keepass_kpscript 1.0.1 → 1.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +12 -0
- data/lib/keepass_kpscript/database.rb +14 -8
- data/lib/keepass_kpscript/kpscript.rb +5 -5
- data/lib/keepass_kpscript/version.rb +1 -1
- data/lib/keepass_kpscript.rb +1 -1
- data/spec/keepass_kpscript_test/tests/keepass_kpscript/database_spec.rb +3 -2
- data/spec/keepass_kpscript_test/tests/keepass_kpscript/kpscript_spec.rb +46 -3
- data/spec/keepass_kpscript_test/tests/keepass_kpscript/select_spec.rb +1 -1
- metadata +17 -16
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b1c605ca8a0c0de5f28f15c8f3fdd6a729d8dd49878b43c17ec44113a331aa4c
|
4
|
+
data.tar.gz: 3658287daa6058f0f70708230b2adf2bacdc915c92f06e185c47e17a09c1fa2c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a3cececdf48d3eda224f62226704e1692f450cbc45bf602fd975137ff3717c9123142f97de938f4dfc8ab4cf1d593b80559460e1be15d2b0d61fabff46c45cd8
|
7
|
+
data.tar.gz: 6a20566054d420590e00f48339f32aa9468b932d4a3592f16dffd8d770f6c3380f02d6f7e0e10734bbf33a7a9f731106b690069d3949144aa8cacea3bf2d5bc9
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,15 @@
|
|
1
|
+
# [v1.1.1](https://github.com/Muriel-Salvan/keepass_kpscript/compare/v1.1.0...v1.1.1) (2022-12-31 12:36:42)
|
2
|
+
|
3
|
+
### Patches
|
4
|
+
|
5
|
+
* [Migrated to Ruby 3.1 - Support for 2.7 dropped](https://github.com/Muriel-Salvan/keepass_kpscript/commit/a4d1b47e93aa262e1190832ec151f35b03388ad1)
|
6
|
+
|
7
|
+
# [v1.1.0](https://github.com/Muriel-Salvan/keepass_kpscript/compare/v1.0.1...v1.1.0) (2021-07-09 16:10:11)
|
8
|
+
|
9
|
+
### Features
|
10
|
+
|
11
|
+
* [[Feature] [#1] Support secret strings as input for any possible secret to protect them from logs and exceptions output](https://github.com/Muriel-Salvan/keepass_kpscript/commit/1de9d2e3d5e3445f8a5cfe987428f74145a7e4ba)
|
12
|
+
|
1
13
|
# [v1.0.1](https://github.com/Muriel-Salvan/keepass_kpscript/compare/v1.0.0...v1.0.1) (2021-06-30 15:29:15)
|
2
14
|
|
3
15
|
### Patches
|
@@ -15,9 +15,9 @@ module KeepassKpscript
|
|
15
15
|
# Parameters::
|
16
16
|
# * *kpscript* (Kpscript): The KPScript instance handling this database
|
17
17
|
# * *database_file* (String): Database file path
|
18
|
-
# * *password* (String or nil): Password opening the database, or nil if none [default: nil].
|
19
|
-
# * *password_enc* (String or nil): Encrypted password opening the database, or nil if none [default: nil].
|
20
|
-
# * *key_file* (String or nil): Key file path opening the database, or nil if none [default: nil].
|
18
|
+
# * *password* (String, SecretString or nil): Password opening the database, or nil if none [default: nil].
|
19
|
+
# * *password_enc* (String, SecretString or nil): Encrypted password opening the database, or nil if none [default: nil].
|
20
|
+
# * *key_file* (String, SecretString or nil): Key file path opening the database, or nil if none [default: nil].
|
21
21
|
def initialize(kpscript, database_file, password: nil, password_enc: nil, key_file: nil)
|
22
22
|
@kpscript = kpscript
|
23
23
|
@database_file = database_file
|
@@ -78,7 +78,7 @@ module KeepassKpscript
|
|
78
78
|
#
|
79
79
|
# Parameters::
|
80
80
|
# * *select* (Select): The entries selector
|
81
|
-
# * *fields* (Hash<String or Symbol, String>): Set of { field name => field value } to be set [default: {}]
|
81
|
+
# * *fields* (Hash<String or Symbol, String or SecretString>): Set of { field name => field value } to be set [default: {}]
|
82
82
|
# * *icon_idx* (Integer or nil): Set the icon index, or nil if none [default: nil]
|
83
83
|
# * *custom_icon_idx* (Integer or nil): Set the custom icon index, or nil if none [default: nil]
|
84
84
|
# * *expires* (Boolean or nil): Edit the expires flag, or nil to leave it untouched [default: nil]
|
@@ -96,7 +96,9 @@ module KeepassKpscript
|
|
96
96
|
args = [
|
97
97
|
'-c:EditEntry',
|
98
98
|
select.to_s
|
99
|
-
] + fields.map
|
99
|
+
] + fields.map do |field_name, field_value|
|
100
|
+
SecretString.new("-set-#{field_name}:\"#{field_value.to_unprotected}\"", silenced_str: "-set-#{field_name}:\"#{field_value}\"")
|
101
|
+
end
|
100
102
|
args << "-setx-Icon:#{icon_idx}" if icon_idx
|
101
103
|
args << "-setx-CustomIcon:#{custom_icon_idx}" if custom_icon_idx
|
102
104
|
args << "-setx-Expires:#{expires ? 'true' : 'false'}" unless expires.nil?
|
@@ -172,9 +174,13 @@ module KeepassKpscript
|
|
172
174
|
resulting_stdout = nil
|
173
175
|
begin
|
174
176
|
kdbx_args = ["\"#{@database_file}\""]
|
175
|
-
|
176
|
-
|
177
|
-
|
177
|
+
{
|
178
|
+
'pw' => @password,
|
179
|
+
'pw-enc' => @password_enc,
|
180
|
+
'keyfile' => @key_file
|
181
|
+
}.each do |arg, var|
|
182
|
+
kdbx_args << SecretString.new("-#{arg}:\"#{var.to_unprotected}\"", silenced_str: "-#{arg}:\"#{var.is_a?(SecretString) ? var.to_s : 'XXXXX'}\"") if var
|
183
|
+
end
|
178
184
|
resulting_stdout = @kpscript.run(kdbx_args + args.flatten)
|
179
185
|
ensure
|
180
186
|
# Make sure we erase secrets
|
@@ -24,13 +24,13 @@ module KeepassKpscript
|
|
24
24
|
#
|
25
25
|
# Parameters::
|
26
26
|
# * *database_file* (String): Path to the database file
|
27
|
-
# * *password* (String or nil): Password opening the database, or nil if none [default: nil].
|
28
|
-
# * *password_enc* (String or nil): Encrypted password opening the database, or nil if none [default: nil].
|
29
|
-
# * *key_file* (String or nil): Key file path opening the database, or nil if none [default: nil].
|
27
|
+
# * *password* (String, SecretString or nil): Password opening the database, or nil if none [default: nil].
|
28
|
+
# * *password_enc* (String, SecretString or nil): Encrypted password opening the database, or nil if none [default: nil].
|
29
|
+
# * *key_file* (String, SecretString or nil): Key file path opening the database, or nil if none [default: nil].
|
30
30
|
# Result::
|
31
31
|
# * Database: The database
|
32
32
|
def open(database_file, password: nil, password_enc: nil, key_file: nil)
|
33
|
-
Database.new(self, database_file, password
|
33
|
+
Database.new(self, database_file, password:, password_enc:, key_file:)
|
34
34
|
end
|
35
35
|
|
36
36
|
# Shortcut to get easily access to selectors
|
@@ -55,7 +55,7 @@ module KeepassKpscript
|
|
55
55
|
begin
|
56
56
|
tmp_database = self.open(tmp_database_file, password: 'pass_encryptor')
|
57
57
|
selector = select.fields(Title: 'pass_encryptor')
|
58
|
-
tmp_database.edit_entries(selector, fields: { Password: password
|
58
|
+
tmp_database.edit_entries(selector, fields: { Password: password })
|
59
59
|
password_enc = tmp_database.entries_string(selector, 'URL', spr: true).first
|
60
60
|
ensure
|
61
61
|
File.unlink tmp_database_file
|
data/lib/keepass_kpscript.rb
CHANGED
@@ -4,7 +4,7 @@ describe KeepassKpscript::Database do
|
|
4
4
|
|
5
5
|
subject(:database) { kpscript.open('/path/to/my_db.kdbx', password: 'MyPassword') }
|
6
6
|
|
7
|
-
let(:kpscript) { KeepassKpscript.use('/path/to/KPScript.exe', debug:
|
7
|
+
let(:kpscript) { KeepassKpscript.use('/path/to/KPScript.exe', debug:) }
|
8
8
|
|
9
9
|
it 'gets a simple password for an entry title' do
|
10
10
|
expect_calls_to_kpscript [
|
@@ -136,6 +136,7 @@ describe KeepassKpscript::Database do
|
|
136
136
|
# All edit entries test cases
|
137
137
|
{
|
138
138
|
{ fields: { Field: 'Value' } } => '-set-Field:"Value"',
|
139
|
+
{ fields: { Field: SecretString.new('Value') } } => '-set-Field:"Value"',
|
139
140
|
{ fields: { Field1: 'Value1', Field2: 'Value2' } } => '-set-Field1:"Value1" -set-Field2:"Value2"',
|
140
141
|
{ icon_idx: 7 } => '-setx-Icon:7',
|
141
142
|
{ custom_icon_idx: 11 } => '-setx-CustomIcon:11',
|
@@ -186,7 +187,7 @@ describe KeepassKpscript::Database do
|
|
186
187
|
]
|
187
188
|
]
|
188
189
|
expect { kpscript.open(database_file, password: 'MyPassword').detach_bins(copy_to_dir: bins_dir) }.not_to raise_error
|
189
|
-
expect(File.exist?(bins_dir)).to
|
190
|
+
expect(File.exist?(bins_dir)).to be true
|
190
191
|
# Check that no database copy is remaining
|
191
192
|
expect(Dir.glob("#{bins_dir}/*")).to eq []
|
192
193
|
ensure
|
@@ -2,7 +2,7 @@ describe KeepassKpscript::Kpscript do
|
|
2
2
|
|
3
3
|
shared_examples 'a kpscript instance' do
|
4
4
|
|
5
|
-
subject(:kpscript) { KeepassKpscript.use('/path/to/KPScript.exe', debug:
|
5
|
+
subject(:kpscript) { KeepassKpscript.use('/path/to/KPScript.exe', debug:) }
|
6
6
|
|
7
7
|
it 'gives an instance wrapping a KPScript installation' do
|
8
8
|
expect_calls_to_kpscript [['/path/to/KPScript.exe -example-arg', 'OK: Operation completed successfully.']]
|
@@ -12,11 +12,11 @@ describe KeepassKpscript::Kpscript do
|
|
12
12
|
it 'encrypts passwords' do
|
13
13
|
expect_calls_to_kpscript [
|
14
14
|
[
|
15
|
-
|
15
|
+
"/path/to/KPScript.exe \"#{Dir.tmpdir}/keepass_kpscript.tmp.kdbx\" -pw:\"pass_encryptor\" -c:EditEntry -ref-Title:\"pass_encryptor\" -set-Password:\"MyPassword\"",
|
16
16
|
'OK: Operation completed successfully.'
|
17
17
|
],
|
18
18
|
[
|
19
|
-
|
19
|
+
"/path/to/KPScript.exe \"#{Dir.tmpdir}/keepass_kpscript.tmp.kdbx\" -pw:\"pass_encryptor\" -c:GetEntryString -ref-Title:\"pass_encryptor\" -Field:\"URL\" -Spr",
|
20
20
|
<<~EO_STDOUT
|
21
21
|
ENCRYPTED_PASSWORD
|
22
22
|
OK: Operation completed successfully.
|
@@ -26,6 +26,23 @@ describe KeepassKpscript::Kpscript do
|
|
26
26
|
expect(kpscript.encrypt_password('MyPassword')).to eq 'ENCRYPTED_PASSWORD'
|
27
27
|
end
|
28
28
|
|
29
|
+
it 'encrypts passwords using SecretString' do
|
30
|
+
expect_calls_to_kpscript [
|
31
|
+
[
|
32
|
+
"/path/to/KPScript.exe \"#{Dir.tmpdir}/keepass_kpscript.tmp.kdbx\" -pw:\"pass_encryptor\" -c:EditEntry -ref-Title:\"pass_encryptor\" -set-Password:\"MyPassword\"",
|
33
|
+
'OK: Operation completed successfully.'
|
34
|
+
],
|
35
|
+
[
|
36
|
+
"/path/to/KPScript.exe \"#{Dir.tmpdir}/keepass_kpscript.tmp.kdbx\" -pw:\"pass_encryptor\" -c:GetEntryString -ref-Title:\"pass_encryptor\" -Field:\"URL\" -Spr",
|
37
|
+
<<~EO_STDOUT
|
38
|
+
ENCRYPTED_PASSWORD
|
39
|
+
OK: Operation completed successfully.
|
40
|
+
EO_STDOUT
|
41
|
+
]
|
42
|
+
]
|
43
|
+
expect(kpscript.encrypt_password(SecretString.new('MyPassword'))).to eq 'ENCRYPTED_PASSWORD'
|
44
|
+
end
|
45
|
+
|
29
46
|
it 'opens a database with a password' do
|
30
47
|
expect_calls_to_kpscript [
|
31
48
|
[
|
@@ -39,6 +56,19 @@ describe KeepassKpscript::Kpscript do
|
|
39
56
|
expect(kpscript.open('/path/to/my_db.kdbx', password: 'MyPassword').password_for('MyEntryTitle')).to eq 'MyEntryPassword'
|
40
57
|
end
|
41
58
|
|
59
|
+
it 'opens a database with a password using SecretString' do
|
60
|
+
expect_calls_to_kpscript [
|
61
|
+
[
|
62
|
+
'/path/to/KPScript.exe "/path/to/my_db.kdbx" -pw:"MyPassword" -c:GetEntryString -ref-Title:"MyEntryTitle" -Field:"Password"',
|
63
|
+
<<~EO_STDOUT
|
64
|
+
MyEntryPassword
|
65
|
+
OK: Operation completed successfully.
|
66
|
+
EO_STDOUT
|
67
|
+
]
|
68
|
+
]
|
69
|
+
expect(kpscript.open('/path/to/my_db.kdbx', password: SecretString.new('MyPassword')).password_for('MyEntryTitle')).to eq 'MyEntryPassword'
|
70
|
+
end
|
71
|
+
|
42
72
|
it 'opens a database with an encrypted password' do
|
43
73
|
expect_calls_to_kpscript [
|
44
74
|
[
|
@@ -91,6 +121,19 @@ describe KeepassKpscript::Kpscript do
|
|
91
121
|
expect(kpscript.open('/path/to/my_db.kdbx', password_enc: 'MyEncryptedPassword', key_file: '/path/to/key_file').password_for('MyEntryTitle')).to eq 'MyEntryPassword'
|
92
122
|
end
|
93
123
|
|
124
|
+
it 'opens a database with a key file and encrypted password using SecretStrings' do
|
125
|
+
expect_calls_to_kpscript [
|
126
|
+
[
|
127
|
+
'/path/to/KPScript.exe "/path/to/my_db.kdbx" -pw-enc:"MyEncryptedPassword" -keyfile:"/path/to/key_file" -c:GetEntryString -ref-Title:"MyEntryTitle" -Field:"Password"',
|
128
|
+
<<~EO_STDOUT
|
129
|
+
MyEntryPassword
|
130
|
+
OK: Operation completed successfully.
|
131
|
+
EO_STDOUT
|
132
|
+
]
|
133
|
+
]
|
134
|
+
expect(kpscript.open('/path/to/my_db.kdbx', password_enc: SecretString.new('MyEncryptedPassword'), key_file: SecretString.new('/path/to/key_file')).password_for('MyEntryTitle')).to eq 'MyEntryPassword'
|
135
|
+
end
|
136
|
+
|
94
137
|
it 'gives a selector' do
|
95
138
|
expect_calls_to_kpscript []
|
96
139
|
expect(kpscript.select.fields(Title: 'MyEntryTitle').to_s).to eq '-ref-Title:"MyEntryTitle"'
|
@@ -2,7 +2,7 @@ describe KeepassKpscript::Select do
|
|
2
2
|
|
3
3
|
shared_examples 'a selector' do
|
4
4
|
|
5
|
-
subject(:selector) { KeepassKpscript.use('/path/to/KPScript.exe', debug:
|
5
|
+
subject(:selector) { KeepassKpscript.use('/path/to/KPScript.exe', debug:).select }
|
6
6
|
|
7
7
|
{
|
8
8
|
proc { |s| s.fields(Field: 'Value') } => '-ref-Field:"Value"',
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: keepass_kpscript
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Muriel Salvan
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-12-31 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: secret_string
|
@@ -16,78 +16,78 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: '1.
|
19
|
+
version: '1.1'
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: '1.
|
26
|
+
version: '1.1'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: rspec
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
31
|
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: '3.
|
33
|
+
version: '3.12'
|
34
34
|
type: :development
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: '3.
|
40
|
+
version: '3.12'
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: sem_ver_components
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
45
|
- - "~>"
|
46
46
|
- !ruby/object:Gem::Version
|
47
|
-
version: '0.
|
47
|
+
version: '0.3'
|
48
48
|
type: :development
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
52
|
- - "~>"
|
53
53
|
- !ruby/object:Gem::Version
|
54
|
-
version: '0.
|
54
|
+
version: '0.3'
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
56
|
name: rubocop
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
58
58
|
requirements:
|
59
59
|
- - "~>"
|
60
60
|
- !ruby/object:Gem::Version
|
61
|
-
version: '1.
|
61
|
+
version: '1.41'
|
62
62
|
type: :development
|
63
63
|
prerelease: false
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
65
65
|
requirements:
|
66
66
|
- - "~>"
|
67
67
|
- !ruby/object:Gem::Version
|
68
|
-
version: '1.
|
68
|
+
version: '1.41'
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
70
|
name: rubocop-rspec
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
72
72
|
requirements:
|
73
73
|
- - "~>"
|
74
74
|
- !ruby/object:Gem::Version
|
75
|
-
version: '2.
|
75
|
+
version: '2.16'
|
76
76
|
type: :development
|
77
77
|
prerelease: false
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
79
79
|
requirements:
|
80
80
|
- - "~>"
|
81
81
|
- !ruby/object:Gem::Version
|
82
|
-
version: '2.
|
82
|
+
version: '2.16'
|
83
83
|
description: Ruby API to handle Keepass databases using KPScript
|
84
84
|
email:
|
85
85
|
- muriel@x-aeon.com
|
86
86
|
executables: []
|
87
87
|
extensions: []
|
88
88
|
extra_rdoc_files:
|
89
|
-
- README.md
|
90
89
|
- CHANGELOG.md
|
90
|
+
- README.md
|
91
91
|
files:
|
92
92
|
- CHANGELOG.md
|
93
93
|
- README.md
|
@@ -106,7 +106,8 @@ files:
|
|
106
106
|
homepage:
|
107
107
|
licenses:
|
108
108
|
- BSD-3-Clause
|
109
|
-
metadata:
|
109
|
+
metadata:
|
110
|
+
rubygems_mfa_required: 'true'
|
110
111
|
post_install_message:
|
111
112
|
rdoc_options: []
|
112
113
|
require_paths:
|
@@ -115,14 +116,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
115
116
|
requirements:
|
116
117
|
- - "~>"
|
117
118
|
- !ruby/object:Gem::Version
|
118
|
-
version: '
|
119
|
+
version: '3.1'
|
119
120
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
120
121
|
requirements:
|
121
122
|
- - ">="
|
122
123
|
- !ruby/object:Gem::Version
|
123
124
|
version: '0'
|
124
125
|
requirements: []
|
125
|
-
rubygems_version: 3.
|
126
|
+
rubygems_version: 3.3.26
|
126
127
|
signing_key:
|
127
128
|
specification_version: 4
|
128
129
|
summary: Keepass KPScript
|