Path: utzoo!attcan!uunet!lll-winken!lll-tis!helios.ee.lbl.gov!pasteur!agate!eos!ames!mailrus!cwjcc!hal!ncoast!allbery
From: jbm@uncle.UUCP (John B. Milton)
Newsgroups: comp.sources.misc
Subject: v05i029: Program to hunt for vi modelines in text files
Message-ID: <353@uncle.UUCP>
Date: 2 Nov 88 02:04:55 GMT
Sender: allbery@ncoast.UUCP
Reply-To: jbm@uncle.UUCP (John B. Milton)
Organization: Just me and my computer, Columbus Ohio
Lines: 130
Approved: allbery@ncoast.UUCP

Posting-number: Volume 5, Issue 29
Submitted-by: "John B. Milton" <jbm@uncle.UUCP>
Archive-name: vick

[Uh, it's the first and last FIVE lines, no?  ++bsa]

This has already been posted to:
Newsgroups: unix-pc.bugs,unix-pc.sources,comp.sys.att,comp.unix.wizards

This does make one think, now that everone knows that this can be done!
HP took care of it in their vi, you just can't do it; no switch to enable or
anything. It is indeed a big security hole. NEVER vi a user file from root,
you never know what might be in it! Below is a program "vick", which will
scan stdin or a list of files for these commands. It only looks at the first
four and the last four lines, and for ex, ei, vi and vx. The command passed to
vi seems to be from the : after "vi" to the LAST colon on the line. If you are
not using this on a UNIXpc, check your local vi and tune it accordingly.
Always look for strange vi behavior, it can come from: the environment variable
EXINIT, from ./.exrc, /.exrc, these imbedded vi:: commands, functions and 
aliases picked up here and there, weirdness from shelling out of other programs.

---cut---cut---cut---cut---cut---cut---cut---
/* vi:set ai sm ts=2 sw=2: */

#include <stdio.h>
#include <string.h>

extern int errno;
extern int optind;
extern char *optarg;

#define VIMAXLINESIZE 1000

static char *me,Verbose=0;

void perrorf(format,a1,a2,a3,a4,a5,a6,a7,a8,a9)
char *format,*a1,*a2,*a3,*a4,*a5,*a6,*a7,*a8,*a9;
{
	char line[200];

	sprintf(line,format,a1,a2,a3,a4,a5,a6,a7,a8,a9);
	perror(line);
}

static int HasExCmd(s)
char *s;
{ /* sort of-> [ev][ix]:.*: */
	int i;
	char *colon;

	if ((colon=strchr(s,':'))==NULL)
		return(0); /* no colon */
	if (colon-s<2)
		return(0); /* colon too close to beginning to have vi */
	colon--;
	if (*colon!='i' && *colon!='x')
		return(0); /* character before : is not i|x */
	colon--;
	if (*colon!='v' && *colon!='e')
		return(0); /* character before : is not v|e */
	if (strchr(colon+3,':')==NULL)
		return(0); /* no second colon, command ignored */
	else {
		if (Verbose) {
			fputs(s,stdout);
			for (i=0; i<colon-s; i++)
				putchar(' ');
			puts("^");
		}
		return(1); /* GOT ONE! */
	}
}

static int filt(f)
FILE *f;
{
	int i;
	long int l=0;
	char line[4][VIMAXLINESIZE];

	while (fgets(line[l%4],VIMAXLINESIZE,f)!=NULL) {
		if (l<4 && HasExCmd(line[l%4])) /* will ALWAYS eval left to right! */
			return(1);
		l++;
	}
	if (l>4)
		for (i=l-4; i<l; i++)
			if (i>=4)
				if (HasExCmd(line[i%4]))
					return(1);
	return(0);
}

static char *usage="Usage: %s\n";

int main(argc,argv)
int argc;
char *argv[];
{
	int bad=0,i,opt;
	FILE *f;

	me=argv[0];
	while ((opt=getopt(argc,argv,"v?"))!=EOF)
		switch (opt) {
			case 'v':
				Verbose=1;
				break;
			case '?':
			default:
				fprintf(stderr,usage,me);
				exit(1);
				break;
		}
	if (argc==optind)
		bad+=filt(stdin);
	else
		for (i=optind; i<argc; i++)
			if ((f=fopen(argv[i],"r"))==NULL)
				perrorf("%s: open %s for reading",me,argv[i]);
			else {
				bad+=filt(f);
				fclose(f);
			}
	return(bad);
}

John
-- 
John Bly Milton IV, jbm@uncle.UUCP, n8emr!uncle!jbm@osu-cis.cis.ohio-state.edu
home (614) 294-4823, work (614) 764-4272; ei:wq!: (isn't vi fun?)