keepass_kpscript 1.0.1 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f97c25985d64806567559377354f7bba9114e450253653fe8afcd73a6519b1c9
4
- data.tar.gz: '0778819142fef3931cf994bea3aa9c2ae7bf9d3320aee2935dfc9e6736476908'
3
+ metadata.gz: b43e6819b71dddbef09dc6dec7c7c95e20e53445e089d65e4eed898caba86a1d
4
+ data.tar.gz: 5b4d42dfe11bc27592e7414818e00826f1f44b52a64d53fe0538a5aadb335764
5
5
  SHA512:
6
- metadata.gz: 07a5a1e79788ce88eb33375b789d4689c72a74882806d4400f57e22033bf2951334c60df205e3baa9163eec9d5e82e1069889f29b27c250c44fc21c0ef406f82
7
- data.tar.gz: c1eb2a87fbecf106d88e9155333d04d516ff3a27aac3f3a6b848b4863034c593244c811b4bf207ee2634a1358a350a82ba736da1218d644de60051ed118fcead
6
+ metadata.gz: 54aea07a8a029f137bb9af378d79b11f09728cd9c14c7ce94fee5568d7c6429678259d6d23480a3d81226ad06fadc6b84778c413929d1c2b1d3b44c4593b0c28
7
+ data.tar.gz: 88fdcd0538b7627e1cb86b3c975ec5bd89581a16be1ce9211b51d5b061253426f18b07cc08dbc4a558eba18b2f17f0fdff75fd3ec105d3d89a181a61a3df6acd
data/CHANGELOG.md CHANGED
@@ -1,3 +1,9 @@
1
+ # [v1.1.0](https://github.com/Muriel-Salvan/keepass_kpscript/compare/v1.0.1...v1.1.0) (2021-07-09 16:10:11)
2
+
3
+ ### Features
4
+
5
+ * [[Feature] [#1] Support secret strings as input for any possible secret to protect them from logs and exceptions output](https://github.com/Muriel-Salvan/keepass_kpscript/commit/1de9d2e3d5e3445f8a5cfe987428f74145a7e4ba)
6
+
1
7
  # [v1.0.1](https://github.com/Muriel-Salvan/keepass_kpscript/compare/v1.0.0...v1.0.1) (2021-06-30 15:29:15)
2
8
 
3
9
  ### Patches
@@ -15,9 +15,9 @@ module KeepassKpscript
15
15
  # Parameters::
16
16
  # * *kpscript* (Kpscript): The KPScript instance handling this database
17
17
  # * *database_file* (String): Database file path
18
- # * *password* (String or nil): Password opening the database, or nil if none [default: nil].
19
- # * *password_enc* (String or nil): Encrypted password opening the database, or nil if none [default: nil].
20
- # * *key_file* (String or nil): Key file path opening the database, or nil if none [default: nil].
18
+ # * *password* (String, SecretString or nil): Password opening the database, or nil if none [default: nil].
19
+ # * *password_enc* (String, SecretString or nil): Encrypted password opening the database, or nil if none [default: nil].
20
+ # * *key_file* (String, SecretString or nil): Key file path opening the database, or nil if none [default: nil].
21
21
  def initialize(kpscript, database_file, password: nil, password_enc: nil, key_file: nil)
22
22
  @kpscript = kpscript
23
23
  @database_file = database_file
@@ -78,7 +78,7 @@ module KeepassKpscript
78
78
  #
79
79
  # Parameters::
80
80
  # * *select* (Select): The entries selector
81
- # * *fields* (Hash<String or Symbol, String>): Set of { field name => field value } to be set [default: {}]
81
+ # * *fields* (Hash<String or Symbol, String or SecretString>): Set of { field name => field value } to be set [default: {}]
82
82
  # * *icon_idx* (Integer or nil): Set the icon index, or nil if none [default: nil]
83
83
  # * *custom_icon_idx* (Integer or nil): Set the custom icon index, or nil if none [default: nil]
84
84
  # * *expires* (Boolean or nil): Edit the expires flag, or nil to leave it untouched [default: nil]
@@ -96,7 +96,9 @@ module KeepassKpscript
96
96
  args = [
97
97
  '-c:EditEntry',
98
98
  select.to_s
99
- ] + fields.map { |field_name, field_value| "-set-#{field_name}:\"#{field_value}\"" }
99
+ ] + fields.map do |field_name, field_value|
100
+ SecretString.new("-set-#{field_name}:\"#{field_value.to_unprotected}\"", silenced_str: "-set-#{field_name}:\"#{field_value}\"")
101
+ end
100
102
  args << "-setx-Icon:#{icon_idx}" if icon_idx
101
103
  args << "-setx-CustomIcon:#{custom_icon_idx}" if custom_icon_idx
102
104
  args << "-setx-Expires:#{expires ? 'true' : 'false'}" unless expires.nil?
@@ -172,9 +174,13 @@ module KeepassKpscript
172
174
  resulting_stdout = nil
173
175
  begin
174
176
  kdbx_args = ["\"#{@database_file}\""]
175
- kdbx_args << SecretString.new("-pw:\"#{@password}\"", silenced_str: '-pw:"XXXXX"') if @password
176
- kdbx_args << SecretString.new("-pw-enc:\"#{@password_enc}\"", silenced_str: '-pw-env:"XXXXX"') if @password_enc
177
- kdbx_args << SecretString.new("-keyfile:\"#{@key_file}\"", silenced_str: '-keyfile:"XXXXX"') if @key_file
177
+ {
178
+ 'pw' => @password,
179
+ 'pw-enc' => @password_enc,
180
+ 'keyfile' => @key_file
181
+ }.each do |arg, var|
182
+ kdbx_args << SecretString.new("-#{arg}:\"#{var.to_unprotected}\"", silenced_str: "-#{arg}:\"#{var.is_a?(SecretString) ? var.to_s : 'XXXXX'}\"") if var
183
+ end
178
184
  resulting_stdout = @kpscript.run(kdbx_args + args.flatten)
179
185
  ensure
180
186
  # Make sure we erase secrets
@@ -24,9 +24,9 @@ module KeepassKpscript
24
24
  #
25
25
  # Parameters::
26
26
  # * *database_file* (String): Path to the database file
27
- # * *password* (String or nil): Password opening the database, or nil if none [default: nil].
28
- # * *password_enc* (String or nil): Encrypted password opening the database, or nil if none [default: nil].
29
- # * *key_file* (String or nil): Key file path opening the database, or nil if none [default: nil].
27
+ # * *password* (String, SecretString or nil): Password opening the database, or nil if none [default: nil].
28
+ # * *password_enc* (String, SecretString or nil): Encrypted password opening the database, or nil if none [default: nil].
29
+ # * *key_file* (String, SecretString or nil): Key file path opening the database, or nil if none [default: nil].
30
30
  # Result::
31
31
  # * Database: The database
32
32
  def open(database_file, password: nil, password_enc: nil, key_file: nil)
@@ -55,7 +55,7 @@ module KeepassKpscript
55
55
  begin
56
56
  tmp_database = self.open(tmp_database_file, password: 'pass_encryptor')
57
57
  selector = select.fields(Title: 'pass_encryptor')
58
- tmp_database.edit_entries(selector, fields: { Password: password.to_unprotected })
58
+ tmp_database.edit_entries(selector, fields: { Password: password })
59
59
  password_enc = tmp_database.entries_string(selector, 'URL', spr: true).first
60
60
  ensure
61
61
  File.unlink tmp_database_file
@@ -1,5 +1,5 @@
1
1
  module KeepassKpscript
2
2
 
3
- VERSION = '1.0.1'
3
+ VERSION = '1.1.0'
4
4
 
5
5
  end
@@ -136,6 +136,7 @@ describe KeepassKpscript::Database do
136
136
  # All edit entries test cases
137
137
  {
138
138
  { fields: { Field: 'Value' } } => '-set-Field:"Value"',
139
+ { fields: { Field: SecretString.new('Value') } } => '-set-Field:"Value"',
139
140
  { fields: { Field1: 'Value1', Field2: 'Value2' } } => '-set-Field1:"Value1" -set-Field2:"Value2"',
140
141
  { icon_idx: 7 } => '-setx-Icon:7',
141
142
  { custom_icon_idx: 11 } => '-setx-CustomIcon:11',
@@ -26,6 +26,23 @@ describe KeepassKpscript::Kpscript do
26
26
  expect(kpscript.encrypt_password('MyPassword')).to eq 'ENCRYPTED_PASSWORD'
27
27
  end
28
28
 
29
+ it 'encrypts passwords using SecretString' do
30
+ expect_calls_to_kpscript [
31
+ [
32
+ '/path/to/KPScript.exe "/tmp/keepass_kpscript.tmp.kdbx" -pw:"pass_encryptor" -c:EditEntry -ref-Title:"pass_encryptor" -set-Password:"MyPassword"',
33
+ 'OK: Operation completed successfully.'
34
+ ],
35
+ [
36
+ '/path/to/KPScript.exe "/tmp/keepass_kpscript.tmp.kdbx" -pw:"pass_encryptor" -c:GetEntryString -ref-Title:"pass_encryptor" -Field:"URL" -Spr',
37
+ <<~EO_STDOUT
38
+ ENCRYPTED_PASSWORD
39
+ OK: Operation completed successfully.
40
+ EO_STDOUT
41
+ ]
42
+ ]
43
+ expect(kpscript.encrypt_password(SecretString.new('MyPassword'))).to eq 'ENCRYPTED_PASSWORD'
44
+ end
45
+
29
46
  it 'opens a database with a password' do
30
47
  expect_calls_to_kpscript [
31
48
  [
@@ -39,6 +56,19 @@ describe KeepassKpscript::Kpscript do
39
56
  expect(kpscript.open('/path/to/my_db.kdbx', password: 'MyPassword').password_for('MyEntryTitle')).to eq 'MyEntryPassword'
40
57
  end
41
58
 
59
+ it 'opens a database with a password using SecretString' do
60
+ expect_calls_to_kpscript [
61
+ [
62
+ '/path/to/KPScript.exe "/path/to/my_db.kdbx" -pw:"MyPassword" -c:GetEntryString -ref-Title:"MyEntryTitle" -Field:"Password"',
63
+ <<~EO_STDOUT
64
+ MyEntryPassword
65
+ OK: Operation completed successfully.
66
+ EO_STDOUT
67
+ ]
68
+ ]
69
+ expect(kpscript.open('/path/to/my_db.kdbx', password: SecretString.new('MyPassword')).password_for('MyEntryTitle')).to eq 'MyEntryPassword'
70
+ end
71
+
42
72
  it 'opens a database with an encrypted password' do
43
73
  expect_calls_to_kpscript [
44
74
  [
@@ -91,6 +121,19 @@ describe KeepassKpscript::Kpscript do
91
121
  expect(kpscript.open('/path/to/my_db.kdbx', password_enc: 'MyEncryptedPassword', key_file: '/path/to/key_file').password_for('MyEntryTitle')).to eq 'MyEntryPassword'
92
122
  end
93
123
 
124
+ it 'opens a database with a key file and encrypted password using SecretStrings' do
125
+ expect_calls_to_kpscript [
126
+ [
127
+ '/path/to/KPScript.exe "/path/to/my_db.kdbx" -pw-enc:"MyEncryptedPassword" -keyfile:"/path/to/key_file" -c:GetEntryString -ref-Title:"MyEntryTitle" -Field:"Password"',
128
+ <<~EO_STDOUT
129
+ MyEntryPassword
130
+ OK: Operation completed successfully.
131
+ EO_STDOUT
132
+ ]
133
+ ]
134
+ expect(kpscript.open('/path/to/my_db.kdbx', password_enc: SecretString.new('MyEncryptedPassword'), key_file: SecretString.new('/path/to/key_file')).password_for('MyEntryTitle')).to eq 'MyEntryPassword'
135
+ end
136
+
94
137
  it 'gives a selector' do
95
138
  expect_calls_to_kpscript []
96
139
  expect(kpscript.select.fields(Title: 'MyEntryTitle').to_s).to eq '-ref-Title:"MyEntryTitle"'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: keepass_kpscript
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.1
4
+ version: 1.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Muriel Salvan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-06-30 00:00:00.000000000 Z
11
+ date: 2021-07-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: secret_string