insecure_random 1.0.0

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    NDAxYzI4OWVkOTliMjgwMzM3ZGQwMzA4YTMyMDRmNjMyNTFiMTVmMQ==
+  data.tar.gz: !binary |-
+    MjQxOGZhZmJkZGUzMTVkZDI1ZDczYzg1MDY2MGFjNWYzOWM5NTNiYg==
+!binary "U0hBNTEy":
+  metadata.gz: !binary |-
+    MjU4N2I2NGEzNjExZDNkMDg4MDExZDA3YTU0MDAxNzUzNGVkNDdjYzY3NzNm
+    ODQwYzk3ZmU5MmIzMDk4N2EwNjRlZWVkYTdiYmEwYzg4NmE1NmMyYzZmNDA2
+    MjhiODIzY2RhY2I5YmNlYTI0YzlkMmMwZmIxMjVhMWU1YTI2YmY=
+  data.tar.gz: !binary |-
+    YzQzNjhlZmIwYTY3MjIwNjgyZTY2Zjg5YjRkNmI3ZWU3NDdlYjE3ODIzMTA4
+    MTE1OWUwNGE1MDgxZjAwMTQxOWRjOTRkYWU2YTA3NGIwOTllYmYwNGQ0YTAy
+    NTczZDc4OGY1M2U4YTU0NDcwOTU0ZTNmODhkMjZmZjRkZmM0YzE=

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.travis.yml

@@ -0,0 +1,5 @@
+language: ruby
+rvm:
+  - 1.8.7
+  - 1.9.3
+  - 2.0.0

data/Gemfile

@@ -0,0 +1,7 @@
+source "https://rubygems.org"
+
+gemspec
+
+gem "coveralls", "~> 0.6", :require => false
+gem "rake", "~> 10.0"
+gem "rspec", "~> 2.13"

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Steve Richert
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,83 @@
+# InsecureRandom
+
+[![Gem Version](https://badge.fury.io/rb/insecure_random.png)](http://badge.fury.io/rb/insecure_random)
+[![Build Status](https://travis-ci.org/laserlemon/insecure_random.png?branch=master)](https://travis-ci.org/laserlemon/insecure_random)
+[![Code Climate](https://codeclimate.com/github/laserlemon/insecure_random.png)](https://codeclimate.com/github/laserlemon/insecure_random)
+[![Coverage Status](https://coveralls.io/repos/laserlemon/insecure_random/badge.png?branch=master)](https://coveralls.io/r/laserlemon/insecure_random)
+[![Dependency Status](https://gemnasium.com/laserlemon/insecure_random.png)](https://gemnasium.com/laserlemon/insecure_random)
+
+InsecureRandom overwrites SecureRandom to enable predictability via seeding.
+
+## Why?
+
+### RSpec
+
+RSpec has a fantastic feature that allows you to run your tests in random order.
+
+```bash
+rspec --order=random
+```
+
+Running tests in random order helps you find potential ordering dependencies in
+your test suite. For example, Test A and Test B both pass when run in that
+order, but Test A fails if Test B runs first.
+
+**Your test suite should not depend on the order in which the tests are run.**
+
+If an ordering dependency causes a test failure, you can rerun the tests in the
+same order using the seed from the previous run.
+
+```bash
+rspec --seed=93487
+```
+
+RSpec does this by seeding and using `Kernel.rand` to order your specs. This has
+the handy side effect of making other random test data reproducible as well. For
+example, your Factory Girl factories might use random data via Faker.
+
+```ruby
+FactoryGirl.define do
+  factory :user do
+    name { Faker::Name.name }
+    age { rand(100) }
+  end
+end
+```
+
+Since Faker uses `Kernel.rand` under the hood, your test data will be consistent
+across seeded RSpec runs.
+
+### SecureRandom
+
+But what happens when generating random data isn't confined to your test suite?
+
+Sometimes, it's necessary to generate random values for UUIDs, API keys, URL
+slugs, etc. The `SecureRandom` module is perfect for those situations.
+SecureRandom uses secure pseudorandom generators from tried and tested libraries
+such as OpenSSL.
+
+### The Problem
+
+The problem with testing code that involves SecureRandom is that SecureRandom
+isn't seedable, which means that RSpec isn't able to rerun your tests in a
+predictable way.
+
+### The Solution
+
+Fortunately, SecureRandom only defines a handful of methods so it's easy to
+override them to be backed by `Kernel.rand`.
+
+And it gets even better. All of SecureRandom's methods are derived from
+`SecureRandom.random_bytes` so overriding just that one method does the trick!
+
+## Installation
+
+Add InsecureRandom to your Gemfile's test group:
+
+```ruby
+group :development, :test do
+  gem "insecure_random"
+end
+```
+
+**Make sure that InsecureRandom is not loaded in production!**

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/insecure_random.gemspec

@@ -0,0 +1,19 @@
+# encoding: utf-8
+
+Gem::Specification.new do |spec|
+  spec.name    = "insecure_random"
+  spec.version = "1.0.0"
+
+  spec.author      = "Steve Richert"
+  spec.email       = "steve.richert@gmail.com"
+  spec.summary     = "Like SecureRandom, but less… secure"
+  spec.description = "InsecureRandom overwrites SecureRandom to enable predictability via seeding."
+  spec.homepage    = "https://github.com/laserlemon/insecure_random"
+  spec.license     = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.test_files    = spec.files.grep(/^spec/)
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.3"
+end

data/lib/insecure_random.rb

@@ -0,0 +1,8 @@
+require "securerandom"
+
+module SecureRandom
+  def self.random_bytes(n = nil)
+    n = n ? n.to_int : 16
+    Array.new(n) { Kernel.rand(256) }.pack("C*")
+  end
+end

data/spec/insecure_random_spec.rb

@@ -0,0 +1,84 @@
+require "spec_helper"
+
+describe SecureRandom do
+  let(:seed) { Kernel.srand }
+
+  describe ".random_bytes" do
+    it "is a 16 byte string" do
+      value = SecureRandom.random_bytes
+
+      expect(value).to be_a(String)
+      expect(value.size).to eq(16)
+    end
+
+    it "accepts an integer length argument" do
+      value = SecureRandom.random_bytes(32)
+
+      expect(value.size).to eq(32)
+    end
+
+    it "accepts a decimal length argument" do
+      value = SecureRandom.random_bytes(32.9)
+
+      expect(value.size).to eq(32)
+    end
+
+    it "accepts a nil length argument" do
+      value = SecureRandom.random_bytes(nil)
+
+      expect(value.size).to eq(16)
+    end
+
+    it "is random-ish" do
+      sample = []
+      1000.times do
+        SecureRandom.random_bytes.bytes.each do |byte|
+          sample << byte
+        end
+      end
+
+      # MATH!
+      mean = sample.inject(:+).to_f / sample.size
+      variance = sample.inject(0) { |memo, value|
+        memo + (value - mean) ** 2
+      }.to_f / (sample.size - 1)
+      actual_standard_deviation = Math.sqrt(variance)
+      expected_standard_deviation = Math.sqrt(((256 ** 2) - 1).to_f / 12)
+
+      expect(actual_standard_deviation).to be_within(1).
+        of(expected_standard_deviation)
+    end
+
+    it "is reproducible" do
+      Kernel.srand(seed)
+      value1 = SecureRandom.random_bytes
+
+      Kernel.srand(seed)
+      value2 = SecureRandom.random_bytes
+
+      expect(value2).to eq(value1)
+    end
+  end
+
+  %w(
+    hex
+    base64
+    urlsafe_base64
+    random_number
+    uuid
+  ).each do |method|
+    if SecureRandom.respond_to?(method)
+      describe ".#{method}" do
+        it "is reproducible" do
+          Kernel.srand(seed)
+          value1 = SecureRandom.send(method)
+
+          Kernel.srand(seed)
+          value2 = SecureRandom.send(method)
+
+          expect(value2).to eq(value1)
+        end
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,6 @@
+require "coveralls"
+Coveralls.wear!
+
+require "insecure_random"
+
+Dir[File.expand_path("../support/*.rb", __FILE__)].each { |f| require f }

data/spec/support/random.rb

@@ -0,0 +1,3 @@
+RSpec.configure do |config|
+  config.order = "random"
+end

metadata

@@ -0,0 +1,71 @@
+--- !ruby/object:Gem::Specification
+name: insecure_random
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Steve Richert
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-05-04 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+description: InsecureRandom overwrites SecureRandom to enable predictability via seeding.
+email: steve.richert@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .travis.yml
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- insecure_random.gemspec
+- lib/insecure_random.rb
+- spec/insecure_random_spec.rb
+- spec/spec_helper.rb
+- spec/support/random.rb
+homepage: https://github.com/laserlemon/insecure_random
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.3
+signing_key: 
+specification_version: 4
+summary: Like SecureRandom, but less… secure
+test_files:
+- spec/insecure_random_spec.rb
+- spec/spec_helper.rb
+- spec/support/random.rb