diff options
Diffstat (limited to 'contrib/vim')
-rw-r--r-- | contrib/vim/redact_pass.txt | 6 | ||||
-rw-r--r-- | contrib/vim/redact_pass.vim | 45 |
2 files changed, 11 insertions, 40 deletions
diff --git a/contrib/vim/redact_pass.txt b/contrib/vim/redact_pass.txt index 86d8a25..62c9d15 100644 --- a/contrib/vim/redact_pass.txt +++ b/contrib/vim/redact_pass.txt @@ -1,4 +1,4 @@ -*redact_pass.txt* For Vim version 6.0 Last change: 2018 June 10 +*redact_pass.txt* For Vim version 6.0 Last change: 2018 June 24 DESCRIPTION *redact_pass* @@ -8,8 +8,8 @@ and 'undofile' options globally when editing a password in `pass(1)`. This is to prevent anyone being able to extract passwords from your Vim cache files in the event of a compromise. -You should test this after installed to ensure you see this message is printed -whenever you `pass edit`: +You should test this after installation to ensure you see this message is +printed whenever you `pass edit`: > Editing password file--disabled leaky options! diff --git a/contrib/vim/redact_pass.vim b/contrib/vim/redact_pass.vim index 14919bb..a3d67e8 100644 --- a/contrib/vim/redact_pass.vim +++ b/contrib/vim/redact_pass.vim @@ -11,49 +11,16 @@ if exists('g:loaded_redact_pass') || &compatible finish endif -if !has('autocmd') +if !has('autocmd') || v:version < 600 finish endif let g:loaded_redact_pass = 1 -" Pattern to match for the portion of the path after the temporary dir, -" starting with the leading slash -let s:pattern = '\m\C/pass\.[^/]\+/[^/]\+\.txt$' - -" Check whether the given dir name is not an empty string, whether the first -" file in the argument list is within the named dir, and that the whole path -" matches the above pattern immediately after that dir name -function! s:PassPath(root) - - " Check we actually got a value, i.e. this wasn't an empty environment - " variable - if !strlen(a:root) - return 0 - endif - - " Full resolved path to the root dir with no trailing slashes - let l:root = fnamemodify(a:root, ':p:h') - - " Full resolved path to the first file in the arg list - let l:path = fnamemodify(argv(0), ':p') - - " Check the string all match and at the expected points - return stridx(l:path, l:root) == 0 - \ && strlen(l:root) == match(l:path, s:pattern) - -endfunction - " Check whether we should set redacting options or not function! s:CheckArgsRedact() - " Short-circuit unless we're editing just one file and it looks like a path - " in one of the three expected directories; we're trying hard to make sure - " this really is a password file and we're not messing with the user's - " precious settings unnecessarily - if argc() != 1 - \ || !s:PassPath('/dev/shm') - \ && !s:PassPath($TMPDIR) - \ && !s:PassPath('/tmp') + " Ensure there's one argument and it's the matched file + if argc() != 1 || fnamemodify(argv(0), ':p') !=# expand('<afile>:p') return endif @@ -76,5 +43,9 @@ endfunction " Auto function loads only when Vim starts up augroup redact_pass autocmd! - autocmd VimEnter * call s:CheckArgsRedact() + autocmd VimEnter + \ /dev/shm/pass.?*/?*.txt + \,$TMPDIR/pass.?*/?*.txt + \,/tmp/pass.?*/?*.txt + \ call s:CheckArgsRedact() augroup END |