pass-station 1.0.0

data/lib/pass_station.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+# Project internal
+require 'pass_station/source'
+require 'pass_station/parse'
+require 'pass_station/search'
+require 'pass_station/version'
+
+# Pass Station module
+module PassStation
+  # Constants
+  include Version
+
+  # Password database handling
+  class DB
+    # Get / set storage location, where will be stored the password database.
+    # @return [String] database storage location. Default to +data/+.
+    # @example
+    #   PassStation.storage_location = '/srv/downloads/'
+    attr_accessor :storage_location
+
+    # Get / set the password database name
+    # @return [String] password database filename. Default to
+    #   +DefaultCreds-Cheat-Sheet.csv+.
+    attr_accessor :database_name
+
+    # Get the password database in +CSV::Table+ format
+    # @return [CSV::Table] pasword database
+    attr_reader :data
+
+    # A new instance of Pass Station
+    def initialize
+      @storage_location = 'data/'
+      @database_name = 'DefaultCreds-Cheat-Sheet.csv'
+      @database_path = @storage_location + @database_name
+      database_exists?
+      @config = {}
+      csv_config
+      @data = nil
+      @search_result = []
+    end
+
+    # Check if the password database exists
+    # @return [Boolean] +true+ if the file exists
+    def database_exists?
+      exists = File.file?(@database_path)
+      raise "Database does not exist: #{@database_path}" unless exists
+
+      exists
+    end
+
+    protected :database_exists?
+  end
+end

data/lib/pass_station/output.rb

@@ -0,0 +1,204 @@
+# frozen_string_literal: true
+
+# Ruby internal
+require 'csv'
+require 'json'
+require 'yaml'
+# External dependencies
+require 'paint'
+
+# Pass Station module
+module PassStation
+  # Password database handling
+  class DB
+    # Output the data in the chosen format
+    # @param formatter [String] Engine to use to format the data: +table+, +'pretty-table'+, +JSON+, +CSV+, +YAML+
+    # @param data [CSV::Table]
+    # @return [Array<String>] formatted output
+    def output(formatter, data)
+      # Convert string to class
+      Object.const_get("PassStation::Output::#{normalize(formatter)}").format(data)
+    end
+
+    # Output the data in the chosen format (list command)
+    # @param formatter [String] Engine to use to format the data: +table+, +'pretty-table'+, +JSON+, +CSV+, +YAML+
+    # @return [Array<String>] formatted output
+    def output_list(formatter)
+      data_nil?
+      output(formatter, @data)
+    end
+
+    # Output the data in the chosen format (search command)
+    # @param formatter [String] Engine to use to format the data: +table+, +'pretty-table'+, +JSON+, +CSV+, +YAML+
+    # @return [Array<String>] formatted output
+    def output_search(formatter)
+      return '[-] No result' if @search_result.empty?
+
+      output(formatter, @search_result)
+    end
+
+    # Highlight (colorize) a searched term in the input
+    # When used with the search command, it will ignore in which column the
+    # search was made, and will instead colorize in every columns.
+    # @param term [String] the searched term
+    # @param text [String] the output in which the colorization must be made
+    # @param sensitive [Boolean] case sensitive or not
+    # @return [Array<String>] colorized output
+    def highlight_found(term, text, sensitive)
+      text.map do |x|
+        rgxp = build_regexp(term, sensitive: sensitive)
+        x.gsub(rgxp) { |s| Paint[s, :red] }
+      end
+    end
+
+    # Normalize string to be class name compatible
+    # Join splitted words and capitalize
+    # @param formatter [String] formatter name
+    # @return [String] normalized name (class compatible)
+    def normalize(formatter)
+      formatter.split('-').map(&:capitalize).join
+    end
+
+    protected :normalize
+  end
+
+  # Output handling module containing all formatter engines
+  # Meant to be used by the CLI binary but could be re-used in many other ways
+  module Output
+    # Simple table formatter
+    class Table
+      class << self
+        # Format the +CSV::Table+ into a simple table with justified columns
+        # @param table [CSV::Table] a +CSV::Table+
+        # @return [Array<String>] the formatted table ready to be printed
+        def format(table)
+          out = []
+          colsizes = colsizes_count(table)
+          out.push(headers(colsizes))
+          table.each do |r|
+            out.push(justify_row(r, colsizes))
+          end
+          out
+        end
+
+        # Calculate column size (max item size)
+        # @param table [CSV::Table]
+        # @param column [Symbol] the symbol of the column
+        # @return [Integer] the column size
+        def colsize_count(table, column)
+          table.map { |i| i[column].nil? ? 0 : i[column].size }.max + 1
+        end
+
+        # Calculate the size of all columns (max item size)
+        # @param table [CSV::Table]
+        # @return [Hash] keys are columns name, values are columns size
+        def colsizes_count(table)
+          colsizes = table.first.to_h.keys.each_with_object({}) do |c, h|
+            h[c] = colsize_count(table, c)
+          end
+          correct_min_colsizes(colsizes)
+        end
+
+        # Correct colsizes to be at least of the size of the headers (case when
+        # values are shorter than headers and breaks the table display)
+        # @param colsizes [Hash] hash containing the column size for each column as returned by {colsizes_count}
+        # @return [Hash] fixed colsizes, keys are columns name, values are columns size
+        def correct_min_colsizes(colsizes)
+          min_colsizes = {
+            productvendor: 14,
+            username: 9,
+            password: 9
+          }
+          min_colsizes.each_with_object({}) { |(k, v), h| h[k] = [v, colsizes[k]].max }
+        end
+
+        # Left justify an element of the column
+        # @param row [CSV::Row] +CSV::Row+
+        # @param column [Symbol] the symbol of the column
+        # @param colsizes [Hash] hash containing the column size for each column as returned by {colsizes_count}
+        # @return [String] the justified element
+        def justify(row, column, colsizes)
+          row[column].to_s.ljust(colsizes[column])
+        end
+
+        # Left justify all elements of the column
+        # @param row [CSV::Row] +CSV::Row+
+        # @param colsizes [Hash] hash containing the column size for each column as returned by {colsizes_count}
+        # @return [String] the justified row
+        def justify_row(row, colsizes)
+          out = ''
+          row.to_h.each_key do |col|
+            out += justify(row, col, colsizes)
+          end
+          out
+        end
+
+        # Generate justified headers
+        # @param colsizes [Hash] hash containing the column size for each column as returned by {colsizes_count}
+        # @return [String] the justified headers
+        def headers(colsizes)
+          colsizes.map { |k, v| k.to_s.ljust(v) }.join.to_s
+        end
+
+        protected :colsize_count, :colsizes_count, :justify, :justify_row, :headers, :correct_min_colsizes
+      end
+    end
+
+    # Pretty table with ASCII borders formatter
+    class PrettyTable < Table
+      class << self
+        # Format the +CSV::Table+ into a simple table with justified columns
+        # @param table [CSV::Table] a +CSV::Table+
+        # @return [Array<String>] the formatted table ready to be printed
+        def format(table)
+          out = []
+          colsizes = colsizes_count(table)
+          out.push(dividers(colsizes))
+          out.push(headers(colsizes))
+          out.push(dividers(colsizes))
+          table.each do |r|
+            out.push(justify_row(r, colsizes))
+          end
+          out.push(dividers(colsizes))
+        end
+
+        # Left justify an element of the column
+        # @param row [CSV::Row] +CSV::Row+
+        # @param column [Symbol] the symbol of the column
+        # @param colsizes [Hash] hash containing the column size for each column as returned by {colsizes_count}
+        # @return [String] the justified element
+        def justify(row, column, colsizes)
+          row[column].to_s.ljust(colsizes[column] - 1)
+        end
+
+        # Left justify all elements of the column
+        # @param row [CSV::Row] +CSV::Row+
+        # @param colsizes [Hash] hash containing the column size for each column as returned by {colsizes_count}
+        # @return [String] the justified row
+        def justify_row(row, colsizes)
+          out = '| '
+          row.to_h.each_key do |col|
+            out += "#{justify(row, col, colsizes)} | "
+          end
+          out
+        end
+
+        # Generate dividers
+        # @param colsizes [Hash] hash containing the column size for each column as returned by {colsizes_count}
+        # @return [String] divider line
+        def dividers(colsizes)
+          "+#{colsizes.map { |_, cs| '-' * (cs + 1) }.join('+')}+"
+        end
+
+        # Generate justified headers
+        # @param colsizes [Hash] hash containing the column size for each column as returned by {colsizes_count}
+        # @return [String] the justified headers
+        def headers(colsizes)
+          "| #{colsizes.map { |k, v| k.to_s.ljust(v - 1) }.join(' | ')} |"
+        end
+
+        protected :dividers, :headers, :justify_row, :justify
+      end
+    end
+  end
+end

data/lib/pass_station/parse.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+# Ruby internal
+require 'csv'
+
+# Pass Station module
+module PassStation
+  # Password database handling
+  class DB
+    # Register CSV converters for parsing
+    def csv_config
+      strip_converter = proc { |field| field.strip }
+      CSV::Converters[:strip] = strip_converter
+      # https://github.com/ruby/csv/issues/208
+      # @config[:strip] = true
+      # @config[:liberal_parsing] = true
+      @config[:headers] = true
+      @config[:converters] = :strip
+      @config[:header_converters] = :symbol
+      @config[:empty_value] = '<blank>'
+      @config[:nil_value] = '<blank>'
+    end
+
+    # Parse, sort and sanitize the password database
+    # @param sort [Symbol] column name to sort by: +:productvendor+, +:username+, +:password+
+    # @return [CSV::Table] table of +CSV::Row+, each row contains three
+    #   attributes: :productvendor, :username, :password
+    def parse(sort = :productvendor)
+      @data = CSV.table(@database_path, @config).sort_by do |s|
+        s[sort].downcase
+      end
+    end
+
+    protected :csv_config
+  end
+end

data/lib/pass_station/search.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+# Pass Station module
+module PassStation
+  # Password database handling
+  class DB
+    # Search term in the data table
+    # @param term [String] the searched term
+    # @param col [Symbol] the column to search in: :productvendor | :username | :password | :all (all columns)
+    # @see build_regexp for +opts+ param description
+    # @return [CSV::Table] table of +CSV::Row+, each row contains three
+    #   attributes: :productvendor, :username, :password
+    def search(term, col, opts = {})
+      r1 = prepare_search(term, opts)
+      condition = column_selector(col, r1)
+      @data.each do |row|
+        @search_result.push(row) if condition.call(row)
+      end
+      @search_result
+    end
+
+    # Choose in which column the search will be performed and build the
+    # condition to use
+    # @param col [Symbol] the column to search in: :productvendor | :username | :password | :all (all columns)
+    # @param rgxp [Regexp] the search regexp (generated by {build_regexp})
+    # @return [Proc] the proc condition to use for searching
+    def column_selector(col, rgxp)
+      proc { |row|
+        if col == :all
+          row[:productvendor].match?(rgxp) || row[:username].match?(rgxp) ||
+            row[:password].match?(rgxp)
+        else
+          row[col].match?(rgxp)
+        end
+      }
+    end
+
+    # Prepare search query
+    # Check if data available, prepare the regexp, and clean previous search
+    # results
+    # @see build_regexp for parameters and return value
+    def prepare_search(term, opts = {})
+      data_nil?
+      r1 = build_regexp(term, opts)
+      @search_result = []
+      r1
+    end
+
+    # Manage search options to build a search regexp
+    # @param term [String] the searched term
+    # @param opts [Hash] the option hash
+    # @option opts [Boolean] :sensitive is the search case sensitive, default: false
+    # @return [Regexp] the search regexp
+    def build_regexp(term, opts = {})
+      opts[:sensitive] ||= false
+      if opts[:sensitive]
+        Regexp.new(term, Regexp::EXTENDED)
+      else
+        Regexp.new(term, Regexp::EXTENDED | Regexp::IGNORECASE)
+      end
+    end
+
+    # Raise an error is data attribute is nil
+    def data_nil?
+      raise 'You must use the parse method to polutate the data attribute first' if @data.nil?
+    end
+
+    protected :build_regexp, :prepare_search, :column_selector, :data_nil?
+  end
+end

data/lib/pass_station/source.rb

@@ -0,0 +1,96 @@
+# frozen_string_literal: true
+
+# Ruby internal
+require 'net/https'
+require 'tmpdir'
+
+# Pass Station module
+module PassStation
+  # Password database handling
+  class DB
+    UPSTREAM_DATABASE = {
+      URL: 'https://raw.githubusercontent.com/ihebski/DefaultCreds-cheat-sheet/main/DefaultCreds-Cheat-Sheet.csv',
+      HASH: 'de6a9f7e7ac94fbcd142ec5817efb71d3a0027076266c87ead5158a4960ec708'
+    }.freeze
+
+    class << self
+      # Download upstream password database
+      # @param destination_path [String] the destination path (may
+      #   overwrite existing file).
+      # @param opts [Hash] the optional downlaod parameters.
+      # @option opts [String] :sha256 the SHA256 hash to check, if the file
+      #   already exist and the hash matches then the download will be skipped.
+      # @return [String|nil] the saved file path.
+      def download_upstream(destination_path, opts = {})
+        download_file(UPSTREAM_DATABASE[:URL], destination_path, opts)
+      end
+
+      # Chek if an update is available
+      # @return [Boolean] +true+ if there is, +false+ else.
+      def check_for_update
+        file = download_file(UPSTREAM_DATABASE[:URL], Dir.mktmpdir)
+        # Same hash = no update
+        !check_hash(file, UPSTREAM_DATABASE[:HASH])
+      end
+
+      # Download a file.
+      # @param file_url [String] the URL of the file.
+      # @param destination_path [String] the destination path (may
+      #   overwrite existing file).
+      # @param opts [Hash] the optional downlaod parameters.
+      # @option opts [String] :sha256 the SHA256 hash to check, if the file
+      #   already exist and the hash matches then the download will be skipped.
+      # @return [String|nil] the saved file path.
+      def download_file(file_url, destination_path, opts = {})
+        opts[:sha256] ||= nil
+
+        destination_path += '/' unless destination_path[-1] == '/'
+        uri = URI(file_url)
+        filename = uri.path.split('/').last
+        destination_file = destination_path + filename
+        # Verify hash to see if it is the latest
+        skip_download = check_hash(destination_file, opts[:sha256])
+        write_file(destination_file, fetch_file(uri)) unless skip_download
+      end
+
+      # Check if a file match a SHA256 hash
+      # @param file [String] the path of the file.
+      # @param hash [String] tha SHA256 hash to check against.
+      # @return [Boolean] if the hash of the file matched the one provided (+true+)
+      #   or not (+false+).
+      def check_hash(file, hash)
+        if !hash.nil? && File.file?(file)
+          computed_h = Digest::SHA256.file(file)
+          true if hash.casecmp(computed_h.hexdigest).zero?
+        else
+          false
+        end
+      end
+
+      # Just fetch a file
+      # @param uri [URI] the URI to of the file
+      # @return [Bytes] the content of the file
+      def fetch_file(uri)
+        res = Net::HTTP.get_response(uri)
+        raise "#{file_url} ended with #{res.code} #{res.message}" unless res.is_a?(Net::HTTPSuccess)
+
+        res.body
+      end
+
+      # Write a file to disk
+      # @param destination_file [String] the file path where the fiel will be
+      #   written to disk
+      # @param file_content [String] the content to write in the file
+      # @return [String] destination file path
+      def write_file(destination_file, file_content)
+        File.open(destination_file, 'wb') do |file|
+          file.write(file_content)
+        end
+        destination_file
+      end
+
+      # https://github.com/lsegal/yard/issues/1372
+      protected :download_file, :check_hash, :fetch_file, :write_file
+    end
+  end
+end