aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTom Ryder <tom@sanctum.geek.nz>2018-06-10 00:24:34 +1200
committerTom Ryder <tom@sanctum.geek.nz>2018-06-10 00:24:47 +1200
commite92517df50a7450ec51f2dbb872f89034e90e6d4 (patch)
tree3bdd97ea49e8881c2f81767fa7bd168797fc1797
parent97e019dbe8459d34108212e905b63142ac194108 (diff)
downloadvim-redact-pass-e92517df50a7450ec51f2dbb872f89034e90e6d4.tar.gz
vim-redact-pass-e92517df50a7450ec51f2dbb872f89034e90e6d4.zip
Completely refactor for version 1.0.0v1.0.0
Turn off leaky options globally just after startup if we have only one file to edit and it matches the typical pass(1) path.
-rw-r--r--README.markdown13
-rw-r--r--VERSION2
-rw-r--r--doc/redact_pass.txt30
-rw-r--r--plugin/redact_pass.vim67
4 files changed, 61 insertions, 51 deletions
diff --git a/README.markdown b/README.markdown
index 8087640..eeee26b 100644
--- a/README.markdown
+++ b/README.markdown
@@ -1,17 +1,16 @@
redact\_pass.vim
================
-This plugin switches off the` 'viminfo'`, `'backup'`, `'swapfile'`, and
-`'undofile'` options locally for the buffer when editing passwords in the
-`pass(1)` password manager, or a comparable tool if `g:redact_pass_pattern` is
-set beforehand.
+This plugin switches off the 'viminfo', 'backup', 'writebackup', 'swapfile',
+and 'undofile' options globally when editing a password in `pass(1)`.
This is to prevent anyone being able to extract passwords from your Vim cache
files in the event of a compromise.
-Test this carefully to make sure it works! If it doesn't, it is probably
-because you need to set `g:redact_pass_pattern` to fit your system's behaviour,
-or the plugin hasn't loaded at all.
+You should test this after installed to ensure you see this message is printed
+whenever you `pass edit`:
+
+> Editing password file--disabled leaky options!
License
-------
diff --git a/VERSION b/VERSION
index 6e8bf73..3eefcb9 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-0.1.0
+1.0.0
diff --git a/doc/redact_pass.txt b/doc/redact_pass.txt
index 2676129..87df5ec 100644
--- a/doc/redact_pass.txt
+++ b/doc/redact_pass.txt
@@ -1,32 +1,34 @@
-*redact_pass.txt* For Vim version 6.0 Last change: 2018 June 6
+*redact_pass.txt* For Vim version 6.0 Last change: 2018 June 10
DESCRIPTION *redact_pass*
-This plugin switches off the 'viminfo', 'backup', 'swapfile', and 'undofile'
-options locally for the buffer when editing passwords in the `pass(1)`
-password manager, or a comparable tool if `g:redact_pass_pattern` is set
-beforehand.
+This plugin switches off the 'viminfo', 'backup', 'writebackup', 'swapfile',
+and 'undofile' options globally when editing a password in `pass(1)`.
This is to prevent anyone being able to extract passwords from your Vim cache
files in the event of a compromise.
-Test this carefully to make sure it works! If it doesn't, it is probably
-because you need to set `g:redact_pass_pattern` to fit your system's
-behaviour, or the plugin hasn't loaded at all.
+You should test this after installed to ensure you see this message is printed
+whenever you `pass edit`:
+
+> Editing password file--disabled leaky options!
REQUIREMENTS *redact_pass-requirements*
This plugin is only available if 'compatible' is not set. It also requires the
|+autocmd| feature.
-OPTIONS *redact_pass-options*
+IMPLEMENTATION *redact_pass-implementation*
-There is one options you can set in your |vimrc| before loading the plugin:
+The options are disabled globally rather than attempting to set them local to
+the buffer only, which was the flawed approach of previous versions. This is
+mostly because of the 'viminfo' option; it's global, and there's no meaningful
+way to exclude information from the sensitive buffer from appearing in it.
- *g:redact_pass_backup*
-Set `g:redact_pass_pattern` to specify the path pattern for which the options
-should be disabled. This defaults to a value based on the source code of
-`pass(1)`.
+Because the typical use case for editing a password file in Vim is that you
+load and change a single short document, and then quit, it's more sensible to
+just turn the relevant options off completely, and makes what the plugin is
+doing more reliable and straightforward to understand.
AUTHOR *redact_pass-author*
diff --git a/plugin/redact_pass.vim b/plugin/redact_pass.vim
index 75776d6..66916a7 100644
--- a/plugin/redact_pass.vim
+++ b/plugin/redact_pass.vim
@@ -1,15 +1,10 @@
"
-" redact_pass.vim: Switch off the 'viminfo', 'backup', 'swapfile', and
-" 'undofile' when editing passwords in the pass(1) password manager, or a
-" comparable tool if g:redact_pass_pattern is set beforehand.
+" redact_pass.vim: Switch off the 'viminfo', 'backup', 'writebackup',
+" 'swapfile', and 'undofile' globally when editing a password in pass(1).
"
" This is to prevent anyone being able to extract passwords from your Vim
" cache files in the event of a compromise.
"
-" Test this carefully to make sure it works! If it doesn't, it is probably
-" because you need to set g:redact_pass_pattern to fit your system's
-" behaviour, or the plugin hasn't loaded at all.
-"
" Author: Tom Ryder <tom@sanctum.geek.nz>
" License: Same as Vim itself
"
@@ -21,37 +16,51 @@ if !has('autocmd')
endif
let g:loaded_redact_pass = 1
-" Set g:redact_pass_pattern to a default based on the pass(1) code, if it
-" hasn't already been set
-if !exists('g:redact_pass_pattern')
- let g:redact_pass_pattern
- \ = '/dev/shm/pass.*/*,$TMPDIR/pass.*/*,/tmp/pass.*/*'
-endif
+" Pattern to match for the portion of the path after the temporary dir,
+" starting with the leading slash
+let s:pattern = '\m\C/pass\.[^/]\+/[^/]\+\.txt$'
-" Function to switch the options off for just the current buffer
-function! s:RedactPass()
+" Check whether the given dir name is not an empty string, whether the first
+" file in the argument list is within the named dir, and that the whole path
+" matches the above pattern immediately after that dir name
+function! s:PassPath(root)
+ return strlen(a:root)
+ \ && stridx(argv(0), a:root) == 0
+ \ && strlen(a:root) == match(argv(0), s:pattern)
+endfunction
- " Unset options
- setlocal nobackup
- setlocal nowritebackup
- setlocal noswapfile
- if has('viminfo')
- setlocal viminfo=
+" Check whether we should set redacting options or not
+function! s:CheckArgsRedact()
+
+ " Short-circuit unless we're editing just one file and it looks like a path
+ " in one of the three expected directories; we're trying hard to make sure
+ " this really is a password file and we're not messing with the user's
+ " precious settings unnecessarily
+ if argc() != 1
+ \ || !s:PassPath('/dev/shm')
+ \ && !s:PassPath($TMPDIR)
+ \ && !s:PassPath('/tmp')
+ return
endif
+
+ " Disable all the leaky options globally
+ set nobackup
+ set nowritebackup
+ set noswapfile
+ set viminfo=
if has('persistent_undo')
- setlocal noundofile
+ set noundofile
endif
- " Set a buffer variable to say we were here, for debugging
- let b:redact_pass_active = 1
+ " Tell the user what we're doing so they know this worked, via a message and
+ " a global variable they can check
+ echomsg 'Editing password file--disabled leaky options!'
+ let g:redact_pass_redacted = 1
endfunction
-" Automatic command to use the function based on filename pattern
-let s:command = 'autocmd BufNewFile,BufReadPre '
- \ . g:redact_pass_pattern
- \ . ' call s:RedactPass()'
+" Auto function loads only when Vim starts up
augroup redact_pass
autocmd!
- execute s:command
+ autocmd VimEnter * call s:CheckArgsRedact()
augroup END