hibp-client 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +12 -8
- data/Gemfile +1 -1
- data/README.md +140 -14
- data/hibp.gemspec +2 -2
- data/lib/hibp/request.rb +2 -2
- data/lib/hibp/version.rb +1 -1
- metadata +9 -10
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 84ccd66e330884154b8984ffe576d04a352c949927ca20620dde9a16c1951bc2
|
4
|
+
data.tar.gz: 727b750b4507f5db31f2640b1f7802f5486a2092ecd3829ae4a5de80aac8bc85
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4c061ecaaf20e07a69169517b848d4cdf515723d45508120c89de9f552fa0e23e658c0a52ab7ac39f8715ad1a74745ef002528102bf6f6ff5bd30eb2861f1350
|
7
|
+
data.tar.gz: 8d0562c84adf765357b5e532311ccd685a22de1842754cbc4b832213d09f0fb075bf5a14a6156d752cd5b9b6cb9250dcb035091937ed9743f06aa79c10d0f2e1
|
data/.travis.yml
CHANGED
@@ -1,13 +1,17 @@
|
|
1
|
-
---
|
2
1
|
sudo: false
|
3
2
|
language: ruby
|
4
|
-
|
5
3
|
cache: bundler
|
6
|
-
|
7
4
|
before_install: gem install bundler
|
8
|
-
|
9
5
|
rvm:
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
6
|
+
- 2.6
|
7
|
+
- 2.5
|
8
|
+
- 2.4
|
9
|
+
- 2.3
|
10
|
+
deploy:
|
11
|
+
provider: rubygems
|
12
|
+
api_key:
|
13
|
+
secure: YXtt8Rv0+4c78eoIE7na1jsavtk4ELbcdGvvwFKlqaVlFufnDobt917r17Fikn+/8mSz3nYHQ4psAXAUgU9RBjlphsh2Lks/jJq87DoG8BoaCi+vatIgd3dyQLh+PYWLlYQBT0f8R3TCbDw3AZL0hBfOd09ltS6wKn4aWFMor3Yhb8+1qxUTze3p2OntlRAaUD32tx8uTSYDxZc0oewQlIBxRTkxO9obHozqBLo7EZMJFUYle1GdTnuFvYFAkrN/tD6jsz++qd2Qf56jFkSqmDIcUkDZeSIZmdCDMysh4p5ZHKyhmaETgcD2r2r2W9cA7RfFaMYzUaekGpr9IBbalAH/26lifigLKf9JdsiLel8aV4y1+UIkrcMEWf7PcYCMI6hs6pu45DjgTyyUqqse8cwyQ3XjoYH4SX3a5mSQ4xfzTnMRkZ61e/vVATgkSgT0EGlXXLjf+YHRgZoYwV8j2xECJt2Wnu6v0bEOSbGBWhrmMyS8vWShamOx1hzbGSv8y8kYWLPDPf0t4gBZLWNW1960Ct6p2xGQoPsQ/F9sVuR25y/cTuHVFVziwW3cfdhQxgKnefCSHbVVCY8RXKx2xuW3LAF3vfpQrNr3SbufUhD/yO5x5TjpCko97SY9TogrA5U8C4kD4C67q1p+2fUsFeNykm6RB+SMz1OZK5irEs4=
|
14
|
+
gem: hibp-client
|
15
|
+
on:
|
16
|
+
tags: true
|
17
|
+
repo: Warshavski/hibp-client
|
data/Gemfile
CHANGED
data/README.md
CHANGED
@@ -1,6 +1,6 @@
|
|
1
|
-
# Hibp
|
1
|
+
# Hibp-client
|
2
2
|
|
3
|
-
[![Build Status](https://travis-ci.com/Warshavski/hibp.svg?branch=master)](https://travis-ci.com/Warshavski/hibp)
|
3
|
+
[![Build Status](https://travis-ci.com/Warshavski/hibp-client.svg?branch=master)](https://travis-ci.com/Warshavski/hibp-client)
|
4
4
|
|
5
5
|
A simple Ruby client for interacting with [Have I Been Pwned](https://haveibeenpwned.com/) REST API.
|
6
6
|
|
@@ -11,7 +11,7 @@ This gem based on [API v3](https://haveibeenpwned.com/API/v3)
|
|
11
11
|
Add this line to your application's Gemfile:
|
12
12
|
|
13
13
|
```ruby
|
14
|
-
gem 'hibp'
|
14
|
+
gem 'hibp-client'
|
15
15
|
```
|
16
16
|
|
17
17
|
And then execute:
|
@@ -20,7 +20,7 @@ And then execute:
|
|
20
20
|
|
21
21
|
Or install it yourself as:
|
22
22
|
|
23
|
-
$ gem install hibp
|
23
|
+
$ gem install hibp-client
|
24
24
|
|
25
25
|
## Usage
|
26
26
|
|
@@ -50,6 +50,79 @@ client = Hibp::Client.new('api-key')
|
|
50
50
|
|
51
51
|
### Breaches
|
52
52
|
|
53
|
+
#### Breach model
|
54
|
+
|
55
|
+
```ruby
|
56
|
+
Hibp::Models::Breach
|
57
|
+
```
|
58
|
+
|
59
|
+
A "breach" is an instance of a system having been compromised by an attacker and the data disclosed.
|
60
|
+
For example, Adobe was a breach, Gawker was a breach etc.
|
61
|
+
|
62
|
+
A "breach" is an incident where data is inadvertently exposed in a vulnerable system, usually due to insufficient access controls or security weaknesses in the software.
|
63
|
+
|
64
|
+
- `name [String]` - A name representing the breach which is unique across all other breaches.
|
65
|
+
This value never changes and may be used to name dependent assets (such as images) but should not be shown directly to end users(see the "title" attribute instead).
|
66
|
+
|
67
|
+
- `title [String]` - A descriptive title for the breach suitable for displaying to end users.
|
68
|
+
It's unique across all breaches but individual values may change in the future
|
69
|
+
(i.e. if another breach occurs against an organisation already in the system).
|
70
|
+
If a stable value is required to reference the breach, refer to the "Name" attribute instead.
|
71
|
+
|
72
|
+
- `domain [String]` - The domain of the primary website the breach occurred on.
|
73
|
+
This may be used for identifying other assets external systems may have for the site.
|
74
|
+
|
75
|
+
- `breach_data [Date]` - The date (with no time) the breach originally occurred on in ISO 8601 format.
|
76
|
+
This is not always accurate — frequently breaches are discovered and reported long after the original incident.
|
77
|
+
Use this attribute as a guide only.
|
78
|
+
|
79
|
+
- `added_date [DateTime]` - The date and time (precision to the minute) the breach was added to the system in ISO 8601 format.
|
80
|
+
|
81
|
+
- `modified_date [DateTime]` - The date and time (precision to the minute) the breach was modified in ISO 8601 format.
|
82
|
+
This will only differ from the AddedDate attribute if other attributes
|
83
|
+
represented here are changed or data in the breach itself is changed
|
84
|
+
(i.e. additional data is identified and loaded).
|
85
|
+
It is always either equal to or greater then the AddedDate attribute, never less than.
|
86
|
+
|
87
|
+
- `pwn_count [Integer]` - The total number of accounts loaded into the system.
|
88
|
+
This is usually less than the total number reported by the media due to
|
89
|
+
duplication or other data integrity issues in the source data.
|
90
|
+
|
91
|
+
- `description [String]` - Contains an overview of the breach represented in HTML markup.
|
92
|
+
The description may include markup such as emphasis and strong tags as well as hyperlinks.
|
93
|
+
|
94
|
+
- `data_classes [Array<String>]` - This attribute describes the nature of the data compromised in the breach and
|
95
|
+
contains an alphabetically ordered string array of impacted data classes.
|
96
|
+
|
97
|
+
- `is_verified [Boolean]` - Indicates that the breach is considered unverified.
|
98
|
+
An unverified breach may not have been hacked from the indicated website.
|
99
|
+
An unverified breach is still loaded into HIBP when there's
|
100
|
+
sufficient confidence that a significant portion of the data is legitimate.
|
101
|
+
(<b>alias</b> `verified?`)
|
102
|
+
|
103
|
+
- `is_fabricated [Boolean]` - Indicates that the breach is considered fabricated.
|
104
|
+
A fabricated breach is unlikely to have been hacked from the
|
105
|
+
indicated website and usually contains a large amount of manufactured data.
|
106
|
+
However, it still contains legitimate email addresses and asserts that
|
107
|
+
the account owners were compromised in the alleged breach.
|
108
|
+
(<b>alias</b> `fabricated?`)
|
109
|
+
|
110
|
+
- `is_sensitive [Boolean]` - Indicates if the breach is considered sensitive.
|
111
|
+
The public API will not return any accounts for a breach flagged as sensitive.
|
112
|
+
(<b>alias</b> `sensitive?`)
|
113
|
+
|
114
|
+
- `is_retired [Boolean]` - Indicates if the breach has been retired.
|
115
|
+
This data has been permanently removed and will not be returned by the API.
|
116
|
+
(<b>alias</b> `retired?`)
|
117
|
+
|
118
|
+
- `is_spam_list [Boolean]` - Indicates if the breach is considered a spam list.
|
119
|
+
This flag has no impact on any other attributes but
|
120
|
+
it means that the data has not come as a result of a security compromise.
|
121
|
+
(<b>alias</b> `spam_list?`)
|
122
|
+
|
123
|
+
- `logo_path [String]` - A URI that specifies where a logo for the breached service can be found.
|
124
|
+
Logos are always in PNG format.
|
125
|
+
|
53
126
|
#### Getting all breached sites in the system
|
54
127
|
|
55
128
|
```ruby
|
@@ -57,13 +130,14 @@ client = Hibp::Client.new
|
|
57
130
|
|
58
131
|
# Return the details of each breach in the system.
|
59
132
|
#
|
60
|
-
# => Array<Hibp::Breach>
|
133
|
+
# => Array<Hibp::Models::Breach>
|
61
134
|
#
|
62
135
|
client.breaches.fetch
|
63
136
|
|
64
137
|
# Return the details of each breach associated with a specific domain.
|
65
138
|
#
|
66
|
-
# => Array<Hibp::Breach>
|
139
|
+
# => Array<Hibp::Models::Breach>
|
140
|
+
#
|
67
141
|
client.breaches.where(domain: 'adobe.com').fetch
|
68
142
|
```
|
69
143
|
|
@@ -74,7 +148,7 @@ client = Hibp::Client.new
|
|
74
148
|
|
75
149
|
# Return the details of a single breach, by breach name.
|
76
150
|
#
|
77
|
-
# => Hibp::Breach
|
151
|
+
# => Hibp::Models::Breach
|
78
152
|
#
|
79
153
|
client.breach('000webhost').fetch
|
80
154
|
```
|
@@ -103,31 +177,71 @@ client = Hibp::Client.new('api-key')
|
|
103
177
|
|
104
178
|
# Get all breaches for an account across all domains.
|
105
179
|
#
|
106
|
-
# => Array<Hibp::Breach>
|
180
|
+
# => Array<Hibp::Models::Breach>
|
107
181
|
#
|
108
182
|
client.account_breaches('example@email.com').fetch
|
109
183
|
|
110
184
|
# Get all breaches for an account across a specific domain.
|
111
185
|
#
|
112
|
-
# => Array<Hibp::Breach>
|
186
|
+
# => Array<Hibp::Models::Breach>
|
113
187
|
#
|
114
188
|
client.account_breaches('example@email.com').where(domain: 'adobe.com').fetch
|
115
189
|
|
116
190
|
# Get all breaches info for an account with detailed information.
|
117
191
|
#
|
118
|
-
# => Array<Hibp::Breach>
|
192
|
+
# => Array<Hibp::Models::Breach>
|
119
193
|
#
|
120
194
|
client.account_breaches('example@email.com').where(truncate: false).fetch
|
121
195
|
|
122
196
|
# Returns breaches that have been flagged as "unverified"
|
123
197
|
#
|
124
|
-
# => Array<Hibp::Breach>
|
198
|
+
# => Array<Hibp::Models::Breach>
|
125
199
|
#
|
126
200
|
client.account_breaches('example@email.com').where(unverified: true).fetch
|
127
201
|
```
|
128
202
|
|
129
203
|
### Pastes
|
130
204
|
|
205
|
+
#### Paste model
|
206
|
+
|
207
|
+
A "paste" is information that has been "pasted" to a publicly facing
|
208
|
+
website designed to share content such as Pastebin.
|
209
|
+
|
210
|
+
These services are favoured by hackers due to the ease of anonymously
|
211
|
+
sharing information and they're frequently the first place a breach appears.
|
212
|
+
|
213
|
+
<b>NOTE</b> : In the future, these attributes may expand without the API being versioned.
|
214
|
+
|
215
|
+
```ruby
|
216
|
+
Hibp::Models::Paste
|
217
|
+
```
|
218
|
+
|
219
|
+
- `source [String]` - The paste service the record was retrieved from.
|
220
|
+
Current values are:
|
221
|
+
- Pastebin
|
222
|
+
- Pastie
|
223
|
+
- Slexy
|
224
|
+
- Ghostbin
|
225
|
+
- QuickLeak
|
226
|
+
- JustPaste
|
227
|
+
- AdHocUrl
|
228
|
+
- PermanentOptOut
|
229
|
+
- OptOut
|
230
|
+
|
231
|
+
- `id [String]` - The ID of the paste as it was given at the source service.
|
232
|
+
Combined with the "Source" attribute, this can be used to resolve the URL of the paste.
|
233
|
+
|
234
|
+
- `title [String]` - The title of the paste as observed on the source site.
|
235
|
+
This may be null.
|
236
|
+
|
237
|
+
- `date [String]` - The date and time (precision to the second) that the paste was posted.
|
238
|
+
This is taken directly from the paste site when this information is
|
239
|
+
available but may be null if no date is published.
|
240
|
+
|
241
|
+
- `email_count [Integer]` - The number of emails that were found when processing the paste.
|
242
|
+
Emails are extracted by using the regular expression:
|
243
|
+
\b+(?!^.{256})[a-zA-Z0-9\.\-_\+]+@[a-zA-Z0-9\.\-_]+\.[a-zA-Z]+\b
|
244
|
+
|
131
245
|
#### Getting all pastes for an account
|
132
246
|
|
133
247
|
```ruby
|
@@ -136,13 +250,25 @@ client = Hibp::Client.new('api-key')
|
|
136
250
|
|
137
251
|
# Return any pastes that contain the given email address
|
138
252
|
#
|
139
|
-
# => Array<Hibp::Paste>
|
253
|
+
# => Array<Hibp::Models::Paste>
|
140
254
|
#
|
141
255
|
client.pastes('example@email.com').fetch
|
142
256
|
```
|
143
257
|
|
144
258
|
### Passwords
|
145
259
|
|
260
|
+
#### Password model
|
261
|
+
|
262
|
+
Represents password by the suffix of and a count of how many times it appears in the data set
|
263
|
+
|
264
|
+
```ruby
|
265
|
+
Hibp::Models::Password
|
266
|
+
```
|
267
|
+
|
268
|
+
- `suffix [String]` - Password suffix(password hash without first five symbols)
|
269
|
+
|
270
|
+
- `occurrences [Integer]` - Count of how many times suffix appears in the data set
|
271
|
+
|
146
272
|
#### Getting passwords suffixes by range
|
147
273
|
|
148
274
|
```ruby
|
@@ -150,7 +276,7 @@ client = Hibp::Client.new
|
|
150
276
|
|
151
277
|
# Get all suffixes of every hash beginning with the specified prefix, and a count of how many times it appears in the data set.
|
152
278
|
#
|
153
|
-
# => Array<Hibp::Password>
|
279
|
+
# => Array<Hibp::Models::Password>
|
154
280
|
#
|
155
281
|
client.passwords('password').fetch
|
156
282
|
|
@@ -178,7 +304,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
|
|
178
304
|
|
179
305
|
## Contributing
|
180
306
|
|
181
|
-
Bug reports and pull requests are welcome on GitHub at https://github.com/warshavski/hibp. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
|
307
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/warshavski/hibp-client. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
|
182
308
|
|
183
309
|
## License
|
184
310
|
|
data/hibp.gemspec
CHANGED
@@ -28,10 +28,10 @@ Gem::Specification.new do |spec|
|
|
28
28
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
29
29
|
spec.require_paths = ['lib']
|
30
30
|
|
31
|
-
spec.add_dependency('faraday', '>= 0.
|
31
|
+
spec.add_dependency('faraday', '>= 0.17.3')
|
32
32
|
spec.add_dependency('oj', '>= 3.6.13')
|
33
33
|
|
34
34
|
spec.add_development_dependency 'bundler'
|
35
|
-
spec.add_development_dependency 'rake', '
|
35
|
+
spec.add_development_dependency 'rake', '>= 12.3.3'
|
36
36
|
spec.add_development_dependency 'rspec', '~> 3.0'
|
37
37
|
end
|
data/lib/hibp/request.rb
CHANGED
@@ -42,7 +42,7 @@ module Hibp
|
|
42
42
|
end
|
43
43
|
|
44
44
|
@parser ? @parser.parse_response(response) : response.body
|
45
|
-
rescue Faraday::
|
45
|
+
rescue Faraday::ResourceNotFound
|
46
46
|
nil
|
47
47
|
rescue StandardError => e
|
48
48
|
handle_error(e)
|
@@ -76,7 +76,7 @@ module Hibp
|
|
76
76
|
end
|
77
77
|
|
78
78
|
def parsable_error?(error)
|
79
|
-
error.is_a?(Faraday::
|
79
|
+
error.is_a?(Faraday::ClientError) && error.response
|
80
80
|
end
|
81
81
|
|
82
82
|
def parse_error(error)
|
data/lib/hibp/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: hibp-client
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Warshavski
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-05-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: faraday
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - ">="
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.17.3
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - ">="
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.17.3
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: oj
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -56,16 +56,16 @@ dependencies:
|
|
56
56
|
name: rake
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
58
58
|
requirements:
|
59
|
-
- - "
|
59
|
+
- - ">="
|
60
60
|
- !ruby/object:Gem::Version
|
61
|
-
version:
|
61
|
+
version: 12.3.3
|
62
62
|
type: :development
|
63
63
|
prerelease: false
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
65
65
|
requirements:
|
66
|
-
- - "
|
66
|
+
- - ">="
|
67
67
|
- !ruby/object:Gem::Version
|
68
|
-
version:
|
68
|
+
version: 12.3.3
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
70
|
name: rspec
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
@@ -134,8 +134,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
134
134
|
- !ruby/object:Gem::Version
|
135
135
|
version: '0'
|
136
136
|
requirements: []
|
137
|
-
|
138
|
-
rubygems_version: 2.7.6
|
137
|
+
rubygems_version: 3.0.3
|
139
138
|
signing_key:
|
140
139
|
specification_version: 4
|
141
140
|
summary: A simple tool to check if an account(email address and username) has been
|