keepass_kpscript 1.0.1 → 1.1.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +12 -0
  3. data/lib/keepass_kpscript/database.rb +14 -8
  4. data/lib/keepass_kpscript/kpscript.rb +5 -5
  5. data/lib/keepass_kpscript/version.rb +1 -1
  6. data/lib/keepass_kpscript.rb +1 -1
  7. data/spec/keepass_kpscript_test/tests/keepass_kpscript/database_spec.rb +3 -2
  8. data/spec/keepass_kpscript_test/tests/keepass_kpscript/kpscript_spec.rb +46 -3
  9. data/spec/keepass_kpscript_test/tests/keepass_kpscript/select_spec.rb +1 -1
  10. metadata +17 -16
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f97c25985d64806567559377354f7bba9114e450253653fe8afcd73a6519b1c9
4
- data.tar.gz: '0778819142fef3931cf994bea3aa9c2ae7bf9d3320aee2935dfc9e6736476908'
3
+ metadata.gz: b1c605ca8a0c0de5f28f15c8f3fdd6a729d8dd49878b43c17ec44113a331aa4c
4
+ data.tar.gz: 3658287daa6058f0f70708230b2adf2bacdc915c92f06e185c47e17a09c1fa2c
5
5
  SHA512:
6
- metadata.gz: 07a5a1e79788ce88eb33375b789d4689c72a74882806d4400f57e22033bf2951334c60df205e3baa9163eec9d5e82e1069889f29b27c250c44fc21c0ef406f82
7
- data.tar.gz: c1eb2a87fbecf106d88e9155333d04d516ff3a27aac3f3a6b848b4863034c593244c811b4bf207ee2634a1358a350a82ba736da1218d644de60051ed118fcead
6
+ metadata.gz: a3cececdf48d3eda224f62226704e1692f450cbc45bf602fd975137ff3717c9123142f97de938f4dfc8ab4cf1d593b80559460e1be15d2b0d61fabff46c45cd8
7
+ data.tar.gz: 6a20566054d420590e00f48339f32aa9468b932d4a3592f16dffd8d770f6c3380f02d6f7e0e10734bbf33a7a9f731106b690069d3949144aa8cacea3bf2d5bc9
data/CHANGELOG.md CHANGED
@@ -1,3 +1,15 @@
1
+ # [v1.1.1](https://github.com/Muriel-Salvan/keepass_kpscript/compare/v1.1.0...v1.1.1) (2022-12-31 12:36:42)
2
+
3
+ ### Patches
4
+
5
+ * [Migrated to Ruby 3.1 - Support for 2.7 dropped](https://github.com/Muriel-Salvan/keepass_kpscript/commit/a4d1b47e93aa262e1190832ec151f35b03388ad1)
6
+
7
+ # [v1.1.0](https://github.com/Muriel-Salvan/keepass_kpscript/compare/v1.0.1...v1.1.0) (2021-07-09 16:10:11)
8
+
9
+ ### Features
10
+
11
+ * [[Feature] [#1] Support secret strings as input for any possible secret to protect them from logs and exceptions output](https://github.com/Muriel-Salvan/keepass_kpscript/commit/1de9d2e3d5e3445f8a5cfe987428f74145a7e4ba)
12
+
1
13
  # [v1.0.1](https://github.com/Muriel-Salvan/keepass_kpscript/compare/v1.0.0...v1.0.1) (2021-06-30 15:29:15)
2
14
 
3
15
  ### Patches
data/lib/keepass_kpscript/database.rb CHANGED
@@ -15,9 +15,9 @@ module KeepassKpscript
15
15
  # Parameters::
16
16
  # * *kpscript* (Kpscript): The KPScript instance handling this database
17
17
  # * *database_file* (String): Database file path
18
- # * *password* (String or nil): Password opening the database, or nil if none [default: nil].
19
- # * *password_enc* (String or nil): Encrypted password opening the database, or nil if none [default: nil].
20
- # * *key_file* (String or nil): Key file path opening the database, or nil if none [default: nil].
18
+ # * *password* (String, SecretString or nil): Password opening the database, or nil if none [default: nil].
19
+ # * *password_enc* (String, SecretString or nil): Encrypted password opening the database, or nil if none [default: nil].
20
+ # * *key_file* (String, SecretString or nil): Key file path opening the database, or nil if none [default: nil].
21
21
  def initialize(kpscript, database_file, password: nil, password_enc: nil, key_file: nil)
22
22
  @kpscript = kpscript
23
23
  @database_file = database_file
@@ -78,7 +78,7 @@ module KeepassKpscript
78
78
  #
79
79
  # Parameters::
80
80
  # * *select* (Select): The entries selector
81
- # * *fields* (Hash<String or Symbol, String>): Set of { field name => field value } to be set [default: {}]
81
+ # * *fields* (Hash<String or Symbol, String or SecretString>): Set of { field name => field value } to be set [default: {}]
82
82
  # * *icon_idx* (Integer or nil): Set the icon index, or nil if none [default: nil]
83
83
  # * *custom_icon_idx* (Integer or nil): Set the custom icon index, or nil if none [default: nil]
84
84
  # * *expires* (Boolean or nil): Edit the expires flag, or nil to leave it untouched [default: nil]
@@ -96,7 +96,9 @@ module KeepassKpscript
96
96
  args = [
97
97
  '-c:EditEntry',
98
98
  select.to_s
99
- ] + fields.map { |field_name, field_value| "-set-#{field_name}:\"#{field_value}\"" }
99
+ ] + fields.map do |field_name, field_value|
100
+ SecretString.new("-set-#{field_name}:\"#{field_value.to_unprotected}\"", silenced_str: "-set-#{field_name}:\"#{field_value}\"")
101
+ end
100
102
  args << "-setx-Icon:#{icon_idx}" if icon_idx
101
103
  args << "-setx-CustomIcon:#{custom_icon_idx}" if custom_icon_idx
102
104
  args << "-setx-Expires:#{expires ? 'true' : 'false'}" unless expires.nil?
@@ -172,9 +174,13 @@ module KeepassKpscript
172
174
  resulting_stdout = nil
173
175
  begin
174
176
  kdbx_args = ["\"#{@database_file}\""]
175
- kdbx_args << SecretString.new("-pw:\"#{@password}\"", silenced_str: '-pw:"XXXXX"') if @password
176
- kdbx_args << SecretString.new("-pw-enc:\"#{@password_enc}\"", silenced_str: '-pw-env:"XXXXX"') if @password_enc
177
- kdbx_args << SecretString.new("-keyfile:\"#{@key_file}\"", silenced_str: '-keyfile:"XXXXX"') if @key_file
177
+ {
178
+ 'pw' => @password,
179
+ 'pw-enc' => @password_enc,
180
+ 'keyfile' => @key_file
181
+ }.each do |arg, var|
182
+ kdbx_args << SecretString.new("-#{arg}:\"#{var.to_unprotected}\"", silenced_str: "-#{arg}:\"#{var.is_a?(SecretString) ? var.to_s : 'XXXXX'}\"") if var
183
+ end
178
184
  resulting_stdout = @kpscript.run(kdbx_args + args.flatten)
179
185
  ensure
180
186
  # Make sure we erase secrets
data/lib/keepass_kpscript/kpscript.rb CHANGED
@@ -24,13 +24,13 @@ module KeepassKpscript
24
24
  #
25
25
  # Parameters::
26
26
  # * *database_file* (String): Path to the database file
27
- # * *password* (String or nil): Password opening the database, or nil if none [default: nil].
28
- # * *password_enc* (String or nil): Encrypted password opening the database, or nil if none [default: nil].
29
- # * *key_file* (String or nil): Key file path opening the database, or nil if none [default: nil].
27
+ # * *password* (String, SecretString or nil): Password opening the database, or nil if none [default: nil].
28
+ # * *password_enc* (String, SecretString or nil): Encrypted password opening the database, or nil if none [default: nil].
29
+ # * *key_file* (String, SecretString or nil): Key file path opening the database, or nil if none [default: nil].
30
30
  # Result::
31
31
  # * Database: The database
32
32
  def open(database_file, password: nil, password_enc: nil, key_file: nil)
33
- Database.new(self, database_file, password: password, password_enc: password_enc, key_file: key_file)
33
+ Database.new(self, database_file, password:, password_enc:, key_file:)
34
34
  end
35
35
 
36
36
  # Shortcut to get easily access to selectors
@@ -55,7 +55,7 @@ module KeepassKpscript
55
55
  begin
56
56
  tmp_database = self.open(tmp_database_file, password: 'pass_encryptor')
57
57
  selector = select.fields(Title: 'pass_encryptor')
58
- tmp_database.edit_entries(selector, fields: { Password: password.to_unprotected })
58
+ tmp_database.edit_entries(selector, fields: { Password: password })
59
59
  password_enc = tmp_database.entries_string(selector, 'URL', spr: true).first
60
60
  ensure
61
61
  File.unlink tmp_database_file
data/lib/keepass_kpscript/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module KeepassKpscript
2
2
 
3
- VERSION = '1.0.1'
3
+ VERSION = '1.1.1'
4
4
 
5
5
  end
data/lib/keepass_kpscript.rb CHANGED
@@ -14,7 +14,7 @@ module KeepassKpscript
14
14
  # Result::
15
15
  # * Kpscript: A KPScript instance
16
16
  def use(cmd, debug: false)
17
- Kpscript.new(cmd, debug: debug)
17
+ Kpscript.new(cmd, debug:)
18
18
  end
19
19
 
20
20
  end
data/spec/keepass_kpscript_test/tests/keepass_kpscript/database_spec.rb CHANGED
@@ -4,7 +4,7 @@ describe KeepassKpscript::Database do
4
4
 
5
5
  subject(:database) { kpscript.open('/path/to/my_db.kdbx', password: 'MyPassword') }
6
6
 
7
- let(:kpscript) { KeepassKpscript.use('/path/to/KPScript.exe', debug: debug) }
7
+ let(:kpscript) { KeepassKpscript.use('/path/to/KPScript.exe', debug:) }
8
8
 
9
9
  it 'gets a simple password for an entry title' do
10
10
  expect_calls_to_kpscript [
@@ -136,6 +136,7 @@ describe KeepassKpscript::Database do
136
136
  # All edit entries test cases
137
137
  {
138
138
  { fields: { Field: 'Value' } } => '-set-Field:"Value"',
139
+ { fields: { Field: SecretString.new('Value') } } => '-set-Field:"Value"',
139
140
  { fields: { Field1: 'Value1', Field2: 'Value2' } } => '-set-Field1:"Value1" -set-Field2:"Value2"',
140
141
  { icon_idx: 7 } => '-setx-Icon:7',
141
142
  { custom_icon_idx: 11 } => '-setx-CustomIcon:11',
@@ -186,7 +187,7 @@ describe KeepassKpscript::Database do
186
187
  ]
187
188
  ]
188
189
  expect { kpscript.open(database_file, password: 'MyPassword').detach_bins(copy_to_dir: bins_dir) }.not_to raise_error
189
- expect(File.exist?(bins_dir)).to eq true
190
+ expect(File.exist?(bins_dir)).to be true
190
191
  # Check that no database copy is remaining
191
192
  expect(Dir.glob("#{bins_dir}/*")).to eq []
192
193
  ensure
data/spec/keepass_kpscript_test/tests/keepass_kpscript/kpscript_spec.rb CHANGED
@@ -2,7 +2,7 @@ describe KeepassKpscript::Kpscript do
2
2
 
3
3
  shared_examples 'a kpscript instance' do
4
4
 
5
- subject(:kpscript) { KeepassKpscript.use('/path/to/KPScript.exe', debug: debug) }
5
+ subject(:kpscript) { KeepassKpscript.use('/path/to/KPScript.exe', debug:) }
6
6
 
7
7
  it 'gives an instance wrapping a KPScript installation' do
8
8
  expect_calls_to_kpscript [['/path/to/KPScript.exe -example-arg', 'OK: Operation completed successfully.']]
@@ -12,11 +12,11 @@ describe KeepassKpscript::Kpscript do
12
12
  it 'encrypts passwords' do
13
13
  expect_calls_to_kpscript [
14
14
  [
15
- '/path/to/KPScript.exe "/tmp/keepass_kpscript.tmp.kdbx" -pw:"pass_encryptor" -c:EditEntry -ref-Title:"pass_encryptor" -set-Password:"MyPassword"',
15
+ "/path/to/KPScript.exe \"#{Dir.tmpdir}/keepass_kpscript.tmp.kdbx\" -pw:\"pass_encryptor\" -c:EditEntry -ref-Title:\"pass_encryptor\" -set-Password:\"MyPassword\"",
16
16
  'OK: Operation completed successfully.'
17
17
  ],
18
18
  [
19
- '/path/to/KPScript.exe "/tmp/keepass_kpscript.tmp.kdbx" -pw:"pass_encryptor" -c:GetEntryString -ref-Title:"pass_encryptor" -Field:"URL" -Spr',
19
+ "/path/to/KPScript.exe \"#{Dir.tmpdir}/keepass_kpscript.tmp.kdbx\" -pw:\"pass_encryptor\" -c:GetEntryString -ref-Title:\"pass_encryptor\" -Field:\"URL\" -Spr",
20
20
  <<~EO_STDOUT
21
21
  ENCRYPTED_PASSWORD
22
22
  OK: Operation completed successfully.
@@ -26,6 +26,23 @@ describe KeepassKpscript::Kpscript do
26
26
  expect(kpscript.encrypt_password('MyPassword')).to eq 'ENCRYPTED_PASSWORD'
27
27
  end
28
28
 
29
+ it 'encrypts passwords using SecretString' do
30
+ expect_calls_to_kpscript [
31
+ [
32
+ "/path/to/KPScript.exe \"#{Dir.tmpdir}/keepass_kpscript.tmp.kdbx\" -pw:\"pass_encryptor\" -c:EditEntry -ref-Title:\"pass_encryptor\" -set-Password:\"MyPassword\"",
33
+ 'OK: Operation completed successfully.'
34
+ ],
35
+ [
36
+ "/path/to/KPScript.exe \"#{Dir.tmpdir}/keepass_kpscript.tmp.kdbx\" -pw:\"pass_encryptor\" -c:GetEntryString -ref-Title:\"pass_encryptor\" -Field:\"URL\" -Spr",
37
+ <<~EO_STDOUT
38
+ ENCRYPTED_PASSWORD
39
+ OK: Operation completed successfully.
40
+ EO_STDOUT
41
+ ]
42
+ ]
43
+ expect(kpscript.encrypt_password(SecretString.new('MyPassword'))).to eq 'ENCRYPTED_PASSWORD'
44
+ end
45
+
29
46
  it 'opens a database with a password' do
30
47
  expect_calls_to_kpscript [
31
48
  [
@@ -39,6 +56,19 @@ describe KeepassKpscript::Kpscript do
39
56
  expect(kpscript.open('/path/to/my_db.kdbx', password: 'MyPassword').password_for('MyEntryTitle')).to eq 'MyEntryPassword'
40
57
  end
41
58
 
59
+ it 'opens a database with a password using SecretString' do
60
+ expect_calls_to_kpscript [
61
+ [
62
+ '/path/to/KPScript.exe "/path/to/my_db.kdbx" -pw:"MyPassword" -c:GetEntryString -ref-Title:"MyEntryTitle" -Field:"Password"',
63
+ <<~EO_STDOUT
64
+ MyEntryPassword
65
+ OK: Operation completed successfully.
66
+ EO_STDOUT
67
+ ]
68
+ ]
69
+ expect(kpscript.open('/path/to/my_db.kdbx', password: SecretString.new('MyPassword')).password_for('MyEntryTitle')).to eq 'MyEntryPassword'
70
+ end
71
+
42
72
  it 'opens a database with an encrypted password' do
43
73
  expect_calls_to_kpscript [
44
74
  [
@@ -91,6 +121,19 @@ describe KeepassKpscript::Kpscript do
91
121
  expect(kpscript.open('/path/to/my_db.kdbx', password_enc: 'MyEncryptedPassword', key_file: '/path/to/key_file').password_for('MyEntryTitle')).to eq 'MyEntryPassword'
92
122
  end
93
123
 
124
+ it 'opens a database with a key file and encrypted password using SecretStrings' do
125
+ expect_calls_to_kpscript [
126
+ [
127
+ '/path/to/KPScript.exe "/path/to/my_db.kdbx" -pw-enc:"MyEncryptedPassword" -keyfile:"/path/to/key_file" -c:GetEntryString -ref-Title:"MyEntryTitle" -Field:"Password"',
128
+ <<~EO_STDOUT
129
+ MyEntryPassword
130
+ OK: Operation completed successfully.
131
+ EO_STDOUT
132
+ ]
133
+ ]
134
+ expect(kpscript.open('/path/to/my_db.kdbx', password_enc: SecretString.new('MyEncryptedPassword'), key_file: SecretString.new('/path/to/key_file')).password_for('MyEntryTitle')).to eq 'MyEntryPassword'
135
+ end
136
+
94
137
  it 'gives a selector' do
95
138
  expect_calls_to_kpscript []
96
139
  expect(kpscript.select.fields(Title: 'MyEntryTitle').to_s).to eq '-ref-Title:"MyEntryTitle"'
data/spec/keepass_kpscript_test/tests/keepass_kpscript/select_spec.rb CHANGED
@@ -2,7 +2,7 @@ describe KeepassKpscript::Select do
2
2
 
3
3
  shared_examples 'a selector' do
4
4
 
5
- subject(:selector) { KeepassKpscript.use('/path/to/KPScript.exe', debug: debug).select }
5
+ subject(:selector) { KeepassKpscript.use('/path/to/KPScript.exe', debug:).select }
6
6
 
7
7
  {
8
8
  proc { |s| s.fields(Field: 'Value') } => '-ref-Field:"Value"',
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: keepass_kpscript
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.1
4
+ version: 1.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Muriel Salvan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-06-30 00:00:00.000000000 Z
11
+ date: 2022-12-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: secret_string
@@ -16,78 +16,78 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '1.0'
19
+ version: '1.1'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '1.0'
26
+ version: '1.1'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rspec
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: '3.8'
33
+ version: '3.12'
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: '3.8'
40
+ version: '3.12'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: sem_ver_components
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: '0.0'
47
+ version: '0.3'
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: '0.0'
54
+ version: '0.3'
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: rubocop
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
59
  - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: '1.16'
61
+ version: '1.41'
62
62
  type: :development
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
- version: '1.16'
68
+ version: '1.41'
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: rubocop-rspec
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
73
  - - "~>"
74
74
  - !ruby/object:Gem::Version
75
- version: '2.4'
75
+ version: '2.16'
76
76
  type: :development
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
80
  - - "~>"
81
81
  - !ruby/object:Gem::Version
82
- version: '2.4'
82
+ version: '2.16'
83
83
  description: Ruby API to handle Keepass databases using KPScript
84
84
  email:
85
85
  - muriel@x-aeon.com
86
86
  executables: []
87
87
  extensions: []
88
88
  extra_rdoc_files:
89
- - README.md
90
89
  - CHANGELOG.md
90
+ - README.md
91
91
  files:
92
92
  - CHANGELOG.md
93
93
  - README.md
@@ -106,7 +106,8 @@ files:
106
106
  homepage:
107
107
  licenses:
108
108
  - BSD-3-Clause
109
- metadata: {}
109
+ metadata:
110
+ rubygems_mfa_required: 'true'
110
111
  post_install_message:
111
112
  rdoc_options: []
112
113
  require_paths:
@@ -115,14 +116,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
115
116
  requirements:
116
117
  - - "~>"
117
118
  - !ruby/object:Gem::Version
118
- version: '2.7'
119
+ version: '3.1'
119
120
  required_rubygems_version: !ruby/object:Gem::Requirement
120
121
  requirements:
121
122
  - - ">="
122
123
  - !ruby/object:Gem::Version
123
124
  version: '0'
124
125
  requirements: []
125
- rubygems_version: 3.1.6
126
+ rubygems_version: 3.3.26
126
127
  signing_key:
127
128
  specification_version: 4
128
129
  summary: Keepass KPScript