diff options
author | Tom Ryder <tom@sanctum.geek.nz> | 2018-06-10 00:24:34 +1200 |
---|---|---|
committer | Tom Ryder <tom@sanctum.geek.nz> | 2018-06-10 00:24:47 +1200 |
commit | e92517df50a7450ec51f2dbb872f89034e90e6d4 (patch) | |
tree | 3bdd97ea49e8881c2f81767fa7bd168797fc1797 /plugin/redact_pass.vim | |
parent | Disable 'writebackup' too (diff) | |
download | vim-redact-pass-e92517df50a7450ec51f2dbb872f89034e90e6d4.tar.gz vim-redact-pass-e92517df50a7450ec51f2dbb872f89034e90e6d4.zip |
Completely refactor for version 1.0.0v1.0.0
Turn off leaky options globally just after startup if we have only one
file to edit and it matches the typical pass(1) path.
Diffstat (limited to 'plugin/redact_pass.vim')
-rw-r--r-- | plugin/redact_pass.vim | 67 |
1 files changed, 38 insertions, 29 deletions
diff --git a/plugin/redact_pass.vim b/plugin/redact_pass.vim index 75776d6..66916a7 100644 --- a/plugin/redact_pass.vim +++ b/plugin/redact_pass.vim @@ -1,15 +1,10 @@ " -" redact_pass.vim: Switch off the 'viminfo', 'backup', 'swapfile', and -" 'undofile' when editing passwords in the pass(1) password manager, or a -" comparable tool if g:redact_pass_pattern is set beforehand. +" redact_pass.vim: Switch off the 'viminfo', 'backup', 'writebackup', +" 'swapfile', and 'undofile' globally when editing a password in pass(1). " " This is to prevent anyone being able to extract passwords from your Vim " cache files in the event of a compromise. " -" Test this carefully to make sure it works! If it doesn't, it is probably -" because you need to set g:redact_pass_pattern to fit your system's -" behaviour, or the plugin hasn't loaded at all. -" " Author: Tom Ryder <tom@sanctum.geek.nz> " License: Same as Vim itself " @@ -21,37 +16,51 @@ if !has('autocmd') endif let g:loaded_redact_pass = 1 -" Set g:redact_pass_pattern to a default based on the pass(1) code, if it -" hasn't already been set -if !exists('g:redact_pass_pattern') - let g:redact_pass_pattern - \ = '/dev/shm/pass.*/*,$TMPDIR/pass.*/*,/tmp/pass.*/*' -endif +" Pattern to match for the portion of the path after the temporary dir, +" starting with the leading slash +let s:pattern = '\m\C/pass\.[^/]\+/[^/]\+\.txt$' -" Function to switch the options off for just the current buffer -function! s:RedactPass() +" Check whether the given dir name is not an empty string, whether the first +" file in the argument list is within the named dir, and that the whole path +" matches the above pattern immediately after that dir name +function! s:PassPath(root) + return strlen(a:root) + \ && stridx(argv(0), a:root) == 0 + \ && strlen(a:root) == match(argv(0), s:pattern) +endfunction - " Unset options - setlocal nobackup - setlocal nowritebackup - setlocal noswapfile - if has('viminfo') - setlocal viminfo= +" Check whether we should set redacting options or not +function! s:CheckArgsRedact() + + " Short-circuit unless we're editing just one file and it looks like a path + " in one of the three expected directories; we're trying hard to make sure + " this really is a password file and we're not messing with the user's + " precious settings unnecessarily + if argc() != 1 + \ || !s:PassPath('/dev/shm') + \ && !s:PassPath($TMPDIR) + \ && !s:PassPath('/tmp') + return endif + + " Disable all the leaky options globally + set nobackup + set nowritebackup + set noswapfile + set viminfo= if has('persistent_undo') - setlocal noundofile + set noundofile endif - " Set a buffer variable to say we were here, for debugging - let b:redact_pass_active = 1 + " Tell the user what we're doing so they know this worked, via a message and + " a global variable they can check + echomsg 'Editing password file--disabled leaky options!' + let g:redact_pass_redacted = 1 endfunction -" Automatic command to use the function based on filename pattern -let s:command = 'autocmd BufNewFile,BufReadPre ' - \ . g:redact_pass_pattern - \ . ' call s:RedactPass()' +" Auto function loads only when Vim starts up augroup redact_pass autocmd! - execute s:command + autocmd VimEnter * call s:CheckArgsRedact() augroup END |