-
Notifications
You must be signed in to change notification settings - Fork 10
/
censored-for-email
executable file
·114 lines (107 loc) · 2.58 KB
/
censored-for-email
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
#!/bin/sh
# censored-for-email (part of ossobv/vcutil) // wdoekes/2014 // Public Domain
#
# Censors lines explicitly marked as private from standard input. Used
# in combination with e-mailing of repository commits (which may contain
# sensitive information).
#
# The markers are:
# #CENSORED\#
# #BEGIN_CENSORED\#
# #END_CENSORED\#
# (all without the backslash, which I added so that these lines aren't
# censored themselves)
#
# The first marker can be used anywhere on a line to censor the entire
# line. Example:
#
# secret=My_Password ; #CENSORED\#
#
# The second two markers can be used to censor an entire block.
#
# This is shown.
# #BEGIN_CENSORED\#
# This is hidden.
# #END_CENSORED\#
#
# WARNING! BUG!
#
# Using the block-form is NOT recommended right now. If it is part
# of a unified diff, we might not see the BEGIN_CENSORED marker, and
# the censorship will not be in effect.
#
# (We should probably fix that by recognising unified diff format.)
#
# Usage:
#
# git diff | censored-for-email | mail -s commits root@localhost
# # takes a diff
# # replaces the sensitive lines with #CENSORED\#
# # sends the mail over an unsecure link
#
# The markers were chosen with this in mind:
# - The hash '#' is the most common comment marker. Angle brackets were
# avoided because they have meanings in SGML/XML.
# - It can be anywhere on a line, because in some languages a comment
# has to be closed too (e.g. /*...*/ in C).
#
# See test_censored for an example.
censored()
{
# Here we add some extra quotes to split up #whatever# to avoid
# censorship of this file.
sed -e '
s/.*#CENSORED''#.*/#CENSORED''#/g
/#BEGIN_CENSORED''#/,/#END_CENSORED''#/s/.*/#CENSORED''#/
'
# Prepare valid return value.
true
}
test_censored()
{
INPUT="abc=def
ghi=jkl
password=password ; #CENSORED#
# Whatever.
int main() {
/*#BEGIN_CENSORED#*/
top secret code
goes here;
/*#END_CENSORED#*/
}
#BEGIN_CENSORED#
(test that this is a second block)
(and that a missing endblock censors)
(till the end)"
EXPECTED="abc=def
ghi=jkl
#CENSORED#
# Whatever.
int main() {
#CENSORED#
#CENSORED#
#CENSORED#
#CENSORED#
}
#CENSORED#
#CENSORED#
#CENSORED#
#CENSORED#"
OUTPUT=`echo "$INPUT" | censored`
if test "$OUTPUT" = "$EXPECTED"; then
echo "test_censored: OK"
else
echo "test_censored: FAILURE"
expectedf=`mktemp`; echo "$EXPECTED" > "$expectedf"
outputf=`mktemp`; echo "$OUTPUT" > "$outputf"
diff -u "$expectedf" "$outputf"
rm -f "$expectedf" "$outputf"
exit 1
fi
}
# The actual call.
if test "$#" = 1 -a "$1" = "TestCase"; then
test_censored
else
censored
fi