fix(security): harden credential storage and transmission#369
Merged
barrettruth merged 4 commits intomainfrom Mar 7, 2026
Merged
fix(security): harden credential storage and transmission#369barrettruth merged 4 commits intomainfrom
barrettruth merged 4 commits intomainfrom
Conversation
Problem: credential and cookie files were world-readable (0644), passwords transited via `CP_CREDENTIALS` env var (visible in `/proc/PID/environ`), and Kattis/USACO echoed passwords back through stdout unnecessarily. Solution: set 0600 permissions on `cp-nvim.json` and `cookies.json` after every write, pass credentials via stdin pipe instead of env var, and stop emitting passwords in ndjson from Kattis/USACO `LoginResult` (CSES token emission unchanged).
Problem: After a failed login attempt, the user had to re-run `:CP <platform> login` manually. Cancel messages lacked context, and credential prompts in `submit.lua` used raw platform IDs instead of display names. Solution: `prompt_and_login` now recurses after failure so the user is re-prompted until they cancel or succeed. `submit.lua` extracts the scraper call into `do_submit` and re-prompts via `prompt_credentials` on `bad_credentials`. Username prompts show `<Esc> to cancel`, and cancel messages include the platform display name.
Problem: `:CP login` and `:CP logout` only worked as `:CP <platform> login`. Users with an active platform or in a registered buffer had to type the platform name redundantly. Solution: Parse standalone `login`/`logout`/`signup` as action commands with `requires_context = true`, resolving the platform from state (or auto-restoring from the current buffer). Add `vim.cmd.redraw()` after auto-restore so the screen updates before any prompt. Add `login`/ `logout` to top-level completion when a platform is active.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Credential and cookie files were world-readable (0644), passwords transited via
CP_CREDENTIALSenv var (visible in/proc/PID/environ), and Kattis/USACO echoed passwords back through stdout unnecessarily.Solution
Set 0600 permissions on
cp-nvim.jsonandcookies.jsonafter every write, pass credentials via stdin pipe instead of env var, and stop emitting passwords in ndjson from Kattis/USACOLoginResult(CSES token emission unchanged).