password-store

commit b28849617fb61e87a40a0e06ed94e0cd3c87bb5e
parent ff62f87f41557ab7267defab662324927301485a
Author: Jason A. Donenfeld <Jason@zx2c4.com>
Date:   Tue, 20 Dec 2016 20:58:24 +0100

extensions: make opt-in

Diffstat:
M
man/pass.1
 | 
13
++++++++-----
M
src/password-store.sh
 | 
24
++++++++++++++----------

2 files changed, 22 insertions(+), 15 deletions(-)
diff --git a/man/pass.1 b/man/pass.1
@@ -30,10 +30,10 @@ If no COMMAND is specified, COMMAND defaults to either
 .B show
 or
 .BR ls ,
-depending on the type of specifier in ARGS. Alternatively, if the file
-\fI.extensions/COMMAND.bash\fP exists inside the password store and is executable
-, then it is sourced into the environment, passing any arguments and environment
-variables.
+depending on the type of specifier in ARGS. Alternatively, if \fIPASSWORD_STORE_ENABLE_EXTENSIONS\fP
+is set to "true", and the file \fI.extensions/COMMAND.bash\fP exists inside the
+password store and is executable, then it is sourced into the environment,
+passing any arguments and environment variables.
 
 Otherwise COMMAND must be one of the valid commands listed below.
 
@@ -441,7 +441,10 @@ by \fBtr\fP. See
 .BR tr (1)
 for more info.
 .TP
-.I PASSWORD_STORE_EXTENSION_DIR
+.I PASSWORD_STORE_ENABLE_EXTENSIONS
+This environment variable must be set to "true" for extensions to be enabled.
+.TP
+.I PASSWORD_STORE_EXTENSIONS_DIR
 The location to look for executable extension files, by default
 \fIPASSWORD_STORE_DIR/.extensions\fP.
 .TP
diff --git a/src/password-store.sh b/src/password-store.sh
@@ -13,7 +13,7 @@ which gpg2 &>/dev/null && GPG="gpg2"
 [[ -n $GPG_AGENT_INFO || $GPG == "gpg2" ]] && GPG_OPTS+=( "--batch" "--use-agent" )
 
 PREFIX="${PASSWORD_STORE_DIR:-$HOME/.password-store}"
-EXTENSIONS="${PASSWORD_STORE_EXTENSION_DIR:-$PREFIX/.extensions}"
+EXTENSIONS="${PASSWORD_STORE_EXTENSIONS_DIR:-$PREFIX/.extensions}"
 X_SELECTION="${PASSWORD_STORE_X_SELECTION:-clipboard}"
 CLIP_TIME="${PASSWORD_STORE_CLIP_TIME:-45}"
 GENERATED_LENGTH="${PASSWORD_STORE_GENERATED_LENGTH:-25}"
@@ -597,18 +597,22 @@ cmd_git() {
 	fi
 }
 
-cmd_extension() {
-	local extension="$EXTENSIONS/$1.bash"
-	check_sneaky_paths "$extension"
-	if [[ -f $extension && -x $extension ]]; then
-		verify_file "$extension"
-		shift
-		source "$extension" "$@"
-	else
+cmd_extension_or_show() {
+	if ! cmd_extension "$@"; then
 		COMMAND="show"
 		cmd_show "$@"
 	fi
 }
+cmd_extension() {
+	[[ $PASSWORD_STORE_ENABLE_EXTENSIONS == true ]] || return 1
+	local extension="$EXTENSIONS/$1.bash"
+	check_sneaky_paths "$extension"
+	[[ -f $extension && -x $extension ]] || return 1
+	verify_file "$extension"
+	shift
+	source "$extension" "$@"
+	return 0
+}
 
 #
 # END subcommand functions
@@ -631,6 +635,6 @@ case "$1" in
 	rename|mv) shift;		cmd_copy_move "move" "$@" ;;
 	copy|cp) shift;			cmd_copy_move "copy" "$@" ;;
 	git) shift;			cmd_git "$@" ;;
-	*)				cmd_extension "$@" ;;
+	*)				cmd_extension_or_show "$@" ;;
 esac
 exit 0