insecure_random 1.0.0 → 2.0.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,15 +1,7 @@
1
1
  ---
2
- !binary "U0hBMQ==":
3
- metadata.gz: !binary |-
4
- NDAxYzI4OWVkOTliMjgwMzM3ZGQwMzA4YTMyMDRmNjMyNTFiMTVmMQ==
5
- data.tar.gz: !binary |-
6
- MjQxOGZhZmJkZGUzMTVkZDI1ZDczYzg1MDY2MGFjNWYzOWM5NTNiYg==
7
- !binary "U0hBNTEy":
8
- metadata.gz: !binary |-
9
- MjU4N2I2NGEzNjExZDNkMDg4MDExZDA3YTU0MDAxNzUzNGVkNDdjYzY3NzNm
10
- ODQwYzk3ZmU5MmIzMDk4N2EwNjRlZWVkYTdiYmEwYzg4NmE1NmMyYzZmNDA2
11
- MjhiODIzY2RhY2I5YmNlYTI0YzlkMmMwZmIxMjVhMWU1YTI2YmY=
12
- data.tar.gz: !binary |-
13
- YzQzNjhlZmIwYTY3MjIwNjgyZTY2Zjg5YjRkNmI3ZWU3NDdlYjE3ODIzMTA4
14
- MTE1OWUwNGE1MDgxZjAwMTQxOWRjOTRkYWU2YTA3NGIwOTllYmYwNGQ0YTAy
15
- NTczZDc4OGY1M2U4YTU0NDcwOTU0ZTNmODhkMjZmZjRkZmM0YzE=
2
+ SHA256:
3
+ metadata.gz: 519f7b609b76294dc750839c577871d059c37cdb691f31d453b22f26b36f4a04
4
+ data.tar.gz: 9a48762906039310db603629f2daf97725707abb1d1789ccc3ec5765eb28c10e
5
+ SHA512:
6
+ metadata.gz: a328decddeb3f2296d71da543f53e1684fa09bec2f70c4d1b7c566a137362a2586c62a7217e636572ef540872265a04ea1e69a667bc0c88c62a033aabd98140c
7
+ data.tar.gz: beece2427521fc912ac56d354eabadb43ce192c34aa85ad7b3f584e97fccfdd80bac21740c858e07a7920fec075f758210aa2ba39fbbcfe7bc4b3253c20c565c
data/LICENSE.txt CHANGED
@@ -1,22 +1,21 @@
1
- Copyright (c) 2013 Steve Richert
1
+ The MIT License (MIT)
2
2
 
3
- MIT License
3
+ Copyright (c) 2013 Steve Richert
4
4
 
5
- Permission is hereby granted, free of charge, to any person obtaining
6
- a copy of this software and associated documentation files (the
7
- "Software"), to deal in the Software without restriction, including
8
- without limitation the rights to use, copy, modify, merge, publish,
9
- distribute, sublicense, and/or sell copies of the Software, and to
10
- permit persons to whom the Software is furnished to do so, subject to
11
- the following conditions:
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
12
11
 
13
- The above copyright notice and this permission notice shall be
14
- included in all copies or substantial portions of the Software.
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
15
14
 
16
- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17
- EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18
- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19
- NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20
- LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21
- OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22
- WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
data/README.md CHANGED
@@ -1,12 +1,9 @@
1
1
  # InsecureRandom
2
2
 
3
- [![Gem Version](https://badge.fury.io/rb/insecure_random.png)](http://badge.fury.io/rb/insecure_random)
4
- [![Build Status](https://travis-ci.org/laserlemon/insecure_random.png?branch=master)](https://travis-ci.org/laserlemon/insecure_random)
5
- [![Code Climate](https://codeclimate.com/github/laserlemon/insecure_random.png)](https://codeclimate.com/github/laserlemon/insecure_random)
6
- [![Coverage Status](https://coveralls.io/repos/laserlemon/insecure_random/badge.png?branch=master)](https://coveralls.io/r/laserlemon/insecure_random)
7
- [![Dependency Status](https://gemnasium.com/laserlemon/insecure_random.png)](https://gemnasium.com/laserlemon/insecure_random)
3
+ [![Gem Version](https://img.shields.io/gem/v/insecure_random)](http://rubygems.org/gems/insecure_random)
4
+ [![Build Status](https://img.shields.io/github/actions/workflow/status/laserlemon/insecure_random/rake.yml)](https://github.com/laserlemon/insecure_random/actions/workflows/rake.yml)
8
5
 
9
- InsecureRandom overwrites SecureRandom to enable predictability via seeding.
6
+ InsecureRandom hooks into SecureRandom to enable predictability via seeding.
10
7
 
11
8
  ## Why?
12
9
 
@@ -33,10 +30,10 @@ rspec --seed=93487
33
30
 
34
31
  RSpec does this by seeding and using `Kernel.rand` to order your specs. This has
35
32
  the handy side effect of making other random test data reproducible as well. For
36
- example, your Factory Girl factories might use random data via Faker.
33
+ example, your Factory Bot factories might use random data via Faker.
37
34
 
38
35
  ```ruby
39
- FactoryGirl.define do
36
+ FactoryBot.define do
40
37
  factory :user do
41
38
  name { Faker::Name.name }
42
39
  age { rand(100) }
@@ -64,11 +61,28 @@ predictable way.
64
61
 
65
62
  ### The Solution
66
63
 
67
- Fortunately, SecureRandom only defines a handful of methods so it's easy to
68
- override them to be backed by `Kernel.rand`.
64
+ Fortunately, SecureRandom only defines a handful of methods so it's relatively
65
+ easy to override them to be backed by `Kernel.rand`.
69
66
 
70
- And it gets even better. All of SecureRandom's methods are derived from
71
- `SecureRandom.random_bytes` so overriding just that one method does the trick!
67
+ And it gets even better. All of SecureRandom's methods are derived from just
68
+ one method: `SecureRandom.gen_random`. So overriding that one method does the
69
+ trick!
70
+
71
+ ```ruby
72
+ Kernel.srand(123)
73
+ SecureRandom.alphanumeric # => "kMupcJV93fBPd34p"
74
+ SecureRandom.alphanumeric # => "WTiAHSCC3JeqYAdJ"
75
+ Kernel.srand(123)
76
+ SecureRandom.alphanumeric # => "jID3bLAGYx2FHi27"
77
+
78
+ InsecureRandom.enable!
79
+
80
+ Kernel.srand(123)
81
+ SecureRandom.alphanumeric # => "2YmG5zns39eGRfKQ"
82
+ SecureRandom.alphanumeric # => "c58d341u4OJzkTyD"
83
+ Kernel.srand(123)
84
+ SecureRandom.alphanumeric # => "2YmG5zns39eGRfKQ"
85
+ ```
72
86
 
73
87
  ## Installation
74
88
 
@@ -80,4 +94,35 @@ group :development, :test do
80
94
  end
81
95
  ```
82
96
 
83
- **Make sure that InsecureRandom is not loaded in production!**
97
+ ## Usage
98
+
99
+ As of InsecureRandom 2.0, SecureRandom's behavior remains entirely unchanged
100
+ until you explicitly enable InsecureRandom by adding the following to your
101
+ test/spec helper:
102
+
103
+ ```ruby
104
+ InsecureRandom.enable!
105
+ ```
106
+
107
+ The `enable!` method globally enables repeatable results from SecureRandom via
108
+ `Kernel.srand` seeding and can be disabled again with `InsecureRandom.disable!`.
109
+
110
+ You may also use the `enable` method to _temporarily_ enable SecureRandom
111
+ repeatability, only during execution of the given block. For example, RSpec
112
+ can be configured to enable InsecureRandom for each individual example:
113
+
114
+ ```ruby
115
+ RSpec.configure do |config|
116
+ config.around(:example) do |example|
117
+ InsecureRandom.enable do
118
+ example.run
119
+ end
120
+ end
121
+ end
122
+ ```
123
+
124
+ :star: InsecureRandom does not change SecureRandom's behavior until either the
125
+ `InsecureRandom.enable!` or `InsecureRandom.enable` method is explicitly called.
126
+ That said…
127
+
128
+ :warning: **Make sure that InsecureRandom is not enabled in production!** :warning:
@@ -1,19 +1,37 @@
1
- # encoding: utf-8
1
+ # frozen_string_literal: true
2
2
 
3
- Gem::Specification.new do |spec|
4
- spec.name = "insecure_random"
5
- spec.version = "1.0.0"
3
+ require_relative "lib/insecure_random/version"
6
4
 
7
- spec.author = "Steve Richert"
8
- spec.email = "steve.richert@gmail.com"
9
- spec.summary = "Like SecureRandom, but less… secure"
5
+ Gem::Specification.new do |spec|
6
+ spec.name = "insecure_random"
7
+ spec.summary = "Like SecureRandom, but less… secure"
10
8
  spec.description = "InsecureRandom overwrites SecureRandom to enable predictability via seeding."
11
- spec.homepage = "https://github.com/laserlemon/insecure_random"
12
- spec.license = "MIT"
9
+ spec.version = InsecureRandom::VERSION
10
+
11
+ spec.author = "Steve Richert"
12
+ spec.email = "steve.richert@hey.com"
13
+ spec.license = "MIT"
14
+ spec.homepage = "https://github.com/laserlemon/insecure_random"
15
+
16
+ spec.metadata = {
17
+ "allowed_push_host" => "https://rubygems.org",
18
+ "bug_tracker_uri" => "https://github.com/laserlemon/insecure_random/issues",
19
+ "funding_uri" => "https://github.com/sponsors/laserlemon",
20
+ "homepage_uri" => "https://github.com/laserlemon/insecure_random",
21
+ "rubygems_mfa_required" => "true",
22
+ "source_code_uri" => "https://github.com/laserlemon/insecure_random",
23
+ }
24
+
25
+ spec.required_ruby_version = ">= 3.0.0"
26
+ spec.add_development_dependency "bundler", ">= 2"
27
+ spec.add_development_dependency "rake", ">= 13"
13
28
 
14
- spec.files = `git ls-files`.split($/)
15
- spec.test_files = spec.files.grep(/^spec/)
16
- spec.require_paths = ["lib"]
29
+ spec.files = [
30
+ "insecure_random.gemspec",
31
+ "lib/insecure_random.rb",
32
+ "lib/insecure_random/version.rb",
33
+ "LICENSE.txt",
34
+ ]
17
35
 
18
- spec.add_development_dependency "bundler", "~> 1.3"
36
+ spec.extra_rdoc_files = ["README.md"]
19
37
  end
@@ -0,0 +1,5 @@
1
+ # frozen_string_literal: true
2
+
3
+ module InsecureRandom
4
+ VERSION = Gem::Version.new("2.0.0")
5
+ end
@@ -1,8 +1,92 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require "securerandom"
2
4
 
3
- module SecureRandom
4
- def self.random_bytes(n = nil)
5
- n = n ? n.to_int : 16
6
- Array.new(n) { Kernel.rand(256) }.pack("C*")
5
+ # The InsecureRandom module is the interface for enabling and disabling the
6
+ # ability to seed SecureRandom's output. Outside of enabling or disabling this
7
+ # ability, there should be no need to call methods on the InsecureRandom module
8
+ # directly. Simply use SecureRandom as you normally would, with the confidence
9
+ # that its output is now repeatable by seeding via Kernel.srand.
10
+ module InsecureRandom
11
+ # This module is mixed into SecureRandom via InsecureRandom.hook! Beccause
12
+ # the Hook module is empty, mixing it in changes no behavior, but this module
13
+ # gives us a foothold in SecureRandom so that adding instance methods to Hook
14
+ # module adds the same method to SecureRandom as a singleton method.
15
+ module Hook
16
+ end
17
+
18
+ # The Overrides module holds all of the method overrides necessary to change
19
+ # SecureRandom's behavior to repeatable by seeding.
20
+ module Overrides
21
+ def gen_random(n)
22
+ Random.bytes(n)
23
+ end
24
+ end
25
+
26
+ # Calling InsecureRandom.hook! prepends the Hook module onto SecureRandom's
27
+ # singleton class, allowing InsecureRandom to (later) override specific
28
+ # singleton methods.
29
+ #
30
+ # InsecureRandom.hook! is called at the bottom of this file and only needs
31
+ # to be called once. However, there should be no harmful effects if this
32
+ # method is called repeatedly.
33
+ def self.hook!
34
+ ::SecureRandom.singleton_class.prepend(Hook)
35
+
36
+ true
37
+ end
38
+
39
+ # Returns whether SecureRandom's behavior is currently repeatable by seeding.
40
+ def self.enabled?
41
+ Hook.instance_methods.any?
42
+ end
43
+
44
+ # Change SecureRandom's behavior to be repeatable by seeding. Enablement
45
+ # occurs globally and remains enabled until explicitly disabled. See:
46
+ # InsecureRandom.disable! below.
47
+ #
48
+ # Returns true if enabled successfully or false if already enabled.
49
+ def self.enable!
50
+ return false if enabled?
51
+
52
+ Overrides.instance_methods.each do |method|
53
+ Hook.define_method(method, Overrides.instance_method(method))
54
+ end
55
+
56
+ true
57
+ end
58
+
59
+ # Reverts SecureRandom's behavior to no longer be repeatable by seeding.
60
+ # Disablement occurs globally and remains disabled until explicity
61
+ # enabled. See: InsecureRandom.enable! above.
62
+ #
63
+ # Returns true if disabled successfully or false if already disabled.
64
+ def self.disable!
65
+ return false unless enabled?
66
+
67
+ Hook.instance_methods.each do |method|
68
+ Hook.remove_method(method)
69
+ end
70
+
71
+ true
72
+ end
73
+
74
+ # Enables SecureRandom's repeatable behavior for the duration of the given
75
+ # block, then reliably disables SecureRandom's repeatability.
76
+ #
77
+ # Returns the return value of the given block.
78
+ def self.enable
79
+ enable!
80
+ yield
81
+ ensure
82
+ disable!
7
83
  end
8
84
  end
85
+
86
+ # Install InsecureRandom.
87
+ #
88
+ # THIS DOES NOT *ENABLE* InsecureRandom. You must explicitly enable via
89
+ # the InsecureRandom.enable! or InsecureRandom.enable methods. Until
90
+ # InsecureRandom is explicitly enabled, SecureRandom's behavior remains
91
+ # entirely untouched.
92
+ InsecureRandom.hook!
metadata CHANGED
@@ -1,71 +1,82 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: insecure_random
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 2.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Steve Richert
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2013-05-04 00:00:00.000000000 Z
11
+ date: 2024-04-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - ~>
17
+ - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: '1.3'
19
+ version: '2'
20
20
  type: :development
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - ~>
24
+ - - ">="
25
25
  - !ruby/object:Gem::Version
26
- version: '1.3'
26
+ version: '2'
27
+ - !ruby/object:Gem::Dependency
28
+ name: rake
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '13'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '13'
27
41
  description: InsecureRandom overwrites SecureRandom to enable predictability via seeding.
28
- email: steve.richert@gmail.com
42
+ email: steve.richert@hey.com
29
43
  executables: []
30
44
  extensions: []
31
- extra_rdoc_files: []
45
+ extra_rdoc_files:
46
+ - README.md
32
47
  files:
33
- - .gitignore
34
- - .travis.yml
35
- - Gemfile
36
48
  - LICENSE.txt
37
49
  - README.md
38
- - Rakefile
39
50
  - insecure_random.gemspec
40
51
  - lib/insecure_random.rb
41
- - spec/insecure_random_spec.rb
42
- - spec/spec_helper.rb
43
- - spec/support/random.rb
52
+ - lib/insecure_random/version.rb
44
53
  homepage: https://github.com/laserlemon/insecure_random
45
54
  licenses:
46
55
  - MIT
47
- metadata: {}
56
+ metadata:
57
+ allowed_push_host: https://rubygems.org
58
+ bug_tracker_uri: https://github.com/laserlemon/insecure_random/issues
59
+ funding_uri: https://github.com/sponsors/laserlemon
60
+ homepage_uri: https://github.com/laserlemon/insecure_random
61
+ rubygems_mfa_required: 'true'
62
+ source_code_uri: https://github.com/laserlemon/insecure_random
48
63
  post_install_message:
49
64
  rdoc_options: []
50
65
  require_paths:
51
66
  - lib
52
67
  required_ruby_version: !ruby/object:Gem::Requirement
53
68
  requirements:
54
- - - ! '>='
69
+ - - ">="
55
70
  - !ruby/object:Gem::Version
56
- version: '0'
71
+ version: 3.0.0
57
72
  required_rubygems_version: !ruby/object:Gem::Requirement
58
73
  requirements:
59
- - - ! '>='
74
+ - - ">="
60
75
  - !ruby/object:Gem::Version
61
76
  version: '0'
62
77
  requirements: []
63
- rubyforge_project:
64
- rubygems_version: 2.0.3
78
+ rubygems_version: 3.4.19
65
79
  signing_key:
66
80
  specification_version: 4
67
81
  summary: Like SecureRandom, but less… secure
68
- test_files:
69
- - spec/insecure_random_spec.rb
70
- - spec/spec_helper.rb
71
- - spec/support/random.rb
82
+ test_files: []
data/.gitignore DELETED
@@ -1,17 +0,0 @@
1
- *.gem
2
- *.rbc
3
- .bundle
4
- .config
5
- .yardoc
6
- Gemfile.lock
7
- InstalledFiles
8
- _yardoc
9
- coverage
10
- doc/
11
- lib/bundler/man
12
- pkg
13
- rdoc
14
- spec/reports
15
- test/tmp
16
- test/version_tmp
17
- tmp
data/.travis.yml DELETED
@@ -1,5 +0,0 @@
1
- language: ruby
2
- rvm:
3
- - 1.8.7
4
- - 1.9.3
5
- - 2.0.0
data/Gemfile DELETED
@@ -1,7 +0,0 @@
1
- source "https://rubygems.org"
2
-
3
- gemspec
4
-
5
- gem "coveralls", "~> 0.6", :require => false
6
- gem "rake", "~> 10.0"
7
- gem "rspec", "~> 2.13"
data/Rakefile DELETED
@@ -1,6 +0,0 @@
1
- require "bundler/gem_tasks"
2
- require "rspec/core/rake_task"
3
-
4
- RSpec::Core::RakeTask.new(:spec)
5
-
6
- task :default => :spec
@@ -1,84 +0,0 @@
1
- require "spec_helper"
2
-
3
- describe SecureRandom do
4
- let(:seed) { Kernel.srand }
5
-
6
- describe ".random_bytes" do
7
- it "is a 16 byte string" do
8
- value = SecureRandom.random_bytes
9
-
10
- expect(value).to be_a(String)
11
- expect(value.size).to eq(16)
12
- end
13
-
14
- it "accepts an integer length argument" do
15
- value = SecureRandom.random_bytes(32)
16
-
17
- expect(value.size).to eq(32)
18
- end
19
-
20
- it "accepts a decimal length argument" do
21
- value = SecureRandom.random_bytes(32.9)
22
-
23
- expect(value.size).to eq(32)
24
- end
25
-
26
- it "accepts a nil length argument" do
27
- value = SecureRandom.random_bytes(nil)
28
-
29
- expect(value.size).to eq(16)
30
- end
31
-
32
- it "is random-ish" do
33
- sample = []
34
- 1000.times do
35
- SecureRandom.random_bytes.bytes.each do |byte|
36
- sample << byte
37
- end
38
- end
39
-
40
- # MATH!
41
- mean = sample.inject(:+).to_f / sample.size
42
- variance = sample.inject(0) { |memo, value|
43
- memo + (value - mean) ** 2
44
- }.to_f / (sample.size - 1)
45
- actual_standard_deviation = Math.sqrt(variance)
46
- expected_standard_deviation = Math.sqrt(((256 ** 2) - 1).to_f / 12)
47
-
48
- expect(actual_standard_deviation).to be_within(1).
49
- of(expected_standard_deviation)
50
- end
51
-
52
- it "is reproducible" do
53
- Kernel.srand(seed)
54
- value1 = SecureRandom.random_bytes
55
-
56
- Kernel.srand(seed)
57
- value2 = SecureRandom.random_bytes
58
-
59
- expect(value2).to eq(value1)
60
- end
61
- end
62
-
63
- %w(
64
- hex
65
- base64
66
- urlsafe_base64
67
- random_number
68
- uuid
69
- ).each do |method|
70
- if SecureRandom.respond_to?(method)
71
- describe ".#{method}" do
72
- it "is reproducible" do
73
- Kernel.srand(seed)
74
- value1 = SecureRandom.send(method)
75
-
76
- Kernel.srand(seed)
77
- value2 = SecureRandom.send(method)
78
-
79
- expect(value2).to eq(value1)
80
- end
81
- end
82
- end
83
- end
84
- end
data/spec/spec_helper.rb DELETED
@@ -1,6 +0,0 @@
1
- require "coveralls"
2
- Coveralls.wear!
3
-
4
- require "insecure_random"
5
-
6
- Dir[File.expand_path("../support/*.rb", __FILE__)].each { |f| require f }
@@ -1,3 +0,0 @@
1
- RSpec.configure do |config|
2
- config.order = "random"
3
- end