aboutsummaryrefslogtreecommitdiff
path: root/plugin/redact_pass.vim
diff options
context:
space:
mode:
authorTom Ryder <tom@sanctum.geek.nz>2018-06-10 00:24:34 +1200
committerTom Ryder <tom@sanctum.geek.nz>2018-06-10 00:24:47 +1200
commite92517df50a7450ec51f2dbb872f89034e90e6d4 (patch)
tree3bdd97ea49e8881c2f81767fa7bd168797fc1797 /plugin/redact_pass.vim
parentDisable 'writebackup' too (diff)
downloadvim-redact-pass-e92517df50a7450ec51f2dbb872f89034e90e6d4.tar.gz
vim-redact-pass-e92517df50a7450ec51f2dbb872f89034e90e6d4.zip
Completely refactor for version 1.0.0v1.0.0
Turn off leaky options globally just after startup if we have only one file to edit and it matches the typical pass(1) path.
Diffstat (limited to 'plugin/redact_pass.vim')
-rw-r--r--plugin/redact_pass.vim67
1 files changed, 38 insertions, 29 deletions
diff --git a/plugin/redact_pass.vim b/plugin/redact_pass.vim
index 75776d6..66916a7 100644
--- a/plugin/redact_pass.vim
+++ b/plugin/redact_pass.vim
@@ -1,15 +1,10 @@
"
-" redact_pass.vim: Switch off the 'viminfo', 'backup', 'swapfile', and
-" 'undofile' when editing passwords in the pass(1) password manager, or a
-" comparable tool if g:redact_pass_pattern is set beforehand.
+" redact_pass.vim: Switch off the 'viminfo', 'backup', 'writebackup',
+" 'swapfile', and 'undofile' globally when editing a password in pass(1).
"
" This is to prevent anyone being able to extract passwords from your Vim
" cache files in the event of a compromise.
"
-" Test this carefully to make sure it works! If it doesn't, it is probably
-" because you need to set g:redact_pass_pattern to fit your system's
-" behaviour, or the plugin hasn't loaded at all.
-"
" Author: Tom Ryder <tom@sanctum.geek.nz>
" License: Same as Vim itself
"
@@ -21,37 +16,51 @@ if !has('autocmd')
endif
let g:loaded_redact_pass = 1
-" Set g:redact_pass_pattern to a default based on the pass(1) code, if it
-" hasn't already been set
-if !exists('g:redact_pass_pattern')
- let g:redact_pass_pattern
- \ = '/dev/shm/pass.*/*,$TMPDIR/pass.*/*,/tmp/pass.*/*'
-endif
+" Pattern to match for the portion of the path after the temporary dir,
+" starting with the leading slash
+let s:pattern = '\m\C/pass\.[^/]\+/[^/]\+\.txt$'
-" Function to switch the options off for just the current buffer
-function! s:RedactPass()
+" Check whether the given dir name is not an empty string, whether the first
+" file in the argument list is within the named dir, and that the whole path
+" matches the above pattern immediately after that dir name
+function! s:PassPath(root)
+ return strlen(a:root)
+ \ && stridx(argv(0), a:root) == 0
+ \ && strlen(a:root) == match(argv(0), s:pattern)
+endfunction
- " Unset options
- setlocal nobackup
- setlocal nowritebackup
- setlocal noswapfile
- if has('viminfo')
- setlocal viminfo=
+" Check whether we should set redacting options or not
+function! s:CheckArgsRedact()
+
+ " Short-circuit unless we're editing just one file and it looks like a path
+ " in one of the three expected directories; we're trying hard to make sure
+ " this really is a password file and we're not messing with the user's
+ " precious settings unnecessarily
+ if argc() != 1
+ \ || !s:PassPath('/dev/shm')
+ \ && !s:PassPath($TMPDIR)
+ \ && !s:PassPath('/tmp')
+ return
endif
+
+ " Disable all the leaky options globally
+ set nobackup
+ set nowritebackup
+ set noswapfile
+ set viminfo=
if has('persistent_undo')
- setlocal noundofile
+ set noundofile
endif
- " Set a buffer variable to say we were here, for debugging
- let b:redact_pass_active = 1
+ " Tell the user what we're doing so they know this worked, via a message and
+ " a global variable they can check
+ echomsg 'Editing password file--disabled leaky options!'
+ let g:redact_pass_redacted = 1
endfunction
-" Automatic command to use the function based on filename pattern
-let s:command = 'autocmd BufNewFile,BufReadPre '
- \ . g:redact_pass_pattern
- \ . ' call s:RedactPass()'
+" Auto function loads only when Vim starts up
augroup redact_pass
autocmd!
- execute s:command
+ autocmd VimEnter * call s:CheckArgsRedact()
augroup END