obfuskit 0.2.1 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f13c1d6e89c565ef55077edab6aeadaf16396a142887df8ccb8fc9e4c1939177
-  data.tar.gz: 281bc1d8a5517df52e6f71af31edd5430d52abc5f1a01e953b431c3c5f8f4cee
+  metadata.gz: 07c3f052a3c4ff566890a9cb72099b7f2cc9f6eab79a865b58e2de901d0963c5
+  data.tar.gz: 93b42f3091775a71366b4f70e93ef42114f08f5eddcd0275225f0e0d14f99464
 SHA512:
-  metadata.gz: 30d4652e43f1440ffc36b7c90541523719d0f7bb21f8d5d405571b1021f7f763ad6f4963ad2fb8e44532af1e47a9d72da547464b028369351aa512a955982532
-  data.tar.gz: 7fe5c1cfe3eaaf5ff2a11d0fd8d40d023bf4ccf6f8a2aefee2d77288437161e8975651697ee60ca1e5bbf2930a98e5328512cf2dafba34e08eb49ed107612561
+  metadata.gz: 337aaf034bf4afb7d41168254472376646876aa0e30ee609256f94c3cdf7c0974e83a2853f383bcfea719aceab0c5b2cde17bf8c90e1206a9dd78329b3caae1f
+  data.tar.gz: 83047860687ac6ab90b77958495deb0c06f20f676730a5d53199798340ef0b0102795fe065c6ef9696183435acd29c59e936363a60505c5c1d898d390aecf3a9

data/README.md

@@ -1,22 +1,41 @@
 # ObfusKit
-
-ObfusKit is a ruby script to generate obfuscated secrets for `Swift` and `Kotlin`.
+ObfusKit is a ruby script that generates obfuscated secrets for `Swift` and `Kotlin`.
 
 ## Installation and usage
 
 Install the latest version of the gem using:
 
-```
+```sh
 gem install obfuskit
 ```
 
-To generate Swift code run the following command:
+Call `obfuskit -h` for help.
 
 ```sh
-obfuskit swift SECRET_1 SECRET_2 > generated.swift
+Usage: obfuskit [options]
+
+Specific options:
+    -l, --language [LANGUAGE]        Output language (swift, kotlin). Kotlin requires a package parameter.
+    -k SECRET_1,SECRET_2,SECRET_3,   List of environment variable keys
+        --keys
+    -p, --package [PACKAGE]          Package name for Kotlin
+    -t, --type [TYPE]                Output type name. Defaults to `ObfusKit`
+    -e, --env [PATH]                 Path to an alternative .env file
+
+Common options:
+    -h, --help                       Show this message
+    -v, --version                    Show version
 ```
 
-It will will create the file `generated.swift` containing an obfuscated version of the environment variables `SECRET_1` and `SECRET_2`. 
+### Swift
+
+To generate Swift code, run the following command:
+
+```sh
+obfuskit -l swift -k SECRET_1,SECRET_2 > generated.swift
+```
+
+It will create the file `generated.swift` containing an obfuscated version of the environment variables `SECRET_1` and `SECRET_2`. 
 This file should be excluded from the git repository and generated at build time. 
 The obfuscation salt is regenerated for each run.
 
@@ -30,14 +49,15 @@ enum ObfusKit {
 	private class _3f3eccd2e5ea46b39738e5502bda6bef { }
 	private static let _o = O(String(describing: _3f3eccd2e5ea46b39738e5502bda6bef.self))
 }
-
-struct O { private let c: [UInt8]; private let l: Int; init(_ s: String) { self.init([UInt8](s.utf8)) }; init(_ c: [UInt8]) { self.c = c; l = c.count }; @inline(__always) func o(_ v: String) -> [UInt8] { [UInt8](v.utf8).enumerated().map { $0.element ^ c[$0.offset % l] } }; @inline(__always) func r(_ value: [UInt8]) -> String { String(bytes: value.enumerated().map { $0.element ^ c[$0.offset % l] }, encoding: .utf8) ?? "" } }
+// ...
 ```
 
-The same concept applies for the `kotlin` language using:
+### Kotlin 
+
+The same concept applies to the Kotlin language using:
 
 ```sh
-obfuskit kotlin com.myapp.configuration.environment SECRET_1 SECRET_2 > generated.kt
+obfuskit -l kotlin -p com.myapp.configuration.environment -k SECRET_1,SECRET_2 > generated.kt
 ```
 It will create the Kotlin version `generated.kt`.
 
@@ -51,15 +71,31 @@ object ObfusKit {
         val SECRET_1: String = _o.r(byteArrayOf(30, 116, 118, 115, 119, 119, 116))
         val SECRET_2: String = _o.r(byteArrayOf(24, 112, 112, 115, 113, 115, 114))
 }
+// ...
+```
+
+#### Android Code shrinking and Obfuscation
+Proguard/R8 changes class names and method names. This will break revealing secrets at run time.
+To prevent this, add the according rules to your `proguard-rules.pro` file or use the `--keep-annotation` parameter to inject a custom annotation like `@androidx.annotation.Keep` into the generated code.
 
-class O{private val a:ByteArray;private val b:Int;constructor(s:String){a=s.toByteArray(Charsets.UTF_8);b=a.size};fun o(v:String):ByteArray{val d=v.toByteArray(Charsets.UTF_8);return ByteArray(d.size){i->(d[i].toInt() xor a[i%b].toInt()).toByte()}};fun r(value:ByteArray):String{return String(ByteArray(value.size){i->(value[i].toInt() xor a[i%b].toInt()).toByte()},Charsets.UTF_8)}}
+For example:
 
+```sh
+obfuskit -l kotlin -p com.myapp.configuration.environment -k SECRET_1,SECRET_2 --keep-annotation @androidx.annotation.Keep > generated.kt
+```
+
+### Use a custom .env file location
+
+Use the `-e` option to define the path to a different `.env` file, e.g., if you want to reuse the `fastlane/.env` file.
+
+```sh
+obfuskit -l swift -k SECRET_3,SECRET_4 -e fastlane/.env > generated.swift
 ```
 
 ## Features
 - [x] Generate Swift
 - [x] Generate Kotlin
-- [x] Read secrets from the Environment 
+- [x] Read Secrets from the Environment 
 - [x] Add dynamic salt for obfuscation
 - [x] Support for .env files
 - [x] Use template engine for code generation

data/lib/obfuskit/generator.rb

@@ -1,79 +1,62 @@
 # frozen_string_literal: true
 require_relative 'obfuscator'
+require_relative 'options_parser'
 require 'securerandom'
 require 'dotenv'
 require 'erb'
-
-module Language
-  SWIFT = "Swift"
-  KOTLIN = "Kotlin"
-end
+require 'optparse'
 
 module Obfuskit
 
   class Generator
 
-    def generate()
+    def generate
 
-      Dotenv.load
-      args = ARGV
-      language_key = args.shift.downcase
+      parser = OptionsParser.new
+      options = parser.parse(ARGV)
 
-      language_map = {
-        "swift" => Language::SWIFT,
-        "kotlin" => Language::KOTLIN,
-        "kt" => Language::KOTLIN
-      }
+      Dotenv.load(options.dot_env_file_path)
 
-      if language_key != nil && language_map.key?(language_key)
+      if !options.output_language.nil? && options.env_var_keys.length.positive?
 
         salt = SecureRandom.uuid.to_s.gsub("-", "")
         obfuscator = Obfuscator.new("_" + salt)
 
-        case language_map[language_key]
-        when Language::SWIFT
-          puts generate_swift(args, obfuscator)
+        values = obfuscated_values_from_env(options.env_var_keys, obfuscator)
+
+        if options.output_language == :swift
+          puts generate_with_template("swift", values, nil, options.output_type_name, obfuscator, options.keep_annotation)
+
+        elsif options.output_language == :kotlin && !options.package_name.nil?
+          puts generate_with_template("kotlin", values, options.package_name, options.output_type_name, obfuscator, options.keep_annotation)
 
-        when Language::KOTLIN
-          puts generate_kotlin(args, obfuscator)
+        else
+        STDERR.puts parser.parse(%w[--help])
         end
 
       else
-        STDERR.puts "Please specify a valid language."
+        STDERR.puts parser.parse(%w[--help])
       end
     end
 
     private
 
-    def generate_swift(args, obfuscator)
-      values = obfuscated_values_from_env(args, obfuscator)
-      generate_with_template("swift", values, nil, obfuscator)
-    end
-
-    def generate_kotlin(args, obfuscator)
-      package = args.shift
-      if package == nil
-        STDERR.puts "No package name provided."
-      else
-        values = obfuscated_values_from_env(args, obfuscator)
-        generate_with_template("kotlin", values, package, obfuscator)
-      end
-    end
-
     def obfuscated_values_from_env(args, obfuscator)
-      args.map { |name|
-        ENV[name] != nil ? [name, obfuscator.obfuscate(ENV[name])] : nil
-      }.compact.to_h
+      args.map do |name|
+        !ENV[name].nil? ? [name, obfuscator.obfuscate(ENV[name])] : nil
+      end.compact.to_h
     end
 
-    def generate_with_template(template_name, values, package, obfuscator)
+    def generate_with_template(template_name, values, package, type_name, obfuscator, keep_annotation)
       file = File.expand_path("templates/#{template_name}.erb", __dir__)
       template = ERB.new(File.read(file), trim_mode: "-")
       template.result_with_hash(
         values: values,
         package: package,
-        salt: obfuscator.salt
-      )
+        type_name: type_name,
+        salt: obfuscator.salt,
+        keep_annotation: keep_annotation
+        )
     end
 
   end

data/lib/obfuskit/options_parser.rb

@@ -0,0 +1,105 @@
+# frozen_string_literal: true
+require 'optparse'
+
+class OptionsParser
+  class ScriptOptions
+
+    attr_accessor :output_language, :env_var_keys, :package_name, :output_type_name, :dot_env_file_path, :keep_annotation
+
+    def initialize
+      self.output_language = nil
+      self.env_var_keys = []
+      self.package_name = nil
+      self.output_type_name = "ObfusKit"
+      self.dot_env_file_path = ".env"
+      self.keep_annotation = nil
+    end
+
+    def define_options(parser)
+      parser.banner = "Usage: obfuskit [options]"
+      parser.separator ""
+      parser.separator "Specific options:"
+
+      # add additional options
+      output_language_option(parser)
+      env_var_keys_option(parser)
+      package_name_option(parser)
+      output_type_name_option(parser)
+      dot_env_file_path_options(parser)
+      keep_annotation_options(parser)
+
+      parser.separator ""
+      parser.separator "Common options:"
+      # No argument, shows at tail.  This will print an options summary.
+      # Try it and see!
+      parser.on_tail("-h", "--help", "Show this message") do
+        puts parser
+        exit
+      end
+
+      # Another typical switch to print the version.
+      parser.on_tail("-v", "--version", "Show version") do
+        puts Obfuskit::VERSION
+        exit
+      end
+
+    end
+
+    private
+
+    def output_language_option(parser)
+      parser.on("-l", "--language [LANGUAGE]", [:swift, :kotlin],
+                "Output language (swift, kotlin). Kotlin requires a package parameter.") do |t|
+        self.output_language = t
+      end
+    end
+
+    def env_var_keys_option(parser)
+      parser.on("-k", "--keys SECRET_1,SECRET_2,SECRET_3", Array, "List of environment variable keys") do |list|
+        self.env_var_keys = list
+      end
+    end
+
+    def package_name_option(parser)
+      parser.on("-p", "--package [PACKAGE]", "Package name for Kotlin") do |value|
+        self.package_name = value
+      end
+    end
+
+    def output_type_name_option(parser)
+      parser.on("-t", "--type [TYPE]", "Output type name. Defaults to `ObfusKit`") do |value|
+        self.output_type_name = value
+      end
+    end
+
+    def dot_env_file_path_options(parser)
+      parser.on("-e", "--env [PATH]", "Path to an alternative .env file") do |value|
+        self.dot_env_file_path = value
+      end
+    end
+
+    def keep_annotation_options(parser)
+      parser.on("--keep-annotation [Annotation]", "Annotation to prevent key class obfuscation. e.g. @androidx.annotation.Kee
+") do |value|
+        self.keep_annotation = value
+      end
+    end
+  end
+
+  #
+  # Return a structure describing the options.
+  #
+  def parse(args)
+    # The options specified on the command line will be collected in
+    # *options*.
+
+    @options = ScriptOptions.new
+    OptionParser.new do |parser|
+      @options.define_options(parser)
+      parser.parse!(args)
+    end
+    @options
+  end
+
+  attr_reader :parser, :options
+end  # class OptionsParser

data/lib/obfuskit/templates/kotlin.erb

@@ -1,7 +1,8 @@
 package <%= package %>
 
-public object ObfusKit {
+public object <%= type_name %> {
   private val _o = O(<%= salt %>::class.java.simpleName)
+  <%= keep_annotation unless keep_annotation.nil? %>
   private class <%= salt %>
 
 <% values.each do |name, values| -%>

data/lib/obfuskit/templates/swift.erb

@@ -1,6 +1,6 @@
 import Foundation
 
-public enum ObfusKit {
+public enum <%= type_name %> {
 <% values.each do |name, values| -%>
   public static let <%= name %>: String = _o.r([<%= values.map { |i| i.to_s }.join(', ') %>])
 <% end -%>

data/lib/obfuskit/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Obfuskit
-  VERSION = "0.2.1"
+  VERSION = "0.4.0"
 end

data/sig/obfuskit/generator.rbs

@@ -3,9 +3,9 @@ module Obfuskit
     def generate: -> void
 
     private
-    def generate_kotlin: ([String], Obfuscator) -> String
-    def generate_swift: ([String], Obfuscator) -> String
+    def generate_kotlin: ([String], String, Obfuscator) -> String
+    def generate_swift: ([String], String, Obfuscator) -> String
     def obfuscated_values_from_env: ([String], Obfuscator) -> Hash[String, [Integer]]
-    def generate_with_template: (String, Hash[String, [Integer]], String, Obfuscator) -> String
+    def generate_with_template: (String, Hash[String, [Integer]], String?, String, Obfuscator) -> String
   end
 end

data/sig/obfuskit/options_parser.rbs

@@ -0,0 +1,6 @@
+class OptionsParser
+  attr_reader options: ScriptOptions
+  attr_reader parser: OptionsParser
+
+  def parse: -> ScriptOptions
+end

data/sig/options_parser/script_options.rbs

@@ -0,0 +1,22 @@
+module OptionsParser
+  class ScriptOptions
+    attr_accessor dot_env_file_path: String
+    attr_accessor dot_env_file_paths: [String]
+    attr_accessor env_var_keys: [String]
+    attr_accessor keep_annotation: String?
+    attr_accessor output_language: String?
+    attr_accessor output_type_name: String
+    attr_accessor package_name: String?
+
+    def define_options: -> void
+
+    private
+
+    def dot_env_file_path_options: -> OptionParser
+    def env_var_keys_option: -> OptionParser
+    def keep_annotation_options: -> OptionParser
+    def output_language_option: -> OptionParser
+    def output_type_name_option: -> OptionParser
+    def package_name_option: -> OptionParser
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: obfuskit
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.4.0
 platform: ruby
 authors:
 - Martin Gratzer
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-02-19 00:00:00.000000000 Z
+date: 2024-04-22 00:00:00.000000000 Z
 dependencies: []
 description: Generate Swift and Kotlin files with obfuscated environment variables.
 email: mgratzer@gmail.com
@@ -23,13 +23,15 @@ files:
 - exe/obfuskit
 - lib/obfuskit/generator.rb
 - lib/obfuskit/obfuscator.rb
+- lib/obfuskit/options_parser.rb
 - lib/obfuskit/templates/kotlin.erb
 - lib/obfuskit/templates/swift.erb
 - lib/obfuskit/version.rb
-- obfuskit.gemspec
 - sig/obfuskit.rbs
 - sig/obfuskit/generator.rbs
 - sig/obfuskit/obfuscator.rbs
+- sig/obfuskit/options_parser.rbs
+- sig/options_parser/script_options.rbs
 homepage: https://github.com/mgratzer/obfuskit
 licenses:
 - MIT

data/obfuskit.gemspec

@@ -1,30 +0,0 @@
-# frozen_string_literal: true
-
-require_relative "lib/obfuskit/version"
-
-Gem::Specification.new do |s|
-    s.name        = "obfuskit"
-    s.version     = Obfuskit::VERSION
-    s.summary     = "Environment variable obfuscation for Swift and Kotlin."
-    s.description = "Generate Swift and Kotlin files with obfuscated environment variables."
-    s.authors     = ["Martin Gratzer"]
-    s.email       = "mgratzer@gmail.com"
-    s.homepage    =
-      "https://github.com/mgratzer/obfuskit"
-    s.license       = "MIT"
-    s.executables << "obfuskit"
-    s.required_ruby_version = ">= 3.0.0"
-    s.metadata["homepage_uri"] = s.homepage
-
-    # Specify which files should be added to the gem when it is released.
-    # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
-    s.files = Dir.chdir(__dir__) do
-        `git ls-files -z`.split("\x0").reject do |f|
-            (File.expand_path(f) == __FILE__) ||
-              f.start_with?(*%w[bin/ test/ spec/ features/ .git .github appveyor Gemfile])
-        end
-    end
-    s.bindir = "exe"
-    s.executables = s.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
-    s.require_paths = ["lib"]
-  end