pass-station 1.1.0 → 1.2.3

data/lib/pass_station/output.rb

@@ -32,7 +32,7 @@ module PassStation
     # @param formatter [String] Engine to use to format the data: +table+, +'pretty-table'+, +JSON+, +CSV+, +YAML+
     # @return [Array<String>] formatted output
     def output_search(formatter)
-      return '[-] No result' if @search_result.empty?
+      return [] if @search_result.empty?
 
       output(formatter, @search_result)
     end
@@ -52,7 +52,7 @@ module PassStation
     end
 
     # Normalize string to be class name compatible
-    # Join splitted words and capitalize
+    # Join split words and capitalize
     # @param formatter [String] formatter name
     # @return [String] normalized name (class compatible)
     def normalize(formatter)
@@ -105,11 +105,10 @@ module PassStation
         # @return [Hash] fixed colsizes, keys are columns name, values are columns size
         def correct_min_colsizes(colsizes)
           min_colsizes = {
-            productvendor: 14,
-            username: 9,
-            password: 9
+            productvendor: 14, username: 9, password: 9, modelsoftware_name: 19,
+            version: 8, access_type: 12, privileges: 11, notes: 6, vendor: 7
           }
-          min_colsizes.each_with_object({}) { |(k, v), h| h[k] = [v, colsizes[k]].max }
+          colsizes.each_with_object({}) { |(k, v), h| h[k] = [v, min_colsizes[k]].max }
         end
 
         # Left justify an element of the column
@@ -220,7 +219,7 @@ module PassStation
         # @param table [Array<CSV::Row>] an +Array<CSV::Row>+
         # @return [Array<String>] the formatted JSON ready to be printed (only
         #   one element on the array, keep an array for compatibility with
-        #   {highlight_found} and homogeneity with other formatters)
+        #   {DB.highlight_found} and homogeneity with other formatters)
         def format(table)
           [table.map(&:to_h).to_json]
         end
@@ -234,7 +233,7 @@ module PassStation
         # @param table [Array<CSV::Row>] an +Array<CSV::Row>+
         # @return [Array<String>] the formatted YAML ready to be printed (only
         #   one element on the array, keep an array for compatibility with
-        #   {highlight_found} and homogeneity with other formatters)
+        #   {DB.highlight_found} and homogeneity with other formatters)
         def format(table)
           [table.map(&:to_h).to_yaml]
         end

data/lib/pass_station/parse.rb

@@ -22,10 +22,11 @@ module PassStation
     end
 
     # Parse, sort and sanitize the password database
-    # @param sort [Symbol] column name to sort by: +:productvendor+, +:username+, +:password+
-    # @return [Array<CSV::Row>] table of +CSV::Row+, each row contains three
-    #   attributes: :productvendor, :username, :password
-    def parse(sort = :productvendor)
+    # @param sort [Symbol] column name to sort by (columns depends on the database source, see {UPSTREAM_DATABASE})
+    # @return [Array<CSV::Row>] table of +CSV::Row+, each row contains multiple
+    #   attributes (columns depends on the database source, see {UPSTREAM_DATABASE})
+    def parse(sort = nil)
+      sort ||= UPSTREAM_DATABASE[@database_type][:COLUMNS].first[0]
       @data = CSV.table(@database_path, **@config).sort_by do |s|
         s[sort].downcase
       end

data/lib/pass_station/search.rb

@@ -6,11 +6,13 @@ module PassStation
   class DB
     # Search term in the data table
     # @param term [String] the searched term
-    # @param col [Symbol] the column to search in: :productvendor | :username | :password | :all (all columns)
+    # @param col [Symbol] the column to search in: column name (columns depends on the database source, see
+    #   {UPSTREAM_DATABASE}) or :all (all columns)
     # @see build_regexp for +opts+ param description
-    # @return [Array<CSV::Row>] table of +CSV::Row+, each row contains three
-    #   attributes: :productvendor, :username, :password
+    # @return [Array<CSV::Row>] table of +CSV::Row+, each row contains multiple
+    #   attributes (columns depends on the database source, see {UPSTREAM_DATABASE})
     def search(term, col, opts = {})
+      col ||= UPSTREAM_DATABASE[@database_type][:COLUMNS].first[0]
       r1 = prepare_search(term, opts)
       condition = column_selector(col, r1)
       @data.each do |row|
@@ -21,14 +23,14 @@ module PassStation
 
     # Choose in which column the search will be performed and build the
     # condition to use
-    # @param col [Symbol] the column to search in: :productvendor | :username | :password | :all (all columns)
+    # @param col [Symbol] the column to search in: column name (columns depends on the database source, see
+    #   {UPSTREAM_DATABASE}) or :all (all columns)
     # @param rgxp [Regexp] the search regexp (generated by {build_regexp})
     # @return [Proc] the proc condition to use for searching
     def column_selector(col, rgxp)
       proc { |row|
         if col == :all
-          row[:productvendor].match?(rgxp) || row[:username].match?(rgxp) ||
-            row[:password].match?(rgxp)
+          UPSTREAM_DATABASE[@database_type][:COLUMNS].keys.map { |x| row[x].match?(rgxp) }.inject(:|)
         else
           row[col].match?(rgxp)
         end
@@ -62,7 +64,7 @@ module PassStation
 
     # Raise an error is data attribute is nil
     def data_nil?
-      raise 'You must use the parse method to polutate the data attribute first' if @data.nil?
+      raise 'You must use the parse method to populate the data attribute first' if @data.nil?
     end
 
     protected :build_regexp, :prepare_search, :column_selector, :data_nil?

data/lib/pass_station/source.rb

@@ -9,45 +9,82 @@ module PassStation
   # Password database handling
   class DB
     UPSTREAM_DATABASE = {
-      URL: 'https://raw.githubusercontent.com/ihebski/DefaultCreds-cheat-sheet/main/DefaultCreds-Cheat-Sheet.csv',
-      HASH: 'de6a9f7e7ac94fbcd142ec5817efb71d3a0027076266c87ead5158a4960ec708'
+      MAPPING: {
+        1 => :DEFAULT_CREDENTIALS_CHEAT_SHEET,
+        2 => :MANY_PASSWORDS
+      },
+      DEFAULT_CREDENTIALS_CHEAT_SHEET: {
+        URL: 'https://raw.githubusercontent.com/ihebski/DefaultCreds-cheat-sheet/main/DefaultCreds-Cheat-Sheet.csv',
+        HASH: 'f03f3ed77a8a932b1b2891fbec705d42b1eec4911fb76ccf36cde9e79a385556',
+        FILENAME: 'DefaultCreds-Cheat-Sheet.csv',
+        COLUMNS: {
+          productvendor: 'Product/Vendor',
+          username: 'Username',
+          password: 'Password'
+        }
+      },
+      MANY_PASSWORDS: {
+        URL: 'https://raw.githubusercontent.com/many-passwords/many-passwords/main/passwords.csv',
+        HASH: '293ce4411446c702aeda977b9a446ff42d045d980be0b5287a848b5bd7d39402',
+        FILENAME: 'many-passwords.csv',
+        COLUMNS: {
+          vendor: 'Vendor',
+          modelsoftware_name: 'Model/Software name',
+          version: 'Version',
+          access_type: 'Access Type',
+          username: 'Username',
+          password: 'Password',
+          privileges: 'Privileges',
+          notes: 'Notes'
+        }
+      }
     }.freeze
 
     class << self
       # Download upstream password database
       # @param destination_path [String] the destination path (may
       #   overwrite existing file).
-      # @param opts [Hash] the optional downlaod parameters.
+      # @param opts [Hash] the optional download parameters.
       # @option opts [String] :sha256 the SHA256 hash to check, if the file
       #   already exist and the hash matches then the download will be skipped.
+      # @option opts [String] :source_db id of the source database (see. MAPPING in {UPSTREAM_DATABASE}). Default is 1.
       # @return [String|nil] the saved file path.
       def download_upstream(destination_path, opts = {})
-        download_file(UPSTREAM_DATABASE[:URL], destination_path, opts)
+        opts[:source_db] ||= 1
+        source_db = UPSTREAM_DATABASE[:MAPPING][opts[:source_db]]
+        opts[:filename] = UPSTREAM_DATABASE[source_db][:FILENAME]
+        source_url = UPSTREAM_DATABASE[source_db][:URL]
+        download_file(source_url, destination_path, opts)
       end
 
-      # Chek if an update is available
+      # Check if an update is available
       # @return [Boolean] +true+ if there is, +false+ else.
       def check_for_update
-        file = download_file(UPSTREAM_DATABASE[:URL], Dir.mktmpdir)
-        # Same hash = no update
-        !check_hash(file, UPSTREAM_DATABASE[:HASH])
+        ret_vals = []
+        UPSTREAM_DATABASE[:MAPPING].each do |_k, v|
+          file = download_file(UPSTREAM_DATABASE[v][:URL], Dir.mktmpdir)
+          # Same hash = no update
+          ret_vals << !check_hash(file, UPSTREAM_DATABASE[v][:HASH])
+        end
+        ret_vals.inject(:|) # logical OR, there is an update if at least one entry needs one
       end
 
       # Download a file.
       # @param file_url [String] the URL of the file.
       # @param destination_path [String] the destination path (may
       #   overwrite existing file).
-      # @param opts [Hash] the optional downlaod parameters.
+      # @param opts [Hash] the optional download parameters.
       # @option opts [String] :sha256 the SHA256 hash to check, if the file
       #   already exist and the hash matches then the download will be skipped.
+      # @option opts [String] :filename override upstream filename
       # @return [String|nil] the saved file path.
       def download_file(file_url, destination_path, opts = {})
         opts[:sha256] ||= nil
 
         destination_path += '/' unless destination_path[-1] == '/'
         uri = URI(file_url)
-        filename = uri.path.split('/').last
-        destination_file = destination_path + filename
+        opts[:filename] ||= uri.path.split('/').last
+        destination_file = destination_path + opts[:filename]
         # Verify hash to see if it is the latest
         skip_download = check_hash(destination_file, opts[:sha256])
         write_file(destination_file, fetch_file(uri)) unless skip_download

data/lib/pass_station/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Version
-  VERSION = '1.1.0'
+  VERSION = '1.2.3'
 end

data/lib/pass_station.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+# Ruby internal
+require 'pathname'
 # Project internal
 require 'pass_station/source'
 require 'pass_station/parse'
@@ -23,14 +25,17 @@ module PassStation
     attr_accessor :database_name
 
     # Get the password database in +Array<CSV::Row>+ format
-    # @return [Array<CSV::Row>] pasword database
+    # @return [Array<CSV::Row>] password database
     attr_reader :data
 
     # A new instance of Pass Station
-    def initialize
+    # @param db [Integer] the credentials source database id (see {UPSTREAM_DATABASE})
+    def initialize(db = nil)
+      db ||= 1
       @storage_location = 'data/'
-      @database_name = 'DefaultCreds-Cheat-Sheet.csv'
-      @database_path = @storage_location + @database_name
+      @database_type = UPSTREAM_DATABASE[:MAPPING][db]
+      @database_name = UPSTREAM_DATABASE[@database_type][:FILENAME]
+      @database_path = absolute_db_path
       database_exists?
       @config = {}
       csv_config
@@ -38,6 +43,14 @@ module PassStation
       @search_result = []
     end
 
+    # Find the absolute path of the DB from its relative location
+    # @return [String] absolute filename of the DB
+    def absolute_db_path
+      pn = Pathname.new(__FILE__)
+      install_dir = pn.dirname.parent.to_s + Pathname::SEPARATOR_LIST
+      install_dir + @storage_location + @database_name
+    end
+
     # Check if the password database exists
     # @return [Boolean] +true+ if the file exists
     def database_exists?
@@ -47,6 +60,6 @@ module PassStation
       exists
     end
 
-    protected :database_exists?
+    protected :database_exists?, :absolute_db_path
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pass-station
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.2.3
 platform: ruby
 authors:
 - Alexandre ZANNI
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-03-15 00:00:00.000000000 Z
+date: 2021-11-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: docopt
@@ -78,14 +78,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '4.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -142,6 +142,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.10'
+- !ruby/object:Gem::Dependency
+  name: webrick
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
 - !ruby/object:Gem::Dependency
   name: yard
   requirement: !ruby/object:Gem::Requirement
@@ -169,22 +183,23 @@ files:
 - bin/pass-station
 - bin/pass-station_console
 - data/DefaultCreds-Cheat-Sheet.csv
+- data/many-passwords.csv
 - lib/pass_station.rb
 - lib/pass_station/output.rb
 - lib/pass_station/parse.rb
 - lib/pass_station/search.rb
 - lib/pass_station/source.rb
 - lib/pass_station/version.rb
-homepage: https://sec-it.github.io/pass-station/
+homepage: https://noraj.github.io/pass-station/
 licenses:
 - MIT
 metadata:
   yard.run: yard
-  bug_tracker_uri: https://github.com/sec-it/pass-station/issues
-  changelog_uri: https://github.com/sec-it/pass-station/blob/master/docs/CHANGELOG.md
-  documentation_uri: https://sec-it.github.io/pass-station/yard/
-  homepage_uri: https://sec-it.github.io/pass-station/
-  source_code_uri: https://github.com/sec-it/pass-station/
+  bug_tracker_uri: https://github.com/noraj/pass-station/issues
+  changelog_uri: https://github.com/noraj/pass-station/blob/master/docs/CHANGELOG.md
+  documentation_uri: https://noraj.github.io/pass-station/yard/
+  homepage_uri: https://noraj.github.io/pass-station/
+  source_code_uri: https://github.com/noraj/pass-station/
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -196,14 +211,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 2.6.0
   - - "<"
     - !ruby/object:Gem::Version
-      version: '3.0'
+      version: '3.1'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.2.22
 signing_key:
 specification_version: 4
 summary: CLI & library to search for default credentials among thousands of Products