible secure URL and try to request it,
    # point it out if it actually works
    securl=${url/http:/https:}
    if curl -A Mozilla -fLsS -D "$head" -m "$tm" -o "$body" -- "$securl" 2>/dev/null ; then
        printf '%s: %s has a working secure version at %s\n' \
            "$self" "$url" "$securl" >&2
        ((errc++))
    fi
done < <(cat -- "${@:-/dev/stdin}") ## shellcheck disable=SC2002

# Exit if any errors
exit "$((errc > 0))"