1""" 

2## Blacklist 

3 

4When any word of `$blacklisted_words` (e.g. "mypass::mycompany::myuser") 

5occurs in non git ignored sources, we die. 

6 

7This prevents private information being pushed to a public repo. 

8 

9Set `$blacklisted_words` e.g. via `$(pass show my/sensitive_words)` in an environ file. 

10 

11This is run after config is read and scans all docs folder content, not just the .md 

12files. 

13 

14Requires rg ([ripgrep](https://github.com/BurntSushi/ripgrep)) tool. 

15 

16""" 

17 

18 

19from lcdoc.mkdocs.tools import MDPlugin, app, config_options 1 ctxlp

20from lcdoc.tools import os, project, require, sys 1 ctxlp

21 

22 

23def fail_on_blacklisted_words(config, envkey, envsep): 1 ctxlp

24 l = os.environ.get(envkey) 1 ctxlp

25 if not l: 25 ↛ 27line 25 didn't jump to line 27, because the condition on line 25 was never false1 ctxlp

26 return app.debug('No $%s to check for blacklisted words' % envkey) 1 ctxlp

27 here = os.getcwd() 

28 try: 

29 os.chdir(project.root(config)) # ['docs_dir']) 

30 require('rg --version', name='ripgrep') 

31 H = False 

32 words = [s.strip() for s in l.split(envsep)] 

33 for w in words: 

34 if not w.strip(): 

35 continue 

36 h = os.popen("rg -i '%s'" % w).read() 

37 if h.strip(): 

38 H = True 

39 f = app.die if not 'serve' in sys.argv else app.error 

40 f('Found blacklisted word', word=w, json=h.splitlines()[:10]) 

41 if not H: 

42 app.info( 

43 'Blacklist check passed: No occurrance of %s blacklisted words' 

44 % len(words) 

45 ) 

46 finally: 

47 os.chdir(here) 

48 

49 

50class BlacklistPlugin(MDPlugin): 1 ctxlp

51 config_scheme = ( 

52 ('envkey', config_options.Type(str, default='blacklisted_words')), 

53 ('envsep', config_options.Type(str, default='::')), 

54 ) 

55 

56 def on_config(self, config): 1 ctxlp

57 fail_on_blacklisted_words(config, self.config['envkey'], self.config['envsep']) 1 ctxlp