Coverage for src/lcdoc/mkdocs/blacklist/__init__.py: 31.71%
Shortcuts on this page
r m x p toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
Shortcuts on this page
r m x p toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1"""
2## Blacklist
4When any word of `$blacklisted_words` (e.g. "mypass::mycompany::myuser")
5occurs in non git ignored sources, we die.
7This prevents private information being pushed to a public repo.
9Set `$blacklisted_words` e.g. via `$(pass show my/sensitive_words)` in an environ file.
11This is run after config is read and scans all docs folder content, not just the .md
12files.
14Requires rg ([ripgrep](https://github.com/BurntSushi/ripgrep)) tool.
16"""
19from lcdoc.mkdocs.tools import MDPlugin, app, config_options lp
20from lcdoc.tools import os, project, require, sys lp
23def fail_on_blacklisted_words(config, envkey, envsep): lp
24 l = os.environ.get(envkey) lp
25 if not l: 25 ↛ 27line 25 didn't jump to line 27, because the condition on line 25 was never falselp
26 return app.debug('No $%s to check for blacklisted words' % envkey) lp
27 here = os.getcwd()
28 try:
29 os.chdir(project.root(config)) # ['docs_dir'])
30 require('rg --version', name='ripgrep')
31 H = False
32 words = [s.strip() for s in l.split(envsep)]
33 for w in words:
34 if not w.strip():
35 continue
36 h = os.popen("rg -i '%s'" % w).read()
37 if h.strip():
38 H = True
39 f = app.die if not 'serve' in sys.argv else app.error
40 f('Found blacklisted word', word=w, json=h.splitlines()[:10])
41 if not H:
42 app.info(
43 'Blacklist check passed: No occurrance of %s blacklisted words'
44 % len(words)
45 )
46 finally:
47 os.chdir(here)
50class BlacklistPlugin(MDPlugin): lp
51 config_scheme = (
52 ('envkey', config_options.Type(str, default='blacklisted_words')),
53 ('envsep', config_options.Type(str, default='::')),
54 )
56 def on_config(self, config): lp
57 fail_on_blacklisted_words(config, self.config['envkey'], self.config['envsep']) lp