keybox 1.0.0

data/lib/keybox/term_io.rb

@@ -0,0 +1,163 @@
+module Keybox
+    # including this module assumes that the class included has 
+    # @stdout and @stdin member variables.
+    #
+    # This module also assumes that stty is available
+    module TermIO
+
+        # http://pueblo.sourceforge.net/doc/manual/ansi_color_codes.html
+        #
+        ESCAPE      = "\e"
+        BOLD_ON     = "[1m"
+        RESET       = "[0m"
+
+        FG_BLACK   = "[30m"
+        FG_RED     = "[31m"
+        FG_GREEN   = "[32m"
+        FG_YELLOW  = "[33m"
+        FG_BLUE    = "[34m"
+        FG_MAGENTA = "[35m"
+        FG_CYAN    = "[36m"
+        FG_WHITE   = "[37m"
+
+        COLORS = { 
+            :black     => FG_BLACK,
+            :red       => FG_RED,
+            :green     => FG_GREEN,
+            :yellow    => FG_YELLOW,
+            :blue      => FG_BLUE,
+            :magenta   => FG_MAGENTA,
+            :cyan      => FG_CYAN,
+            :white     => FG_WHITE,
+            }   
+
+        VALID_COLORS = COLORS.keys()
+
+
+        STTY            = "stty"
+        STTY_SAVE_CMD   = "#{STTY} -g"
+        STTY_RAW_CMD    = "#{STTY} raw -echo isig"
+
+        EOL_CHARS = [10, # '\n'
+                     13, # '\r'
+        ]
+        #
+        # prompt for input, returning what was typed.  If echo is false,
+        # then '*' is printed out for each character typed in.  If it is
+        # any other character then that is output instead.
+        #
+        # If validate is set to true, then it will prompt twice and make
+        # sure that the two values match
+        #
+        def prompt(p,echo = true, validate = false, width = 20) 
+            validated = false
+            line = ""
+            extra_prompt = " (again)"
+            original_prompt = p
+            validation_prompt = original_prompt + extra_prompt
+            width += extra_prompt.length
+
+            until validated do
+                line = prompt_and_return(original_prompt.rjust(width),echo)
+
+                # if we are validating then prompt again to validate
+                if validate then
+                    v = prompt_and_return(validation_prompt.rjust(width),echo)
+                    if v != line then
+                        color_puts "Entries do not match, try again.", :red
+                    else
+                        validated = true
+                    end
+                else 
+                    validated = true
+                end
+            end
+            return line
+        end
+
+        def prompt_y_n(p)
+            response = prompt(p)
+            if response.size > 0 and response.downcase[0].chr == 'y' then
+                true
+            else
+                false
+            end
+        end
+
+        def get_one_char
+            stty_original = %x{#{STTY_SAVE_CMD}}
+            char = nil
+            begin
+                system STTY_RAW_CMD
+                char = @stdin.getc
+            ensure
+                system "#{STTY} #{stty_original}"
+            end
+
+            return char
+        end
+
+        def prompt_and_return(the_prompt,echo)
+            line = ""
+            color_print "#{the_prompt} : ", :white
+            if echo != true then
+
+                echo_char = echo || '*'
+
+                if has_stty? then
+                    stty_original = %x{#{STTY_SAVE_CMD}}
+
+                    begin
+                        system STTY_RAW_CMD
+                        while char = @stdin.getc
+                            line << char
+                            break if EOL_CHARS.include? char 
+                            @stdout.putc echo_char
+                        end
+                    ensure
+                        system "#{STTY} #{stty_original}"
+                    end
+                    @stdout.puts
+                end
+            else
+                line = @stdin.gets
+            end
+
+            # if we got end of file or some other input resulting in
+            # line becoming nil then set it to the empty string
+            line = line || ""
+
+            return line.rstrip
+        end
+
+        def has_stty?
+            system "which stty > /dev/null 2>&1"
+        end
+
+        def colorize(text,color,bold=true)
+            before = ""
+            after  = ""
+            if VALID_COLORS.include?(color) then
+                before = ESCAPE + COLORS[color]
+                before = ESCAPE + BOLD_ON + before if bold
+                after  = ESCAPE + RESET
+            end
+            "#{before}#{text}#{after}"
+        end
+
+        def colorize_if_io_isatty(io,text,color,bold)
+            if io.tty? then
+                text = colorize(text,color,bold)
+            end
+            text
+        end
+
+        def color_puts(text, color, bold = true)
+            @stdout.puts colorize_if_io_isatty(@stdout,text,color,bold)
+        end
+
+        def color_print(text,color, bold = true)
+            @stdout.print colorize_if_io_isatty(@stdout,text,color,bold)
+        end
+    end
+end

data/lib/keybox/uuid.rb

@@ -0,0 +1,86 @@
+require 'keybox/randomizer'
+require 'yaml'
+module Keybox
+    #
+    # A quick implementation of a UUID class using the internal
+    # randomizer for byte generation
+    # 
+    class UUID
+
+        attr_reader :bytes
+
+        XF     = "%0.2x"
+        FORMAT = sprintf("%s-%s-%s-%s-%s", XF * 4, XF * 2, XF * 2, XF * 2, XF * 6)
+        REGEX  = %r|^[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$|
+
+        #
+        # the UUID can be initialized with:
+        #   - nothing ( default case ) in this case the UUID is generated
+        #   - a string in the standarde uuid format, in this case it is
+        #     decoded and converted to the internal format
+        #   - a string of bytes, in this case they are considered to be
+        #     the bytes used internally so 16 of them are taken
+        def initialize(bytes = nil)
+
+            if bytes.nil? then
+                @bytes = Keybox::RandomDevice.random_bytes(16)
+            elsif bytes.size == 36 and bytes.split("-").size == 5 then
+                if bytes =~ REGEX then
+                    # remove the dashes and make sure that we're all
+                    # lowercase
+                    b = bytes.gsub(/-/,'').downcase
+
+                    # convert to an array of hex strings
+                    b = b.unpack("a2"*16)
+
+                    # convert the hex strings to integers
+                    b.collect! { |x| x.to_i(16) }
+
+                    # and pack those integers into a string
+                    @bytes = b.pack("C*")
+
+                    # of course this could all be done in one line with
+                    # @bytes = bytes.gsub(/-/,'').downcase.unpack("a2"*16").collect {|x| x.to_i(16) }.pack("C*")
+                else
+                    raise ArgumentError, "[#{bytes}] is not a hex encoded UUID"
+                end
+            elsif bytes.kind_of?(String) and bytes.length >= 16
+                @bytes = bytes[0..16]
+            else
+                raise ArgumentError, "[#{bytes}] cannot be converted to a UUID"
+            end
+        end
+
+        #
+        # convert the bytes to the hex encoded string format of
+        # XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
+        # 
+        def to_s
+            sprintf(FORMAT,*to_a)
+        end
+        
+        def to_a
+            @bytes.unpack("C*")
+        end
+
+        def ==(other)
+            self.eql?(other)
+        end
+
+        def eql?(other)
+            case other
+            when Keybox::UUID
+                self.bytes == other.bytes
+            when String
+                begin
+                    o = Keybox::UUID.new(other)
+                    self == o
+                rescue 
+                    false
+                end
+            else
+                false
+            end
+        end
+    end
+end

data/spec/base_app_spec.rb

@@ -0,0 +1,56 @@
+require 'keybox'
+require 'keybox/application/base'
+
+context "Keybox Base Application" do
+
+    specify "nil argv should do nothing" do
+        kba = Keybox::Application::Base.new(nil)
+        kba.error_message.should_be nil
+    end
+
+    specify "executing with no args should have output on stdout" do
+        kba = Keybox::Application::Base.new(nil)
+        kba.stdout = StringIO.new
+        kba.run
+        kba.stdout.string.size.should_be > 0
+    end
+
+
+    specify "invalid options set the error message, exit 1 and have output on stderr" do
+        kba = Keybox::Application::Base.new(["--invalid-option"])
+        kba.stderr = StringIO.new
+        kba.stdout = StringIO.new
+        begin
+            kba.run
+        rescue SystemExit => se
+            kba.error_message.should_satisfy { |msg| msg =~ /Try.*--help/m }
+            kba.stderr.string.should_satisfy { |msg| msg =~ /Try.*--help/m }
+            kba.stdout.string.size.should_eql 0
+            se.status.should == 1
+        end
+    end
+
+    specify "help has output on stdout and exits 0" do
+        kba = Keybox::Application::Base.new(["--h"]) 
+        kba.stdout = StringIO.new
+        begin
+            kba.run
+        rescue SystemExit => se
+            se.status.should_eql 0
+            kba.stdout.string.length.should_be > 0
+        end
+    end
+
+    specify "version has output on stdout and exits 0" do
+        kba = Keybox::Application::Base.new(["--ver"]) 
+        kba.stdout = StringIO.new
+        begin
+            kba.run
+        rescue SystemExit => se
+            se.status.should_eql 0
+            kba.stdout.string.length.should_be > 0
+        end
+    end
+ 
+end
+

data/spec/convert_csv_spec.rb

@@ -0,0 +1,46 @@
+require 'tempfile'
+require 'keybox'
+require 'keybox/convert/csv'
+context "CSV Convert class" do
+    setup do 
+        @import_csv = Tempfile.new("keybox_import.csv")
+        @import_csv.puts "title,hostname,username,password,additional_info"
+        @import_csv.puts "example host,host.example.com,guest,mysecretpassword,use this account only for honeybots"
+        @import_csv.puts "example site,http://www.example.com,guest,mywebpassword,web forum login"
+        @import_csv.close
+
+        @bad_import_csv = Tempfile.new("keybox_bad_header.csv")
+        # missing a valid header
+        @bad_import_csv.puts "ttle,host,username,password,additional_info"
+        @bad_import_csv.puts "example host,host.example.com,guest,mysecretpassword,use this account only for honeybots"
+        @bad_import_csv.puts "example site,http://www.example.com,guest,mywebpassword,web forum login"
+
+        @export_csv = Tempfile.new("keybox_export.csv")
+
+    end
+
+    teardown do
+        @import_csv.unlink
+        @bad_import_csv.unlink
+        @export_csv.unlink
+    end
+
+    specify "able to load records from a file" do
+        entries = Keybox::Convert::CSV.from_file(@import_csv.path)
+        entries.size.should_eql 2
+        entries[0].hostname.should_eql "host.example.com"
+        entries[1].password.should_eql "mywebpassword"
+    end
+
+    specify "throws error if the header is bad" do
+        lambda { Keybox::Convert::CSV.from_file(@bad_import_csv.path) }.should_raise Keybox::ValidationError
+    end
+
+    specify "able to write to a csv file" do
+        entries = Keybox::Convert::CSV.from_file(@import_csv.path)
+        Keybox::Convert::CSV.to_file(entries,@export_csv.path)
+        @export_csv.open
+        data = @export_csv.read
+        data.size.should_be > 0
+    end
+end

data/spec/entry_spec.rb

@@ -0,0 +1,63 @@
+require 'keybox'
+context "Account Entry" do
+    specify "fields get set correctly" do
+        k = Keybox::AccountEntry.new("a test title", "user")
+        k.username.should_eql "user"
+        k.title.should_eql "a test title"
+    end
+
+    specify "fields can be accessed" do
+        k = Keybox::AccountEntry.new("a test title", "user")
+        k.fields.should_include "title"
+        k.fields.should_include "username"
+        k.fields.should_include "additional_info"
+    end
+
+    specify "fields can be private or visible" do
+        k = Keybox::AccountEntry.new("a test title", "user")
+        k.private_fields.size.should_eql 0
+        k.visible_field?("title").should_eql true
+    end
+end
+
+context "Host Account" do
+    specify "fields get set correctly" do
+        ha = Keybox::HostAccountEntry.new("a title", "host", "user", "password")
+        ha.title.should_eql "a title"
+        ha.username.should_eql "user"
+        ha.hostname.should_eql "host"
+        ha.password.should_eql "password"
+    end
+
+    specify "password is displayable, private and non-visible" do
+        ha = Keybox::HostAccountEntry.new("a title", "host", "user", "password")
+        ha.display_fields.should_include "password"
+        ha.private_fields.should_include "password"
+        ha.visible_fields.should_not_include "password"
+    end
+end
+
+context "URL Account" do
+    specify "fields get set correctly" do
+        urla = Keybox::URLAccountEntry.new("url title", "http://www.example.com", "someuser")
+        urla.title.should_eql "url title"
+        urla.url.should_eql "http://www.example.com"
+        urla.username.should_eql "someuser"
+    end
+
+    specify "password hash is used" do
+        container = Keybox::Storage::Container.new("i love ruby", "/tmp/junk.yml")
+        urla = Keybox::URLAccountEntry.new("url title", "http://www.example.com", "someuser")
+        container << urla
+        urla.password.should_eql "589c0d91d"
+    end
+
+    specify "there is no password storage field, but there a private password field" do
+        urla = Keybox::URLAccountEntry.new("url title", "http://www.example.com", "someuser")
+        urla.fields.should_not_include "password"
+        urla.private_fields.should_include "password"
+        urla.private_field?("password").should_eql true
+    end
+
+end
+                                          

data/spec/keybox_app_spec.rb

@@ -0,0 +1,268 @@
+require 'tempfile'
+require 'keybox'
+require 'keybox/application/password_safe'
+
+context "Keybox Password Safe Application" do
+    setup do 
+
+        @passphrase = "i love ruby"
+        @testing_db = Tempfile.new("kps_db.yml")
+        @testing_cfg = Tempfile.new("kps_cfg.yml")
+        @path = @testing_db.path
+        container = Keybox::Storage::Container.new(@passphrase, @testing_db.path)
+        container << Keybox::HostAccountEntry.new("test account","localhost","guest", "rubyrocks")
+        container << Keybox::URLAccountEntry.new("example site", "http://www.example.com", "rubyhacker")
+        container.save
+        container.save("/tmp/jjh-db.yml")
+
+        @import_csv = Tempfile.new("keybox_import.csv")
+        @import_csv.puts "title,hostname,username,password,additional_info"
+        @import_csv.puts "example host,host.example.com,guest,mysecretpassword,use this account only for honeybots"
+        @import_csv.puts "example site,http://www.example.com,guest,mywebpassword,web forum login"
+        @import_csv.close
+
+        @bad_import_csv = Tempfile.new("keybox_bad_header.csv")
+        # missing a valid header
+        @bad_import_csv.puts "title,host,username,password,additional_info"
+        @bad_import_csv.puts "example host,host.example.com,guest,mysecretpassword,use this account only for honeybots"
+        @bad_import_csv.puts "example site,http://www.example.com,guest,mywebpassword,web forum login"
+
+        @export_csv = Tempfile.new("keybox_export.csv")
+
+    end
+
+    teardown do
+        @testing_db.unlink
+        @testing_cfg.unlink
+        @import_csv.unlink
+        @bad_import_csv.unlink
+        @export_csv.unlink
+    end
+
+    specify "nil argv should do nothing" do
+        kps = Keybox::Application::PasswordSafe.new
+        kps.error_message.should_be nil
+    end
+
+    specify "executing with no args should have output on stdout" do
+        kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path])
+        kps.stdout = StringIO.new
+        kps.stdin  = StringIO.new(@passphrase)
+        kps.run
+        kps.stdout.string.size.should_be > 0
+    end
+
+    specify "general options get set correctly" do
+        kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path, "--debug", "--no-use-hash-for-url"])
+        kps.merge_options
+        kps.options.db_file.should_eql @testing_db.path
+        kps.options.config_file.should_eql @testing_cfg.path
+        kps.options.debug.should_eql true
+        kps.options.use_password_hash_for_url.should_eql false
+    end
+
+    specify "more than one command options is an error" do
+        kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path, "--add", "account", "--edit", "account"])
+        kps.stderr = StringIO.new
+        kps.stdout = StringIO.new
+        begin
+            kps.run
+        rescue SystemExit => se
+            kps.error_message.should_satisfy { |msg| msg =~ /Only one of/m }
+            kps.stderr.string.should_satisfy { |msg| msg =~ /Only one of/m }
+            se.status.should_eql 1
+        end
+    end
+
+    specify "space separated words are okay for names" do
+        kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path, "--add", "An Example"])
+        kps.stderr = StringIO.new
+        kps.stdout = StringIO.new
+        prompted_values = [@passphrase, "An example"] + %w(example.com someuser apassword apassword noinfo yes)
+        kps.stdin  = StringIO.new(prompted_values.join("\n"))
+        kps.run
+        kps.db.records.size.should_eql 3
+    end
+
+
+    specify "invalid options set the error message, exit 1 and have output on stderr" do
+        kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path,"--invalid-option"])
+        kps.stderr = StringIO.new
+        kps.stdout = StringIO.new
+        begin
+            kps.run
+        rescue SystemExit => se
+            kps.error_message.should_satisfy { |msg| msg =~ /Try.*--help/m }
+            kps.stderr.string.should_satisfy { |msg| msg =~ /Try.*--help/m }
+            kps.stdout.string.size.should_eql 0
+            se.status.should == 1
+        end
+    end
+
+    specify "help has output on stdout and exits 0" do
+        kps = Keybox::Application::PasswordSafe.new(["--h"]) 
+        kps.stdout = StringIO.new
+        begin
+            kps.run
+        rescue SystemExit => se
+            se.status.should_eql 0
+            kps.stdout.string.length.should_be > 0
+        end
+    end
+
+    specify "version has output on stdout and exits 0" do
+        kps = Keybox::Application::PasswordSafe.new(["--ver"]) 
+        kps.stdout = StringIO.new
+        begin
+            kps.run
+        rescue SystemExit => se
+            se.status.should_eql 0
+            kps.stdout.string.length.should_be > 0
+        end
+    end
+    
+    specify "prompted for password twice to create database initially" do
+        File.unlink(@testing_db.path)
+        kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path])
+        kps.stdout = StringIO.new
+        kps.stdin  = StringIO.new([@passphrase,@passphrase].join("\n"))
+        kps.run
+        kps.db.records.size.should_eql 0
+        kps.stdout.string.should_satisfy { |msg| msg =~ /Creating initial database./m }
+        kps.stdout.string.should_satisfy { |msg| msg =~ /Initial Password for/m }
+    end
+
+    specify "file can be opened with password" do
+        kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path])
+        kps.stdout = StringIO.new
+        kps.stdin  = StringIO.new(@passphrase + "\n")
+        kps.run
+        kps.db.records.size.should_eql 2
+    end
+
+    specify "adding an entry to the database works" do
+        kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path, "--add", "example.com"])
+        kps.stdout = StringIO.new
+        prompted_values = [@passphrase] + %w(example.com example.com someuser apassword apassword noinfo yes)
+        kps.stdin  = StringIO.new(prompted_values.join("\n"))
+        kps.run
+        kps.db.records.size.should_eql 3
+    end
+
+    specify "editing an entry in the database works" do
+        kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path, "--edit", "localhost"])
+        kps.stdout = StringIO.new
+        prompted_values = [@passphrase] + %w(yes example.com example.com someother anewpassword anewpassword someinfo yes)
+        kps.stdin  = StringIO.new(prompted_values.join("\n"))
+        kps.run
+        kps.db.records.size.should_eql 2
+        kps.db.find("someother")[0].additional_info.should_eql "someinfo"
+    end
+
+    specify "add a url entry to the database" do
+        kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path, "--use-hash-for-url", "--add", "http://www.example.com"])
+        kps.stdout = StringIO.new
+        prompted_values = [@passphrase] + %w(www.example.com http://www.example.com someuser noinfo yes)
+        kps.stdin  = StringIO.new(prompted_values.join("\n"))
+        kps.run
+        kps.db.records.size.should_eql 3
+    end
+
+    specify "double prompting on failed password for entry to the database works" do
+        kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path, "--add", "example.com"])
+        kps.stdout = StringIO.new
+        prompted_values = [@passphrase, ""] + %w(example.com someuser apassword abadpassword abcdef abcdef noinfo yes)
+        kps.stdin  = StringIO.new(prompted_values.join("\n"))
+        kps.run
+        kps.db.records.size.should_eql 3
+    end
+
+    specify "able to delete an entry" do
+        kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path, "--delete", "example"])
+        kps.stdout = StringIO.new
+        prompted_values = [@passphrase] + %w(Yes)
+        kps.stdin = StringIO.new(prompted_values.join("\n"))
+        kps.run
+        kps.db.records.size.should_eql 1
+        kps.stdout.string.should_satisfy { |msg| msg =~ /example' deleted/ }
+    end
+
+    specify "able to cancel deletion" do
+        kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path, "--delete", "example"])
+        kps.stdout = StringIO.new
+        prompted_values = [@passphrase] + %w(No)
+        kps.stdin = StringIO.new(prompted_values.join("\n"))
+        kps.run
+        kps.db.records.size.should_eql 2
+        kps.stdout.string.should_satisfy { |msg| msg =~ /example' deleted/ }
+    end
+
+    specify "list all the entries" do
+        kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path, "--list"])
+        kps.stdout = StringIO.new
+        kps.stdin = StringIO.new(@passphrase)
+        kps.run
+        kps.stdout.string.should_satisfy { |msg| msg =~ /2./m }
+    end
+
+    specify "listing no entries found" do
+        kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path, "--list", "nothing"])
+        kps.stdout = StringIO.new
+        kps.stdin = StringIO.new(@passphrase)
+        kps.run
+        kps.stdout.string.should_satisfy { |msg| msg =~ /No matching records were found./ }
+    end
+
+    specify "showing no entries found" do
+        kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path, "--show", "nothing"])
+        kps.stdout = StringIO.new
+        kps.stdin = StringIO.new(@passphrase)
+        kps.run
+        kps.stdout.string.should_satisfy { |msg| msg =~ /No matching records were found./ }
+    end
+
+
+    specify "show all the entries" do
+        kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path, "--show"])
+        kps.stdout = StringIO.new
+        kps.stdin = StringIO.new(@passphrase)
+        kps.run
+        kps.stdout.string.should_satisfy { |msg| msg =~ /2./m }
+    end
+
+    specify "changing master password works" do
+        kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path, "--master-password"])
+        kps.stdout = StringIO.new
+        kps.stdin  = StringIO.new([@passphrase, "I really love ruby.", "I really love ruby."].join("\n"))
+        kps.run
+        kps.stdout.string.should_satisfy { |msg| msg =~ /New master password set/m }
+    end
+
+    specify "importing from a valid csv file" do
+        kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path,"-i", @import_csv.path])
+        kps.stdout = StringIO.new
+        kps.stdin  = StringIO.new([@passphrase, @passphrase].join("\n"))
+        kps.run
+        kps.stdout.string.should_satisfy { |msg| msg =~ /Imported \d* records from/m }
+    end
+
+    specify "Error message give on invalid imported csv" do
+        kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path,"-i", @bad_import_csv.path])
+        kps.stdout = StringIO.new
+        kps.stdin  = StringIO.new([@passphrase, @passphrase].join("\n"))
+        begin
+            kps.run
+        rescue SystemExit => se
+            kps.stdout.string.should_satisfy { |msg| msg =~ /Error: There must be a header on the CSV /m }
+            se.status.should_eql 1
+        end
+    end
+
+    specify "able to export to a csv" do
+        kps = Keybox::Application::PasswordSafe.new(["-f", @testing_db.path, "-c", @testing_cfg.path,"-x", @export_csv.path])
+        kps.stdout = StringIO.new
+        kps.stdin  = StringIO.new([@passphrase, @passphrase].join("\n"))
+        kps.run
+        kps.stdout.string.should_satisfy { |msg| msg =~ /Exported \d* records to/m }
+    end
+end