nobspw 0.5.1 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a69bacd3f3f32acf44341c98cc21d7680a46638d6404b62e51ebe1ec09170a26
-  data.tar.gz: 84cf94ef83bad08505f3563f54fe3f1cebb8b87ef7583f26a47e525b2d6a2baf
+  metadata.gz: 061211b1866c17a90bd78bbb371e862c1a977c69ea168a01ac1fbab714fcde23
+  data.tar.gz: f9b54a073ac61f81450acb7213ff73f63a1d5835df7f3e9f819f076f0de935d1
 SHA512:
-  metadata.gz: a3b89294eb061d12bbce3d2e69554598993c84e61fd54e352a16cbaaf298df86d3755e05ab2acaa52d19525f4580d72db947dacbc34cbb17f3e215a8bd8f560b
-  data.tar.gz: 9c5d5c21fcf1dbdbbab22081e0cd263d5acd0949dc32216c5d2aae3d60e6aea65f0b16729b29ad4011d49ad7cb9a693c76deb70cbb4cefce7fd897da0774ed6e
+  metadata.gz: aa07f2332b6ffe8952be7b28aca35978267a735afc8a72dd35f32fb4135e08fd9593653f90981aea8fef91c6a7c45b07e255058f65488831aa1050534e1aee16
+  data.tar.gz: 976fadf800426c97e8824990457283afc32f7027ac1cf627e7fb7be7e132b220d29b859468c917c3cc29be9bfd57188561c40e16e0c5683ec6aaef54d3643193

data/README.md

@@ -60,6 +60,7 @@ Optionally, you can configure some options:
     config.min_unique_characters = 5
     config.dictionary_path = 'path/to/dictionary.txt'
     config.grep_path = '/usr/bin/grep'
+    config.use_ruby_grep = false # Defaults to false; slower when true. Uses Ruby's internal Grep method instead of shelling out.
     config.domain_name = 'mywebsitedomain.com' # it is recommended you configure this
     config.blacklist = ['this_password_is_not_allowed', /password/]
   end

data/lib/nobspw/configuration.rb

@@ -5,6 +5,7 @@ module NOBSPW
     attr_accessor :min_unique_characters
     attr_accessor :dictionary_path
     attr_accessor :grep_path
+    attr_accessor :use_ruby_grep
     attr_accessor :domain_name
     attr_accessor :blacklist
     attr_accessor :validation_methods
@@ -16,6 +17,7 @@ module NOBSPW
       @min_unique_characters    = 5
       @dictionary_path          = File.join(File.dirname(__FILE__), "..", "db", "dictionary.txt")
       @grep_path                = `which grep`.strip
+      @use_ruby_grep            = !@grep_path.present?
       @domain_name              = nil
       @blacklist                = nil
       @validation_methods       = NOBSPW::ValidationMethods::DEFAULT_VALIDATION_METHODS

data/lib/nobspw/password_checker.rb

@@ -37,10 +37,5 @@ module NOBSPW
 
       @strong = @weak_password_reasons.empty?
     end
-
-    def grep_command(path)
-      escaped_pw = Shellwords.escape(@password)
-      "#{NOBSPW.configuration.grep_path} '^#{escaped_pw}$' #{path}"
-    end
   end
 end

data/lib/nobspw/validation_methods.rb

@@ -1,3 +1,6 @@
+require 'shellwords'
+require 'open3'
+
 module NOBSPW
   module ValidationMethods
     DEFAULT_VALIDATION_METHODS = %i(password_empty?
@@ -12,6 +15,8 @@ module NOBSPW
                                     password_too_common?)
 
     INTERRUPT_VALIDATION_FOR   = %i(password_empty?)
+    STDIN_GREP_COMMAND         = ['/usr/bin/grep', '-m 1', '-f', '/dev/stdin',
+                                  NOBSPW.configuration.dictionary_path]
 
     private
 
@@ -81,22 +86,27 @@ module NOBSPW
     end
 
     def password_too_common?
-      `#{grep_command(NOBSPW.configuration.dictionary_path)}`
-
-      case $?.exitstatus
-      when 0
-        true
-      when 1
-        false
-      when 127
-        raise StandardError.new("Grep not found at: #{NOBSPW.configuration.grep_path}")
-      else
-        false
-      end
+      NOBSPW.configuration.use_ruby_grep ? ruby_grep : shell_grep
     end
 
     # Helper methods
 
+    def shell_grep
+      raise StandardError.new("Grep not found at: #{NOBSPW.configuration.grep_path}") \
+        if !File.exist?(NOBSPW.configuration.grep_path)
+
+      output = Open3.popen3(STDIN_GREP_COMMAND.join(" "), out: '/dev/null') { |stdin, stdout, stderr, wait_thr|
+        stdin.puts "^#{excaped_password}$"
+        stdin.close
+        wait_thr.value
+      }
+      output.success?
+    end
+
+    def ruby_grep
+      File.open(NOBSPW.configuration.dictionary_path).grep(/^#{escaped_password}$/).present?
+    end
+
     def email_without_extension(email)
       name, domain, whatev = email&.split("@", 3)
       "#{name}@#{strip_extension_from_domain(domain)}"
@@ -110,5 +120,8 @@ module NOBSPW
       str&.gsub(/-|_|\.|\'|\"|\@/, ' ')
     end
 
+    def escaped_password(password = @password)
+      Shellwords.escape(password)
+    end
   end
 end

data/lib/nobspw/version.rb

@@ -1,3 +1,3 @@
 module NOBSPW
-  VERSION = '0.5.1'
+  VERSION = '0.6.0'
 end

data/misc/grep_benchmark.rb

@@ -2,22 +2,72 @@
 
 require 'benchmark'
 require 'shellwords'
+require 'open3'
+require 'subprocess'
+
+ITERATIONS         = 100
+DICTIONARY_PATH    = File.join(File.dirname(__FILE__), '..', 'lib/db/dictionary.txt')
+STDIN_GREP_COMMAND = ['/usr/bin/grep', '-m 1', '-f', '/dev/stdin', DICTIONARY_PATH]
 
 password = 'swordfish'
-dictionary_path = File.join(File.dirname(__FILE__), '..', 'lib/db/dictionary.txt')
 
-def shell_grep(password, dictionary)
+def shell_grep(password)
   password = Shellwords.escape(password)
-	"/usr/bin/grep '^#{password}$' #{dictionary}"
+  `/usr/bin/grep -m 1 '^#{password}$' #{DICTIONARY_PATH}`
   $?.exitstatus == 0
 end
 
-Benchmark.bm do |benchmark|
-  benchmark.report("Ruby") do
-    25.times { File.open(dictionary_path).grep(/^#{password}$/) }
+def shell_grep_open3(password)
+  password = Shellwords.escape(password)
+
+  output = Open3.popen3(STDIN_GREP_COMMAND.join(" "), out: '/dev/null') { |stdin, stdout, stderr, wait_thr|
+    stdin.puts "^#{password}$"
+    stdin.close
+    wait_thr.value
+  }
+  output.success?
+end
+
+def shell_grep_subprocess(password)
+  password = Shellwords.escape(password)
+
+  Subprocess.check_call(STDIN_GREP_COMMAND, stdin: Subprocess::PIPE, stdout: '/dev/null') do |p|
+    p.communicate("^#{password}$")
+  end
+  true
+rescue Subprocess::NonZeroExit
+  false
+end
+
+def ruby_grep(password)
+  File.open(DICTIONARY_PATH).grep(/^#{password}$/)
+end
+
+def ruby_loop(password)
+  File.open(DICTIONARY_PATH).read_line do |l|
+    return true if l.match?(/^#{password}$/)
   end
+  false
+end
 
+Benchmark.bm(17) do |benchmark|
   benchmark.report("Shell") do
-    25.times { shell_grep(password, dictionary_path) }
+    ITERATIONS.times { shell_grep(password) }
+  end
+
+  benchmark.report("Ruby Grep") do
+    ITERATIONS.times { ruby_grep(password) }
+  end
+
+  benchmark.report("Ruby Loop") do
+    ITERATIONS.times { ruby_grep(password) }
   end
-end
+
+  benchmark.report("Open3 stdin") do
+    ITERATIONS.times { shell_grep_open3(password) }
+  end
+
+  benchmark.report("Subprocess stdin") do
+    ITERATIONS.times { shell_grep_subprocess(password) }
+  end
+end

data/nobspw.gemspec

@@ -29,6 +29,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "guard-rspec", "~> 4.7.3"
   spec.add_development_dependency "activemodel", "~> 5.0"
   spec.add_development_dependency "i18n", "~> 0.8.1"
+  spec.add_development_dependency "subprocess"
   spec.add_development_dependency "byebug"
 
   if RUBY_PLATFORM =~ /darwin/

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: nobspw
 version: !ruby/object:Gem::Version
-  version: 0.5.1
+  version: 0.6.0
 platform: ruby
 authors:
 - Carl Mercier
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-02-21 00:00:00.000000000 Z
+date: 2019-02-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -122,6 +122,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.8.1
+- !ruby/object:Gem::Dependency
+  name: subprocess
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement