insecure_random 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +15 -0
- data/.gitignore +17 -0
- data/.travis.yml +5 -0
- data/Gemfile +7 -0
- data/LICENSE.txt +22 -0
- data/README.md +83 -0
- data/Rakefile +6 -0
- data/insecure_random.gemspec +19 -0
- data/lib/insecure_random.rb +8 -0
- data/spec/insecure_random_spec.rb +84 -0
- data/spec/spec_helper.rb +6 -0
- data/spec/support/random.rb +3 -0
- metadata +71 -0
checksums.yaml
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
---
|
2
|
+
!binary "U0hBMQ==":
|
3
|
+
metadata.gz: !binary |-
|
4
|
+
NDAxYzI4OWVkOTliMjgwMzM3ZGQwMzA4YTMyMDRmNjMyNTFiMTVmMQ==
|
5
|
+
data.tar.gz: !binary |-
|
6
|
+
MjQxOGZhZmJkZGUzMTVkZDI1ZDczYzg1MDY2MGFjNWYzOWM5NTNiYg==
|
7
|
+
!binary "U0hBNTEy":
|
8
|
+
metadata.gz: !binary |-
|
9
|
+
MjU4N2I2NGEzNjExZDNkMDg4MDExZDA3YTU0MDAxNzUzNGVkNDdjYzY3NzNm
|
10
|
+
ODQwYzk3ZmU5MmIzMDk4N2EwNjRlZWVkYTdiYmEwYzg4NmE1NmMyYzZmNDA2
|
11
|
+
MjhiODIzY2RhY2I5YmNlYTI0YzlkMmMwZmIxMjVhMWU1YTI2YmY=
|
12
|
+
data.tar.gz: !binary |-
|
13
|
+
YzQzNjhlZmIwYTY3MjIwNjgyZTY2Zjg5YjRkNmI3ZWU3NDdlYjE3ODIzMTA4
|
14
|
+
MTE1OWUwNGE1MDgxZjAwMTQxOWRjOTRkYWU2YTA3NGIwOTllYmYwNGQ0YTAy
|
15
|
+
NTczZDc4OGY1M2U4YTU0NDcwOTU0ZTNmODhkMjZmZjRkZmM0YzE=
|
data/.gitignore
ADDED
data/.travis.yml
ADDED
data/Gemfile
ADDED
data/LICENSE.txt
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
Copyright (c) 2013 Steve Richert
|
2
|
+
|
3
|
+
MIT License
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
6
|
+
a copy of this software and associated documentation files (the
|
7
|
+
"Software"), to deal in the Software without restriction, including
|
8
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
9
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
10
|
+
permit persons to whom the Software is furnished to do so, subject to
|
11
|
+
the following conditions:
|
12
|
+
|
13
|
+
The above copyright notice and this permission notice shall be
|
14
|
+
included in all copies or substantial portions of the Software.
|
15
|
+
|
16
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
17
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
18
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
19
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
20
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
21
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
22
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,83 @@
|
|
1
|
+
# InsecureRandom
|
2
|
+
|
3
|
+
[](http://badge.fury.io/rb/insecure_random)
|
4
|
+
[](https://travis-ci.org/laserlemon/insecure_random)
|
5
|
+
[](https://codeclimate.com/github/laserlemon/insecure_random)
|
6
|
+
[](https://coveralls.io/r/laserlemon/insecure_random)
|
7
|
+
[](https://gemnasium.com/laserlemon/insecure_random)
|
8
|
+
|
9
|
+
InsecureRandom overwrites SecureRandom to enable predictability via seeding.
|
10
|
+
|
11
|
+
## Why?
|
12
|
+
|
13
|
+
### RSpec
|
14
|
+
|
15
|
+
RSpec has a fantastic feature that allows you to run your tests in random order.
|
16
|
+
|
17
|
+
```bash
|
18
|
+
rspec --order=random
|
19
|
+
```
|
20
|
+
|
21
|
+
Running tests in random order helps you find potential ordering dependencies in
|
22
|
+
your test suite. For example, Test A and Test B both pass when run in that
|
23
|
+
order, but Test A fails if Test B runs first.
|
24
|
+
|
25
|
+
**Your test suite should not depend on the order in which the tests are run.**
|
26
|
+
|
27
|
+
If an ordering dependency causes a test failure, you can rerun the tests in the
|
28
|
+
same order using the seed from the previous run.
|
29
|
+
|
30
|
+
```bash
|
31
|
+
rspec --seed=93487
|
32
|
+
```
|
33
|
+
|
34
|
+
RSpec does this by seeding and using `Kernel.rand` to order your specs. This has
|
35
|
+
the handy side effect of making other random test data reproducible as well. For
|
36
|
+
example, your Factory Girl factories might use random data via Faker.
|
37
|
+
|
38
|
+
```ruby
|
39
|
+
FactoryGirl.define do
|
40
|
+
factory :user do
|
41
|
+
name { Faker::Name.name }
|
42
|
+
age { rand(100) }
|
43
|
+
end
|
44
|
+
end
|
45
|
+
```
|
46
|
+
|
47
|
+
Since Faker uses `Kernel.rand` under the hood, your test data will be consistent
|
48
|
+
across seeded RSpec runs.
|
49
|
+
|
50
|
+
### SecureRandom
|
51
|
+
|
52
|
+
But what happens when generating random data isn't confined to your test suite?
|
53
|
+
|
54
|
+
Sometimes, it's necessary to generate random values for UUIDs, API keys, URL
|
55
|
+
slugs, etc. The `SecureRandom` module is perfect for those situations.
|
56
|
+
SecureRandom uses secure pseudorandom generators from tried and tested libraries
|
57
|
+
such as OpenSSL.
|
58
|
+
|
59
|
+
### The Problem
|
60
|
+
|
61
|
+
The problem with testing code that involves SecureRandom is that SecureRandom
|
62
|
+
isn't seedable, which means that RSpec isn't able to rerun your tests in a
|
63
|
+
predictable way.
|
64
|
+
|
65
|
+
### The Solution
|
66
|
+
|
67
|
+
Fortunately, SecureRandom only defines a handful of methods so it's easy to
|
68
|
+
override them to be backed by `Kernel.rand`.
|
69
|
+
|
70
|
+
And it gets even better. All of SecureRandom's methods are derived from
|
71
|
+
`SecureRandom.random_bytes` so overriding just that one method does the trick!
|
72
|
+
|
73
|
+
## Installation
|
74
|
+
|
75
|
+
Add InsecureRandom to your Gemfile's test group:
|
76
|
+
|
77
|
+
```ruby
|
78
|
+
group :development, :test do
|
79
|
+
gem "insecure_random"
|
80
|
+
end
|
81
|
+
```
|
82
|
+
|
83
|
+
**Make sure that InsecureRandom is not loaded in production!**
|
data/Rakefile
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
|
3
|
+
Gem::Specification.new do |spec|
|
4
|
+
spec.name = "insecure_random"
|
5
|
+
spec.version = "1.0.0"
|
6
|
+
|
7
|
+
spec.author = "Steve Richert"
|
8
|
+
spec.email = "steve.richert@gmail.com"
|
9
|
+
spec.summary = "Like SecureRandom, but less… secure"
|
10
|
+
spec.description = "InsecureRandom overwrites SecureRandom to enable predictability via seeding."
|
11
|
+
spec.homepage = "https://github.com/laserlemon/insecure_random"
|
12
|
+
spec.license = "MIT"
|
13
|
+
|
14
|
+
spec.files = `git ls-files`.split($/)
|
15
|
+
spec.test_files = spec.files.grep(/^spec/)
|
16
|
+
spec.require_paths = ["lib"]
|
17
|
+
|
18
|
+
spec.add_development_dependency "bundler", "~> 1.3"
|
19
|
+
end
|
@@ -0,0 +1,84 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
describe SecureRandom do
|
4
|
+
let(:seed) { Kernel.srand }
|
5
|
+
|
6
|
+
describe ".random_bytes" do
|
7
|
+
it "is a 16 byte string" do
|
8
|
+
value = SecureRandom.random_bytes
|
9
|
+
|
10
|
+
expect(value).to be_a(String)
|
11
|
+
expect(value.size).to eq(16)
|
12
|
+
end
|
13
|
+
|
14
|
+
it "accepts an integer length argument" do
|
15
|
+
value = SecureRandom.random_bytes(32)
|
16
|
+
|
17
|
+
expect(value.size).to eq(32)
|
18
|
+
end
|
19
|
+
|
20
|
+
it "accepts a decimal length argument" do
|
21
|
+
value = SecureRandom.random_bytes(32.9)
|
22
|
+
|
23
|
+
expect(value.size).to eq(32)
|
24
|
+
end
|
25
|
+
|
26
|
+
it "accepts a nil length argument" do
|
27
|
+
value = SecureRandom.random_bytes(nil)
|
28
|
+
|
29
|
+
expect(value.size).to eq(16)
|
30
|
+
end
|
31
|
+
|
32
|
+
it "is random-ish" do
|
33
|
+
sample = []
|
34
|
+
1000.times do
|
35
|
+
SecureRandom.random_bytes.bytes.each do |byte|
|
36
|
+
sample << byte
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
# MATH!
|
41
|
+
mean = sample.inject(:+).to_f / sample.size
|
42
|
+
variance = sample.inject(0) { |memo, value|
|
43
|
+
memo + (value - mean) ** 2
|
44
|
+
}.to_f / (sample.size - 1)
|
45
|
+
actual_standard_deviation = Math.sqrt(variance)
|
46
|
+
expected_standard_deviation = Math.sqrt(((256 ** 2) - 1).to_f / 12)
|
47
|
+
|
48
|
+
expect(actual_standard_deviation).to be_within(1).
|
49
|
+
of(expected_standard_deviation)
|
50
|
+
end
|
51
|
+
|
52
|
+
it "is reproducible" do
|
53
|
+
Kernel.srand(seed)
|
54
|
+
value1 = SecureRandom.random_bytes
|
55
|
+
|
56
|
+
Kernel.srand(seed)
|
57
|
+
value2 = SecureRandom.random_bytes
|
58
|
+
|
59
|
+
expect(value2).to eq(value1)
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
63
|
+
%w(
|
64
|
+
hex
|
65
|
+
base64
|
66
|
+
urlsafe_base64
|
67
|
+
random_number
|
68
|
+
uuid
|
69
|
+
).each do |method|
|
70
|
+
if SecureRandom.respond_to?(method)
|
71
|
+
describe ".#{method}" do
|
72
|
+
it "is reproducible" do
|
73
|
+
Kernel.srand(seed)
|
74
|
+
value1 = SecureRandom.send(method)
|
75
|
+
|
76
|
+
Kernel.srand(seed)
|
77
|
+
value2 = SecureRandom.send(method)
|
78
|
+
|
79
|
+
expect(value2).to eq(value1)
|
80
|
+
end
|
81
|
+
end
|
82
|
+
end
|
83
|
+
end
|
84
|
+
end
|
data/spec/spec_helper.rb
ADDED
metadata
ADDED
@@ -0,0 +1,71 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: insecure_random
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 1.0.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Steve Richert
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2013-05-04 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: bundler
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ~>
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '1.3'
|
20
|
+
type: :development
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ~>
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '1.3'
|
27
|
+
description: InsecureRandom overwrites SecureRandom to enable predictability via seeding.
|
28
|
+
email: steve.richert@gmail.com
|
29
|
+
executables: []
|
30
|
+
extensions: []
|
31
|
+
extra_rdoc_files: []
|
32
|
+
files:
|
33
|
+
- .gitignore
|
34
|
+
- .travis.yml
|
35
|
+
- Gemfile
|
36
|
+
- LICENSE.txt
|
37
|
+
- README.md
|
38
|
+
- Rakefile
|
39
|
+
- insecure_random.gemspec
|
40
|
+
- lib/insecure_random.rb
|
41
|
+
- spec/insecure_random_spec.rb
|
42
|
+
- spec/spec_helper.rb
|
43
|
+
- spec/support/random.rb
|
44
|
+
homepage: https://github.com/laserlemon/insecure_random
|
45
|
+
licenses:
|
46
|
+
- MIT
|
47
|
+
metadata: {}
|
48
|
+
post_install_message:
|
49
|
+
rdoc_options: []
|
50
|
+
require_paths:
|
51
|
+
- lib
|
52
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
53
|
+
requirements:
|
54
|
+
- - ! '>='
|
55
|
+
- !ruby/object:Gem::Version
|
56
|
+
version: '0'
|
57
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ! '>='
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
requirements: []
|
63
|
+
rubyforge_project:
|
64
|
+
rubygems_version: 2.0.3
|
65
|
+
signing_key:
|
66
|
+
specification_version: 4
|
67
|
+
summary: Like SecureRandom, but less… secure
|
68
|
+
test_files:
|
69
|
+
- spec/insecure_random_spec.rb
|
70
|
+
- spec/spec_helper.rb
|
71
|
+
- spec/support/random.rb
|