trev's repos -- snitch-el

trev's repos >> snitch-el

commit:	9ce5e76b629562f9a61a826d0cda62726c465490
author:	Trevor Bentley
committer:	Trevor Bentley
date:	Thu Dec 10 22:13:56 2020 +0100
parents:	27ce5567901c16f81827c33362e5995516d1b696

made snitch a global minor mode

diff --git a/snitch-custom.el b/snitch-custom.el
line changes: +24/-2
index a93a245..27832d2
--- a/snitch-custom.el
+++ b/snitch-custom.el

@@ -48,6 +48,13 @@
   :group 'communication
   :prefix "snitch-")
 
+;;;###autoload
+(defcustom snitch-lighter nil
+  "Text to display in mode-line when snitch is enabled, or nil to
+hide."
+  :type 'string
+  :group 'snitch)
+
 
 ;;;###autoload
 (defgroup snitch-log nil

@@ -320,6 +327,20 @@ Returning nil interrupts the block, allowing the event to pass."
   :type 'hook)
 
 ;;;###autoload
+(defcustom snitch-init-hook '()
+  "Called immediately after snitch initializes and starts
+monitoring."
+  :group 'snitch-hooks
+  :type 'hook)
+
+;;;###autoload
+(defcustom snitch-deinit-hook '()
+  "Called immediately after snitch deinitializes and stops
+monitoring."
+  :group 'snitch-hooks
+  :type 'hook)
+
+;;;###autoload
 (defcustom snitch-log-functions '()
   "Hooks called for snitch log entries.

@@ -386,8 +407,9 @@ timestamp and trailing newline intact."
 can identify the package source of an event that was scheduled on
 a timer.
 
-This must be configured before calling ‘snitch-init’.  If it is
-changed while snitch is running, call ‘snitch-restart’.
+This must be configured before initializing snitch with
+‘snitch-mode’.  If it is changed while snitch is running, call
+‘snitch-restart’.
 
 Enabling this requires snitch to intercept all emacs timers.
 This can cause significant delays if there are very many timers,

diff --git a/snitch-test.el b/snitch-test.el
line changes: +5/-12
index 51a7d13..15659c3
--- a/snitch-test.el
+++ b/snitch-test.el

@@ -117,13 +117,13 @@
   (setq snitch-on-blacklist-functions '())
   (setq snitch-log-functions '())
   (when init
-    (snitch-init)))
+    (snitch-mode +1)))
 
 (defun snitch-test--cleanup ()
   "kill any spawned processes and restart snitch"
   (cl-loop for proc in (process-list)
            do (delete-process proc))
-  (snitch-deinit))
+  (snitch-mode -1))
 
 (defun snitch-test--server (port)
   "launch a TCP server to receive connections"

@@ -1409,21 +1409,16 @@ is shown or hidden."
 
 (defun snitch--test-wrap-process ()
   (setq snitch-log-verbose nil)
-  (make-process :name "poop" :command '("ls" "-l"))
-  )
+  (make-process :name "poop" :command '("ls" "-l")))
 
 (defun snitch--test-wrap-network-process ()
-  (snitch-init)
   (make-network-process :name "netpoop" :host "blommorna.com" :service 443 :family 'ipv4)
   (url-retrieve "http://google.com" #'identity)
-  (setq snitch-log-buffer-max-lines 5)
-  )
+  (setq snitch-log-buffer-max-lines 5))
 
 
 (defun snitch--test-log-filter-buffer ()
-  (snitch--run-log-filter-wizard (snitch-network-entry :src-path "/hello"))
-  )
-;;(snitch--test-log-filter-buffer)
+  (snitch--run-log-filter-wizard (snitch-network-entry :src-path "/hello")))
 
 (defun snitch--test-package-from-path ()
   (snitch--package-from-path "/home/trevor/.emacs.d/elpa/elfeed-20200910.239/elfeed.el")

@@ -1434,8 +1429,6 @@ is shown or hidden."
 (defun snitch--test-backtrace()
   (snitch--backtrace))
 
-;; (snitch--test-backtrace)
-
 (defun snitch--test-responsible-caller ()
   (message "\n\n\nbacktrace:\n%s" (snitch--backtrace))
   (snitch--responsible-caller (snitch--backtrace)))

diff --git a/snitch.el b/snitch.el
line changes: +64/-17
index fb465a5..5c30102
--- a/snitch.el
+++ b/snitch.el

@@ -151,7 +151,8 @@
 ;;
 ;; === USAGE ===
 ;;
-;; Enabling snitch is as simple as calling ‘(snitch-init)’.
+;; Enabling snitch is as simple as calling ‘snitch-mode’
+;; interactively, or ‘(snitch-mode +1)’ from your init file.
 ;; Initialization does very little, so this is safe to call in your
 ;; Emacs init without worrying about deferral or negative consequences
 ;; on startup time.

@@ -159,13 +160,13 @@
 ;; The minimum required initialization is simply:
 ;;
 ;; >  (require 'snitch)
-;; >  (snitch-init)
+;; >  (snitch-mode +1)
 ;;
 ;; An example initialization using ‘use-package’ might look like so:
 ;;
 ;; >  (use-package snitch
 ;; >    :config
-;; >    (snitch-init))
+;; >    (snitch-mode +1))
 ;;
 ;; snitch then runs in the background, performing its duties according
 ;; to your configuration, and logging in its dedicated buffer.

@@ -179,7 +180,9 @@
 ;; one or more fields of the selected log line, and add it to either
 ;; your blacklist or whitelist.
 ;;
-;; To disable snitch, call ‘(snitch-deinit)’.
+;; To disable snitch, call ‘snitch-mode’ interactively, or
+;; ‘(snitch-mode -1)’ programmatically.  You can restart snitch with
+;; ‘snitch-restart’.
 ;;
 ;;
 ;; === CONFIGURATION ===

@@ -229,7 +232,7 @@
 ;; >    (setq snitch-log-policy '(blocked whitelisted allowed))
 ;; >    (add-to-list 'snitch-network-whitelist
 ;; >                  (cons #'snitch-filter-src-pkg '(elfeed)))
-;; >    (snitch-init))
+;; >    (snitch-mode +1))
 ;;
 ;;
 ;; ==== COMMON CONFIG: ALLOW + AUDIT ====

@@ -243,7 +246,7 @@
 ;; >    (setq snitch-process-policy 'allow)
 ;; >    (setq snitch-log-policy '(allowed blocked whitelisted blacklisted))
 ;; >    (setq snitch-log-verbose t)
-;; >    (snitch-init))
+;; >    (snitch-mode +1))
 ;;
 ;;
 ;; ==== FILTER RULES ====

@@ -326,6 +329,17 @@
 ;; hook causes it to be allowed.
 ;;
 ;;
+;; snitch also supports filtering log entries with hooks via
+;; ‘snitch-log-functions’.  These hooks can pass, block, or modify
+;; entries before they are printed in the snitch log.  See ‘M-x
+;; describe-variable <RET> snitch-log-functions’ for details.
+;;
+;; snitch also calls hooks when it starts (‘snitch-init-hook’), shuts
+;; down (‘snitch-deinit-hook’), or opens or closes the log filter
+;; window (‘snitch-log-filter-window-open-hook’,
+;; ‘snitch-log-filter-window-close-hook’).
+;;
+;;
 ;; === PERFORMANCE ===
 ;;
 ;; Performance has not been measured, and should not be assumed to be

@@ -830,7 +844,7 @@ network connections."
   ;;   open-network-stream
   )
 
-(defun snitch-unload-function ()
+(defun snitch--unregister-wrapper-fns ()
   "Unload the snitch decision engine wrapping functions."
   (remove-function (symbol-function 'make-network-process)
                    #'snitch--wrap-make-network-process)

@@ -838,31 +852,64 @@ network connections."
                    #'snitch--wrap-make-process))
 
 
-;;;###autoload
-(defun snitch-init ()
+(defun snitch--init ()
   "Initialize snitch.el firewall, enabling globally."
   (interactive)
+  (when snitch-mode
+      (snitch--deinit))
   (when snitch-trace-timers (snitch--activate-timer-trace))
-  (when (snitch--register-wrapper-fns) t))
+  (when (snitch--register-wrapper-fns) t)
+  (run-hooks 'snitch-init-hook))
 
-(defun snitch-deinit ()
-  "Unload snitch.el firewall, disabling globally."
+(defun snitch--deinit (&optional rerequire)
+  "Unload snitch.el firewall, disabling globally.
+
+When the optional argument REREQUIRE is t, the snitch feature is
+completely unloaded and re-loaded into Emacs.  Autoloaded symbols
+may be lost in this process."
   (interactive)
   (snitch--deactivate-timer-trace)
   (snitch--stop-log-prune-timer)
-  (unload-feature 'snitch t)
-  (when (require 'snitch) t))
+  (snitch--unregister-wrapper-fns)
+  (run-hooks 'snitch-deinit-hook)
+  (when rerequire
+    (unload-feature 'snitch t)
+    (when (require 'snitch) t)))
 
+;;;###autoload
 (defun snitch-restart ()
-  "Unload snitch.el and re-launch snitch firewall."
+  "Restart the snitch firewall, unloading and reloading all
+hooks."
   (interactive)
-  (when (snitch-deinit)
-    (snitch-init)))
+  (when (snitch--deinit)
+    (snitch--init)))
 
+;;;###autoload
 (defun snitch-version ()
   "Return loaded snitch’s version number as a string."
   snitch--version)
 
+;;;###autoload
+(define-minor-mode snitch-mode
+  "Toggle snitch firewall on and off.
+
+The snitch firewall is enabled as a global minor mode, and
+monitors network connections and subprocesses in the background.
+
+For more information, use ‘M-x describe-package <RET> snitch’.
+
+To customize, use ‘M-x customize-group <RET> snitch’.
+
+No mode-line annotation is displayed by default, but this can be
+changed by customizing ‘snitch-lighter’.  To add custom code
+after start or shutdown, add hooks to ‘snitch-init-hook’ or
+‘snitch-deinit-hook’."
+  :global t
+  :lighter snitch-lighter
+  :group 'snitch
+  (if snitch-mode
+      (snitch--init)
+    (snitch--deinit)))
 
 (provide 'snitch)