-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmake-safe-inputrc
executable file
·196 lines (189 loc) · 4.12 KB
/
make-safe-inputrc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
#!/bin/bash
# Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
# This script generates a initrc file that removes any readline keybindings
# not explicitly allowed. It was used to generate
# window_manager/bin/inputrc.crosh, so that crosh can use readline for its line
# editing features, without exposing edit-and-execute-command or the various
# file completion commands.
#
# To regenerate the inputrc file, run...
#
# $ bind -p | make-safe-initrc > inputrc
#
# Unfortunately this command line cannot be scripted because `bind -p` only
# prints the keybindings from the current environment, and in the context of
# a script there are no keybindings.
#
# The blocked commands are commented out below for reference only.
# Only the non-commented commands will be included in the actual allowlist.
# Any commands found in the `bind -p` output not on that list will be remapped
# to the "abort" readline command.
#
# This list of commands was initially generated with `bind -l`.
ALLOWLIST="$(grep -v "#" <<EOF
abort
accept-line
#alias-expand-line
#arrow-key-prefix
#backward-byte
backward-char
backward-delete-char
backward-kill-line
backward-kill-word
backward-word
beginning-of-history
beginning-of-line
#call-last-kbd-macro
capitalize-word
character-search
character-search-backward
clear-screen
#complete
#complete-command
#complete-filename
#complete-hostname
#complete-into-braces
#complete-username
#complete-variable
copy-backward-word
copy-forward-word
copy-region-as-kill
delete-char
delete-char-or-list
delete-horizontal-space
digit-argument
#display-shell-version
do-lowercase-version
downcase-word
#dump-functions
#dump-macros
#dump-variables
dynamic-complete-history
#edit-and-execute-command
#emacs-editing-mode
#end-kbd-macro
end-of-history
end-of-line
exchange-point-and-mark
forward-backward-delete-char
forward-byte
forward-char
forward-search-history
forward-word
#glob-complete-word
#glob-expand-word
#glob-list-expansions
#history-and-alias-expand-line
history-expand-line
history-search-backward
history-search-forward
#insert-comment
#insert-completions
insert-last-argument
kill-line
kill-region
kill-whole-line
kill-word
#magic-space
#menu-complete
next-history
non-incremental-forward-search-history
non-incremental-forward-search-history-again
non-incremental-reverse-search-history
non-incremental-reverse-search-history-again
operate-and-get-next
overwrite-mode
#possible-command-completions
#possible-completions
#possible-filename-completions
#possible-hostname-completions
#possible-username-completions
#possible-variable-completions
previous-history
quoted-insert
#re-read-init-file
redraw-current-line
reverse-search-history
revert-line
self-insert
set-mark
#shell-expand-line
#start-kbd-macro
tab-insert
#tilde-expand
transpose-chars
transpose-words
#tty-status
undo
universal-argument
unix-filename-rubout
unix-line-discard
unix-word-rubout
upcase-word
#vi-append-eol
#vi-append-mode
#vi-arg-digit
#vi-bWord
#vi-back-to-indent
#vi-bword
#vi-change-case
#vi-change-char
#vi-change-to
#vi-char-search
#vi-column
#vi-complete
#vi-delete
#vi-delete-to
#vi-eWord
#vi-editing-mode
#vi-end-word
#vi-eof-maybe
#vi-eword
#vi-fWord
#vi-fetch-history
#vi-first-print
#vi-fword
#vi-goto-mark
#vi-insert-beg
#vi-insertion-mode
#vi-match
#vi-movement-mode
#vi-next-word
#vi-overstrike
#vi-overstrike-delete
#vi-prev-word
#vi-put
#vi-redo
#vi-replace
#vi-rubout
#vi-search
#vi-search-again
#vi-set-mark
#vi-subst
#vi-tilde-expand
#vi-yank-arg
#vi-yank-to
yank
yank-last-arg
yank-nth-arg
yank-pop
EOF
)"
if [ -t 0 ]; then
echo "Usage: bind -p | $0 > inputrc"
exit
fi
# Remove any commands that are not bound to a key.
BINDINGS="$(cat | grep -v "not bound")"
# Remove any allowed commands from the list of bindings.
for safecommand in ${ALLOWLIST}; do
BINDINGS="$(echo "${BINDINGS}" | grep -v ": ${safecommand}\$")"
done
# Anything left is not allowed, remap it to the "abort" command.
echo "# Generated with $(basename $0) on $(date)"
echo "${BINDINGS}" | sed 's/\([^:]\+\):\(.*\)$/\1: abort #\2/'
echo
echo "set expand-tilde off"
echo "set disable-completion on"