lockbox

password manager
Log | Files | Refs | README | LICENSE
commit 2181ed2ddd5f772e242f317e76d86c434f4316a3
parent f7bc536d5692b2a965a699139d920e420c1f6e7e
Author: Sean Enck <sean@ttypty.com>
Date:   Sun, 11 Aug 2024 07:48:36 -0400

allow disabling hooks and prevent hooks calling hooks normally

Diffstat:

Minternal/app/core_test.go | 2+-


Minternal/backend/hooks.go | 10++++++++++


Minternal/backend/hooks_test.go | 9+++++++++


Minternal/config/vars.go | 7++++++-


Minternal/config/vars_test.go | 6+++++-


5 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/internal/app/core_test.go b/internal/app/core_test.go
@@ -13,7 +13,7 @@ func TestUsage(t *testing.T) {
 		t.Errorf("invalid usage, out of date? %d", len(u))
 	}
 	u, _ = app.Usage(true, "lb")
-	if len(u) != 106 {
+	if len(u) != 107 {
 		t.Errorf("invalid verbose usage, out of date? %d", len(u))
 	}
 	for _, usage := range u {
diff --git a/internal/backend/hooks.go b/internal/backend/hooks.go
@@ -33,6 +33,13 @@ const (
 
 // NewHook will create a new hook type
 func NewHook(path string, a ActionMode) (Hook, error) {
+	disabled, err := config.EnvNoHooks.Get()
+	if err != nil {
+		return Hook{}, err
+	}
+	if disabled {
+		return Hook{enabled: false}, nil
+	}
 	if strings.TrimSpace(path) == "" {
 		return Hook{}, errors.New("empty path is not allowed for hooks")
 	}
@@ -62,10 +69,13 @@ func (h Hook) Run(mode HookMode) error {
 	if !h.enabled {
 		return nil
 	}
+	env := os.Environ()
+	env = append(env, config.EnvNoHooks.KeyValue(config.YesValue))
 	for _, s := range h.scripts {
 		c := exec.Command(s, string(mode), string(h.mode), h.path)
 		c.Stdout = os.Stdout
 		c.Stderr = os.Stderr
+		c.Env = env
 		if err := c.Run(); err != nil {
 			return err
 		}
diff --git a/internal/backend/hooks_test.go b/internal/backend/hooks_test.go
@@ -10,6 +10,7 @@ import (
 )
 
 func TestHooks(t *testing.T) {
+	defer os.Clearenv()
 	os.Setenv("LOCKBOX_HOOKDIR", "")
 	h, err := backend.NewHook("a", backend.InsertAction)
 	if err != nil {
@@ -59,4 +60,12 @@ func TestHooks(t *testing.T) {
 	if err := h.Run(backend.HookPre); strings.Contains("fork/exec", err.Error()) {
 		t.Errorf("wrong error: %v", err)
 	}
+	os.Setenv("LOCKBOX_NOHOOKS", "yes")
+	h, err = backend.NewHook("a", backend.InsertAction)
+	if err != nil {
+		t.Errorf("invalid error: %v", err)
+	}
+	if err := h.Run(backend.HookPre); err != nil {
+		t.Errorf("wrong error: %v", err)
+	}
 }
diff --git a/internal/config/vars.go b/internal/config/vars.go
@@ -32,7 +32,7 @@ const (
 )
 
 var (
-	registry = []printer{EnvStore, envKeyMode, envKey, EnvNoClip, EnvNoColor, EnvInteractive, EnvReadOnly, EnvTOTPToken, EnvFormatTOTP, EnvMaxTOTP, EnvTOTPColorBetween, EnvClipPaste, EnvClipCopy, EnvClipMax, EnvPlatform, EnvNoTOTP, EnvHookDir, EnvClipOSC52, EnvKeyFile, EnvModTime, EnvJSONDataOutput, EnvHashLength, EnvConfig, envConfigExpands, EnvDefaultCompletion}
+	registry = []printer{EnvStore, envKeyMode, envKey, EnvNoClip, EnvNoColor, EnvInteractive, EnvReadOnly, EnvTOTPToken, EnvFormatTOTP, EnvMaxTOTP, EnvTOTPColorBetween, EnvClipPaste, EnvClipCopy, EnvClipMax, EnvPlatform, EnvNoTOTP, EnvHookDir, EnvClipOSC52, EnvKeyFile, EnvModTime, EnvJSONDataOutput, EnvHashLength, EnvConfig, envConfigExpands, EnvDefaultCompletion, EnvNoHooks}
 	// Platforms represent the platforms that lockbox understands to run on
 	Platforms = []string{MacOSPlatform, WindowsLinuxPlatform, LinuxXPlatform, LinuxWaylandPlatform}
 	// TOTPDefaultColorWindow is the default coloring rules for totp
@@ -98,6 +98,11 @@ var (
 		subKey: "NOCOLOR",
 		desc:   "Disable terminal colors.",
 	}, defaultValue: false}
+	// EnvNoHooks disables hooks
+	EnvNoHooks = EnvironmentBool{environmentBase: environmentBase{
+		subKey: "NOHOOKS",
+		desc:   "Disable hooks",
+	}, defaultValue: false}
 	// EnvInteractive indicates if operating in interactive mode
 	EnvInteractive = EnvironmentBool{environmentBase: environmentBase{
 		subKey: "INTERACTIVE",
diff --git a/internal/config/vars_test.go b/internal/config/vars_test.go
@@ -45,6 +45,10 @@ func TestColorSetting(t *testing.T) {
 	checkYesNo("LOCKBOX_NOCOLOR", t, config.EnvNoColor, false)
 }
 
+func TestNoHook(t *testing.T) {
+	checkYesNo("LOCKBOX_NOHOOKS", t, config.EnvNoHooks, false)
+}
+
 func TestInteractiveSetting(t *testing.T) {
 	checkYesNo("LOCKBOX_INTERACTIVE", t, config.EnvInteractive, true)
 }
@@ -93,7 +97,7 @@ func TestListVariables(t *testing.T) {
 		known[trim] = struct{}{}
 	}
 	l := len(known)
-	if l != 25 {
+	if l != 26 {
 		t.Errorf("invalid env count, outdated? %d", l)
 	}
 }