keepass_kpscript 1.0.1 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/lib/keepass_kpscript/database.rb +14 -8
- data/lib/keepass_kpscript/kpscript.rb +4 -4
- data/lib/keepass_kpscript/version.rb +1 -1
- data/spec/keepass_kpscript_test/tests/keepass_kpscript/database_spec.rb +1 -0
- data/spec/keepass_kpscript_test/tests/keepass_kpscript/kpscript_spec.rb +43 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b43e6819b71dddbef09dc6dec7c7c95e20e53445e089d65e4eed898caba86a1d
|
4
|
+
data.tar.gz: 5b4d42dfe11bc27592e7414818e00826f1f44b52a64d53fe0538a5aadb335764
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 54aea07a8a029f137bb9af378d79b11f09728cd9c14c7ce94fee5568d7c6429678259d6d23480a3d81226ad06fadc6b84778c413929d1c2b1d3b44c4593b0c28
|
7
|
+
data.tar.gz: 88fdcd0538b7627e1cb86b3c975ec5bd89581a16be1ce9211b51d5b061253426f18b07cc08dbc4a558eba18b2f17f0fdff75fd3ec105d3d89a181a61a3df6acd
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,9 @@
|
|
1
|
+
# [v1.1.0](https://github.com/Muriel-Salvan/keepass_kpscript/compare/v1.0.1...v1.1.0) (2021-07-09 16:10:11)
|
2
|
+
|
3
|
+
### Features
|
4
|
+
|
5
|
+
* [[Feature] [#1] Support secret strings as input for any possible secret to protect them from logs and exceptions output](https://github.com/Muriel-Salvan/keepass_kpscript/commit/1de9d2e3d5e3445f8a5cfe987428f74145a7e4ba)
|
6
|
+
|
1
7
|
# [v1.0.1](https://github.com/Muriel-Salvan/keepass_kpscript/compare/v1.0.0...v1.0.1) (2021-06-30 15:29:15)
|
2
8
|
|
3
9
|
### Patches
|
@@ -15,9 +15,9 @@ module KeepassKpscript
|
|
15
15
|
# Parameters::
|
16
16
|
# * *kpscript* (Kpscript): The KPScript instance handling this database
|
17
17
|
# * *database_file* (String): Database file path
|
18
|
-
# * *password* (String or nil): Password opening the database, or nil if none [default: nil].
|
19
|
-
# * *password_enc* (String or nil): Encrypted password opening the database, or nil if none [default: nil].
|
20
|
-
# * *key_file* (String or nil): Key file path opening the database, or nil if none [default: nil].
|
18
|
+
# * *password* (String, SecretString or nil): Password opening the database, or nil if none [default: nil].
|
19
|
+
# * *password_enc* (String, SecretString or nil): Encrypted password opening the database, or nil if none [default: nil].
|
20
|
+
# * *key_file* (String, SecretString or nil): Key file path opening the database, or nil if none [default: nil].
|
21
21
|
def initialize(kpscript, database_file, password: nil, password_enc: nil, key_file: nil)
|
22
22
|
@kpscript = kpscript
|
23
23
|
@database_file = database_file
|
@@ -78,7 +78,7 @@ module KeepassKpscript
|
|
78
78
|
#
|
79
79
|
# Parameters::
|
80
80
|
# * *select* (Select): The entries selector
|
81
|
-
# * *fields* (Hash<String or Symbol, String>): Set of { field name => field value } to be set [default: {}]
|
81
|
+
# * *fields* (Hash<String or Symbol, String or SecretString>): Set of { field name => field value } to be set [default: {}]
|
82
82
|
# * *icon_idx* (Integer or nil): Set the icon index, or nil if none [default: nil]
|
83
83
|
# * *custom_icon_idx* (Integer or nil): Set the custom icon index, or nil if none [default: nil]
|
84
84
|
# * *expires* (Boolean or nil): Edit the expires flag, or nil to leave it untouched [default: nil]
|
@@ -96,7 +96,9 @@ module KeepassKpscript
|
|
96
96
|
args = [
|
97
97
|
'-c:EditEntry',
|
98
98
|
select.to_s
|
99
|
-
] + fields.map
|
99
|
+
] + fields.map do |field_name, field_value|
|
100
|
+
SecretString.new("-set-#{field_name}:\"#{field_value.to_unprotected}\"", silenced_str: "-set-#{field_name}:\"#{field_value}\"")
|
101
|
+
end
|
100
102
|
args << "-setx-Icon:#{icon_idx}" if icon_idx
|
101
103
|
args << "-setx-CustomIcon:#{custom_icon_idx}" if custom_icon_idx
|
102
104
|
args << "-setx-Expires:#{expires ? 'true' : 'false'}" unless expires.nil?
|
@@ -172,9 +174,13 @@ module KeepassKpscript
|
|
172
174
|
resulting_stdout = nil
|
173
175
|
begin
|
174
176
|
kdbx_args = ["\"#{@database_file}\""]
|
175
|
-
|
176
|
-
|
177
|
-
|
177
|
+
{
|
178
|
+
'pw' => @password,
|
179
|
+
'pw-enc' => @password_enc,
|
180
|
+
'keyfile' => @key_file
|
181
|
+
}.each do |arg, var|
|
182
|
+
kdbx_args << SecretString.new("-#{arg}:\"#{var.to_unprotected}\"", silenced_str: "-#{arg}:\"#{var.is_a?(SecretString) ? var.to_s : 'XXXXX'}\"") if var
|
183
|
+
end
|
178
184
|
resulting_stdout = @kpscript.run(kdbx_args + args.flatten)
|
179
185
|
ensure
|
180
186
|
# Make sure we erase secrets
|
@@ -24,9 +24,9 @@ module KeepassKpscript
|
|
24
24
|
#
|
25
25
|
# Parameters::
|
26
26
|
# * *database_file* (String): Path to the database file
|
27
|
-
# * *password* (String or nil): Password opening the database, or nil if none [default: nil].
|
28
|
-
# * *password_enc* (String or nil): Encrypted password opening the database, or nil if none [default: nil].
|
29
|
-
# * *key_file* (String or nil): Key file path opening the database, or nil if none [default: nil].
|
27
|
+
# * *password* (String, SecretString or nil): Password opening the database, or nil if none [default: nil].
|
28
|
+
# * *password_enc* (String, SecretString or nil): Encrypted password opening the database, or nil if none [default: nil].
|
29
|
+
# * *key_file* (String, SecretString or nil): Key file path opening the database, or nil if none [default: nil].
|
30
30
|
# Result::
|
31
31
|
# * Database: The database
|
32
32
|
def open(database_file, password: nil, password_enc: nil, key_file: nil)
|
@@ -55,7 +55,7 @@ module KeepassKpscript
|
|
55
55
|
begin
|
56
56
|
tmp_database = self.open(tmp_database_file, password: 'pass_encryptor')
|
57
57
|
selector = select.fields(Title: 'pass_encryptor')
|
58
|
-
tmp_database.edit_entries(selector, fields: { Password: password
|
58
|
+
tmp_database.edit_entries(selector, fields: { Password: password })
|
59
59
|
password_enc = tmp_database.entries_string(selector, 'URL', spr: true).first
|
60
60
|
ensure
|
61
61
|
File.unlink tmp_database_file
|
@@ -136,6 +136,7 @@ describe KeepassKpscript::Database do
|
|
136
136
|
# All edit entries test cases
|
137
137
|
{
|
138
138
|
{ fields: { Field: 'Value' } } => '-set-Field:"Value"',
|
139
|
+
{ fields: { Field: SecretString.new('Value') } } => '-set-Field:"Value"',
|
139
140
|
{ fields: { Field1: 'Value1', Field2: 'Value2' } } => '-set-Field1:"Value1" -set-Field2:"Value2"',
|
140
141
|
{ icon_idx: 7 } => '-setx-Icon:7',
|
141
142
|
{ custom_icon_idx: 11 } => '-setx-CustomIcon:11',
|
@@ -26,6 +26,23 @@ describe KeepassKpscript::Kpscript do
|
|
26
26
|
expect(kpscript.encrypt_password('MyPassword')).to eq 'ENCRYPTED_PASSWORD'
|
27
27
|
end
|
28
28
|
|
29
|
+
it 'encrypts passwords using SecretString' do
|
30
|
+
expect_calls_to_kpscript [
|
31
|
+
[
|
32
|
+
'/path/to/KPScript.exe "/tmp/keepass_kpscript.tmp.kdbx" -pw:"pass_encryptor" -c:EditEntry -ref-Title:"pass_encryptor" -set-Password:"MyPassword"',
|
33
|
+
'OK: Operation completed successfully.'
|
34
|
+
],
|
35
|
+
[
|
36
|
+
'/path/to/KPScript.exe "/tmp/keepass_kpscript.tmp.kdbx" -pw:"pass_encryptor" -c:GetEntryString -ref-Title:"pass_encryptor" -Field:"URL" -Spr',
|
37
|
+
<<~EO_STDOUT
|
38
|
+
ENCRYPTED_PASSWORD
|
39
|
+
OK: Operation completed successfully.
|
40
|
+
EO_STDOUT
|
41
|
+
]
|
42
|
+
]
|
43
|
+
expect(kpscript.encrypt_password(SecretString.new('MyPassword'))).to eq 'ENCRYPTED_PASSWORD'
|
44
|
+
end
|
45
|
+
|
29
46
|
it 'opens a database with a password' do
|
30
47
|
expect_calls_to_kpscript [
|
31
48
|
[
|
@@ -39,6 +56,19 @@ describe KeepassKpscript::Kpscript do
|
|
39
56
|
expect(kpscript.open('/path/to/my_db.kdbx', password: 'MyPassword').password_for('MyEntryTitle')).to eq 'MyEntryPassword'
|
40
57
|
end
|
41
58
|
|
59
|
+
it 'opens a database with a password using SecretString' do
|
60
|
+
expect_calls_to_kpscript [
|
61
|
+
[
|
62
|
+
'/path/to/KPScript.exe "/path/to/my_db.kdbx" -pw:"MyPassword" -c:GetEntryString -ref-Title:"MyEntryTitle" -Field:"Password"',
|
63
|
+
<<~EO_STDOUT
|
64
|
+
MyEntryPassword
|
65
|
+
OK: Operation completed successfully.
|
66
|
+
EO_STDOUT
|
67
|
+
]
|
68
|
+
]
|
69
|
+
expect(kpscript.open('/path/to/my_db.kdbx', password: SecretString.new('MyPassword')).password_for('MyEntryTitle')).to eq 'MyEntryPassword'
|
70
|
+
end
|
71
|
+
|
42
72
|
it 'opens a database with an encrypted password' do
|
43
73
|
expect_calls_to_kpscript [
|
44
74
|
[
|
@@ -91,6 +121,19 @@ describe KeepassKpscript::Kpscript do
|
|
91
121
|
expect(kpscript.open('/path/to/my_db.kdbx', password_enc: 'MyEncryptedPassword', key_file: '/path/to/key_file').password_for('MyEntryTitle')).to eq 'MyEntryPassword'
|
92
122
|
end
|
93
123
|
|
124
|
+
it 'opens a database with a key file and encrypted password using SecretStrings' do
|
125
|
+
expect_calls_to_kpscript [
|
126
|
+
[
|
127
|
+
'/path/to/KPScript.exe "/path/to/my_db.kdbx" -pw-enc:"MyEncryptedPassword" -keyfile:"/path/to/key_file" -c:GetEntryString -ref-Title:"MyEntryTitle" -Field:"Password"',
|
128
|
+
<<~EO_STDOUT
|
129
|
+
MyEntryPassword
|
130
|
+
OK: Operation completed successfully.
|
131
|
+
EO_STDOUT
|
132
|
+
]
|
133
|
+
]
|
134
|
+
expect(kpscript.open('/path/to/my_db.kdbx', password_enc: SecretString.new('MyEncryptedPassword'), key_file: SecretString.new('/path/to/key_file')).password_for('MyEntryTitle')).to eq 'MyEntryPassword'
|
135
|
+
end
|
136
|
+
|
94
137
|
it 'gives a selector' do
|
95
138
|
expect_calls_to_kpscript []
|
96
139
|
expect(kpscript.select.fields(Title: 'MyEntryTitle').to_s).to eq '-ref-Title:"MyEntryTitle"'
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: keepass_kpscript
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0
|
4
|
+
version: 1.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Muriel Salvan
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-07-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: secret_string
|