keepass_kpscript 1.0.1 → 1.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +12 -0
  3. data/lib/keepass_kpscript/database.rb +14 -8
  4. data/lib/keepass_kpscript/kpscript.rb +5 -5
  5. data/lib/keepass_kpscript/version.rb +1 -1
  6. data/lib/keepass_kpscript.rb +1 -1
  7. data/spec/keepass_kpscript_test/tests/keepass_kpscript/database_spec.rb +3 -2
  8. data/spec/keepass_kpscript_test/tests/keepass_kpscript/kpscript_spec.rb +46 -3
  9. data/spec/keepass_kpscript_test/tests/keepass_kpscript/select_spec.rb +1 -1
  10. metadata +17 -16
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f97c25985d64806567559377354f7bba9114e450253653fe8afcd73a6519b1c9
4
- data.tar.gz: '0778819142fef3931cf994bea3aa9c2ae7bf9d3320aee2935dfc9e6736476908'
3
+ metadata.gz: b1c605ca8a0c0de5f28f15c8f3fdd6a729d8dd49878b43c17ec44113a331aa4c
4
+ data.tar.gz: 3658287daa6058f0f70708230b2adf2bacdc915c92f06e185c47e17a09c1fa2c
5
5
  SHA512:
6
- metadata.gz: 07a5a1e79788ce88eb33375b789d4689c72a74882806d4400f57e22033bf2951334c60df205e3baa9163eec9d5e82e1069889f29b27c250c44fc21c0ef406f82
7
- data.tar.gz: c1eb2a87fbecf106d88e9155333d04d516ff3a27aac3f3a6b848b4863034c593244c811b4bf207ee2634a1358a350a82ba736da1218d644de60051ed118fcead
6
+ metadata.gz: a3cececdf48d3eda224f62226704e1692f450cbc45bf602fd975137ff3717c9123142f97de938f4dfc8ab4cf1d593b80559460e1be15d2b0d61fabff46c45cd8
7
+ data.tar.gz: 6a20566054d420590e00f48339f32aa9468b932d4a3592f16dffd8d770f6c3380f02d6f7e0e10734bbf33a7a9f731106b690069d3949144aa8cacea3bf2d5bc9
data/CHANGELOG.md CHANGED
@@ -1,3 +1,15 @@
1
+ # [v1.1.1](https://github.com/Muriel-Salvan/keepass_kpscript/compare/v1.1.0...v1.1.1) (2022-12-31 12:36:42)
2
+
3
+ ### Patches
4
+
5
+ * [Migrated to Ruby 3.1 - Support for 2.7 dropped](https://github.com/Muriel-Salvan/keepass_kpscript/commit/a4d1b47e93aa262e1190832ec151f35b03388ad1)
6
+
7
+ # [v1.1.0](https://github.com/Muriel-Salvan/keepass_kpscript/compare/v1.0.1...v1.1.0) (2021-07-09 16:10:11)
8
+
9
+ ### Features
10
+
11
+ * [[Feature] [#1] Support secret strings as input for any possible secret to protect them from logs and exceptions output](https://github.com/Muriel-Salvan/keepass_kpscript/commit/1de9d2e3d5e3445f8a5cfe987428f74145a7e4ba)
12
+
1
13
  # [v1.0.1](https://github.com/Muriel-Salvan/keepass_kpscript/compare/v1.0.0...v1.0.1) (2021-06-30 15:29:15)
2
14
 
3
15
  ### Patches
data/lib/keepass_kpscript/database.rb CHANGED
@@ -15,9 +15,9 @@ module KeepassKpscript
15
15
  # Parameters::
16
16
  # * *kpscript* (Kpscript): The KPScript instance handling this database
17
17
  # * *database_file* (String): Database file path
18
- # * *password* (String or nil): Password opening the database, or nil if none [default: nil].
19
- # * *password_enc* (String or nil): Encrypted password opening the database, or nil if none [default: nil].
20
- # * *key_file* (String or nil): Key file path opening the database, or nil if none [default: nil].
18
+ # * *password* (String, SecretString or nil): Password opening the database, or nil if none [default: nil].
19
+ # * *password_enc* (String, SecretString or nil): Encrypted password opening the database, or nil if none [default: nil].
20
+ # * *key_file* (String, SecretString or nil): Key file path opening the database, or nil if none [default: nil].
21
21
  def initialize(kpscript, database_file, password: nil, password_enc: nil, key_file: nil)
22
22
  @kpscript = kpscript
23
23
  @database_file = database_file
@@ -78,7 +78,7 @@ module KeepassKpscript
78
78
  #
79
79
  # Parameters::
80
80
  # * *select* (Select): The entries selector
81
- # * *fields* (Hash<String or Symbol, String>): Set of { field name => field value } to be set [default: {}]
81
+ # * *fields* (Hash<String or Symbol, String or SecretString>): Set of { field name => field value } to be set [default: {}]
82
82
  # * *icon_idx* (Integer or nil): Set the icon index, or nil if none [default: nil]
83
83
  # * *custom_icon_idx* (Integer or nil): Set the custom icon index, or nil if none [default: nil]
84
84
  # * *expires* (Boolean or nil): Edit the expires flag, or nil to leave it untouched [default: nil]
@@ -96,7 +96,9 @@ module KeepassKpscript
96
96
  args = [
97
97
  '-c:EditEntry',
98
98
  select.to_s
99
- ] + fields.map { |field_name, field_value| "-set-#{field_name}:\"#{field_value}\"" }
99
+ ] + fields.map do |field_name, field_value|
100
+ SecretString.new("-set-#{field_name}:\"#{field_value.to_unprotected}\"", silenced_str: "-set-#{field_name}:\"#{field_value}\"")
101
+ end
100
102
  args << "-setx-Icon:#{icon_idx}" if icon_idx
101
103
  args << "-setx-CustomIcon:#{custom_icon_idx}" if custom_icon_idx
102
104
  args << "-setx-Expires:#{expires ? 'true' : 'false'}" unless expires.nil?
@@ -172,9 +174,13 @@ module KeepassKpscript
172
174
  resulting_stdout = nil
173
175
  begin
174
176
  kdbx_args = ["\"#{@database_file}\""]
175
- kdbx_args << SecretString.new("-pw:\"#{@password}\"", silenced_str: '-pw:"XXXXX"') if @password
176
- kdbx_args << SecretString.new("-pw-enc:\"#{@password_enc}\"", silenced_str: '-pw-env:"XXXXX"') if @password_enc
177
- kdbx_args << SecretString.new("-keyfile:\"#{@key_file}\"", silenced_str: '-keyfile:"XXXXX"') if @key_file
177
+ {
178
+ 'pw' => @password,
179
+ 'pw-enc' => @password_enc,
180
+ 'keyfile' => @key_file
181
+ }.each do |arg, var|
182
+ kdbx_args << SecretString.new("-#{arg}:\"#{var.to_unprotected}\"", silenced_str: "-#{arg}:\"#{var.is_a?(SecretString) ? var.to_s : 'XXXXX'}\"") if var
183
+ end
178
184
  resulting_stdout = @kpscript.run(kdbx_args + args.flatten)
179
185
  ensure
180
186
  # Make sure we erase secrets
data/lib/keepass_kpscript/kpscript.rb CHANGED
@@ -24,13 +24,13 @@ module KeepassKpscript
24
24
  #
25
25
  # Parameters::
26
26
  # * *database_file* (String): Path to the database file
27
- # * *password* (String or nil): Password opening the database, or nil if none [default: nil].
28
- # * *password_enc* (String or nil): Encrypted password opening the database, or nil if none [default: nil].
29
- # * *key_file* (String or nil): Key file path opening the database, or nil if none [default: nil].
27
+ # * *password* (String, SecretString or nil): Password opening the database, or nil if none [default: nil].
28
+ # * *password_enc* (String, SecretString or nil): Encrypted password opening the database, or nil if none [default: nil].
29
+ # * *key_file* (String, SecretString or nil): Key file path opening the database, or nil if none [default: nil].
30
30
  # Result::
31
31
  # * Database: The database
32
32
  def open(database_file, password: nil, password_enc: nil, key_file: nil)
33
- Database.new(self, database_file, password: password, password_enc: password_enc, key_file: key_file)
33
+ Database.new(self, database_file, password:, password_enc:, key_file:)
34
34
  end
35
35
 
36
36
  # Shortcut to get easily access to selectors
@@ -55,7 +55,7 @@ module KeepassKpscript
55
55
  begin
56
56
  tmp_database = self.open(tmp_database_file, password: 'pass_encryptor')
57
57
  selector = select.fields(Title: 'pass_encryptor')
58
- tmp_database.edit_entries(selector, fields: { Password: password.to_unprotected })
58
+ tmp_database.edit_entries(selector, fields: { Password: password })
59
59
  password_enc = tmp_database.entries_string(selector, 'URL', spr: true).first
60
60
  ensure
61
61
  File.unlink tmp_database_file
data/lib/keepass_kpscript/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module KeepassKpscript
2
2
 
3
- VERSION = '1.0.1'
3
+ VERSION = '1.1.1'
4
4
 
5
5
  end
data/lib/keepass_kpscript.rb CHANGED
@@ -14,7 +14,7 @@ module KeepassKpscript
14
14
  # Result::
15
15
  # * Kpscript: A KPScript instance
16
16
  def use(cmd, debug: false)
17
- Kpscript.new(cmd, debug: debug)
17
+ Kpscript.new(cmd, debug:)
18
18
  end
19
19
 
20
20
  end
data/spec/keepass_kpscript_test/tests/keepass_kpscript/database_spec.rb CHANGED
@@ -4,7 +4,7 @@ describe KeepassKpscript::Database do
4
4
 
5
5
  subject(:database) { kpscript.open('/path/to/my_db.kdbx', password: 'MyPassword') }
6
6
 
7
- let(:kpscript) { KeepassKpscript.use('/path/to/KPScript.exe', debug: debug) }
7
+ let(:kpscript) { KeepassKpscript.use('/path/to/KPScript.exe', debug:) }
8
8
 
9
9
  it 'gets a simple password for an entry title' do
10
10
  expect_calls_to_kpscript [
@@ -136,6 +136,7 @@ describe KeepassKpscript::Database do
136
136
  # All edit entries test cases
137
137
  {
138
138
  { fields: { Field: 'Value' } } => '-set-Field:"Value"',
139
+ { fields: { Field: SecretString.new('Value') } } => '-set-Field:"Value"',
139
140
  { fields: { Field1: 'Value1', Field2: 'Value2' } } => '-set-Field1:"Value1" -set-Field2:"Value2"',
140
141
  { icon_idx: 7 } => '-setx-Icon:7',
141
142
  { custom_icon_idx: 11 } => '-setx-CustomIcon:11',
@@ -186,7 +187,7 @@ describe KeepassKpscript::Database do
186
187
  ]
187
188
  ]
188
189
  expect { kpscript.open(database_file, password: 'MyPassword').detach_bins(copy_to_dir: bins_dir) }.not_to raise_error
189
- expect(File.exist?(bins_dir)).to eq true
190
+ expect(File.exist?(bins_dir)).to be true
190
191
  # Check that no database copy is remaining
191
192
  expect(Dir.glob("#{bins_dir}/*")).to eq []
192
193
  ensure
data/spec/keepass_kpscript_test/tests/keepass_kpscript/kpscript_spec.rb CHANGED
@@ -2,7 +2,7 @@ describe KeepassKpscript::Kpscript do
2
2
 
3
3
  shared_examples 'a kpscript instance' do
4
4
 
5
- subject(:kpscript) { KeepassKpscript.use('/path/to/KPScript.exe', debug: debug) }
5
+ subject(:kpscript) { KeepassKpscript.use('/path/to/KPScript.exe', debug:) }
6
6
 
7
7
  it 'gives an instance wrapping a KPScript installation' do
8
8
  expect_calls_to_kpscript [['/path/to/KPScript.exe -example-arg', 'OK: Operation completed successfully.']]
@@ -12,11 +12,11 @@ describe KeepassKpscript::Kpscript do
12
12
  it 'encrypts passwords' do
13
13
  expect_calls_to_kpscript [
14
14
  [
15
- '/path/to/KPScript.exe "/tmp/keepass_kpscript.tmp.kdbx" -pw:"pass_encryptor" -c:EditEntry -ref-Title:"pass_encryptor" -set-Password:"MyPassword"',
15
+ "/path/to/KPScript.exe \"#{Dir.tmpdir}/keepass_kpscript.tmp.kdbx\" -pw:\"pass_encryptor\" -c:EditEntry -ref-Title:\"pass_encryptor\" -set-Password:\"MyPassword\"",
16
16
  'OK: Operation completed successfully.'
17
17
  ],
18
18
  [
19
- '/path/to/KPScript.exe "/tmp/keepass_kpscript.tmp.kdbx" -pw:"pass_encryptor" -c:GetEntryString -ref-Title:"pass_encryptor" -Field:"URL" -Spr',
19
+ "/path/to/KPScript.exe \"#{Dir.tmpdir}/keepass_kpscript.tmp.kdbx\" -pw:\"pass_encryptor\" -c:GetEntryString -ref-Title:\"pass_encryptor\" -Field:\"URL\" -Spr",
20
20
  <<~EO_STDOUT
21
21
  ENCRYPTED_PASSWORD
22
22
  OK: Operation completed successfully.
@@ -26,6 +26,23 @@ describe KeepassKpscript::Kpscript do
26
26
  expect(kpscript.encrypt_password('MyPassword')).to eq 'ENCRYPTED_PASSWORD'
27
27
  end
28
28
 
29
+ it 'encrypts passwords using SecretString' do
30
+ expect_calls_to_kpscript [
31
+ [
32
+ "/path/to/KPScript.exe \"#{Dir.tmpdir}/keepass_kpscript.tmp.kdbx\" -pw:\"pass_encryptor\" -c:EditEntry -ref-Title:\"pass_encryptor\" -set-Password:\"MyPassword\"",
33
+ 'OK: Operation completed successfully.'
34
+ ],
35
+ [
36
+ "/path/to/KPScript.exe \"#{Dir.tmpdir}/keepass_kpscript.tmp.kdbx\" -pw:\"pass_encryptor\" -c:GetEntryString -ref-Title:\"pass_encryptor\" -Field:\"URL\" -Spr",
37
+ <<~EO_STDOUT
38
+ ENCRYPTED_PASSWORD
39
+ OK: Operation completed successfully.
40
+ EO_STDOUT
41
+ ]
42
+ ]
43
+ expect(kpscript.encrypt_password(SecretString.new('MyPassword'))).to eq 'ENCRYPTED_PASSWORD'
44
+ end
45
+
29
46
  it 'opens a database with a password' do
30
47
  expect_calls_to_kpscript [
31
48
  [
@@ -39,6 +56,19 @@ describe KeepassKpscript::Kpscript do
39
56
  expect(kpscript.open('/path/to/my_db.kdbx', password: 'MyPassword').password_for('MyEntryTitle')).to eq 'MyEntryPassword'
40
57
  end
41
58
 
59
+ it 'opens a database with a password using SecretString' do
60
+ expect_calls_to_kpscript [
61
+ [
62
+ '/path/to/KPScript.exe "/path/to/my_db.kdbx" -pw:"MyPassword" -c:GetEntryString -ref-Title:"MyEntryTitle" -Field:"Password"',
63
+ <<~EO_STDOUT
64
+ MyEntryPassword
65
+ OK: Operation completed successfully.
66
+ EO_STDOUT
67
+ ]
68
+ ]
69
+ expect(kpscript.open('/path/to/my_db.kdbx', password: SecretString.new('MyPassword')).password_for('MyEntryTitle')).to eq 'MyEntryPassword'
70
+ end
71
+
42
72
  it 'opens a database with an encrypted password' do
43
73
  expect_calls_to_kpscript [
44
74
  [
@@ -91,6 +121,19 @@ describe KeepassKpscript::Kpscript do
91
121
  expect(kpscript.open('/path/to/my_db.kdbx', password_enc: 'MyEncryptedPassword', key_file: '/path/to/key_file').password_for('MyEntryTitle')).to eq 'MyEntryPassword'
92
122
  end
93
123
 
124
+ it 'opens a database with a key file and encrypted password using SecretStrings' do
125
+ expect_calls_to_kpscript [
126
+ [
127
+ '/path/to/KPScript.exe "/path/to/my_db.kdbx" -pw-enc:"MyEncryptedPassword" -keyfile:"/path/to/key_file" -c:GetEntryString -ref-Title:"MyEntryTitle" -Field:"Password"',
128
+ <<~EO_STDOUT
129
+ MyEntryPassword
130
+ OK: Operation completed successfully.
131
+ EO_STDOUT
132
+ ]
133
+ ]
134
+ expect(kpscript.open('/path/to/my_db.kdbx', password_enc: SecretString.new('MyEncryptedPassword'), key_file: SecretString.new('/path/to/key_file')).password_for('MyEntryTitle')).to eq 'MyEntryPassword'
135
+ end
136
+
94
137
  it 'gives a selector' do
95
138
  expect_calls_to_kpscript []
96
139
  expect(kpscript.select.fields(Title: 'MyEntryTitle').to_s).to eq '-ref-Title:"MyEntryTitle"'
data/spec/keepass_kpscript_test/tests/keepass_kpscript/select_spec.rb CHANGED
@@ -2,7 +2,7 @@ describe KeepassKpscript::Select do
2
2
 
3
3
  shared_examples 'a selector' do
4
4
 
5
- subject(:selector) { KeepassKpscript.use('/path/to/KPScript.exe', debug: debug).select }
5
+ subject(:selector) { KeepassKpscript.use('/path/to/KPScript.exe', debug:).select }
6
6
 
7
7
  {
8
8
  proc { |s| s.fields(Field: 'Value') } => '-ref-Field:"Value"',
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: keepass_kpscript
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.1
4
+ version: 1.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Muriel Salvan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-06-30 00:00:00.000000000 Z
11
+ date: 2022-12-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: secret_string
@@ -16,78 +16,78 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '1.0'
19
+ version: '1.1'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '1.0'
26
+ version: '1.1'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rspec
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: '3.8'
33
+ version: '3.12'
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: '3.8'
40
+ version: '3.12'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: sem_ver_components
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: '0.0'
47
+ version: '0.3'
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: '0.0'
54
+ version: '0.3'
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: rubocop
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
59
  - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: '1.16'
61
+ version: '1.41'
62
62
  type: :development
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
- version: '1.16'
68
+ version: '1.41'
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: rubocop-rspec
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
73
  - - "~>"
74
74
  - !ruby/object:Gem::Version
75
- version: '2.4'
75
+ version: '2.16'
76
76
  type: :development
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
80
  - - "~>"
81
81
  - !ruby/object:Gem::Version
82
- version: '2.4'
82
+ version: '2.16'
83
83
  description: Ruby API to handle Keepass databases using KPScript
84
84
  email:
85
85
  - muriel@x-aeon.com
86
86
  executables: []
87
87
  extensions: []
88
88
  extra_rdoc_files:
89
- - README.md
90
89
  - CHANGELOG.md
90
+ - README.md
91
91
  files:
92
92
  - CHANGELOG.md
93
93
  - README.md
@@ -106,7 +106,8 @@ files:
106
106
  homepage:
107
107
  licenses:
108
108
  - BSD-3-Clause
109
- metadata: {}
109
+ metadata:
110
+ rubygems_mfa_required: 'true'
110
111
  post_install_message:
111
112
  rdoc_options: []
112
113
  require_paths:
@@ -115,14 +116,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
115
116
  requirements:
116
117
  - - "~>"
117
118
  - !ruby/object:Gem::Version
118
- version: '2.7'
119
+ version: '3.1'
119
120
  required_rubygems_version: !ruby/object:Gem::Requirement
120
121
  requirements:
121
122
  - - ">="
122
123
  - !ruby/object:Gem::Version
123
124
  version: '0'
124
125
  requirements: []
125
- rubygems_version: 3.1.6
126
+ rubygems_version: 3.3.26
126
127
  signing_key:
127
128
  specification_version: 4
128
129
  summary: Keepass KPScript