safedb 0.4.1002 → 0.5.1001
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +35 -23
- data/README.md +69 -29
- data/lib/cli.rb +28 -22
- data/lib/controller/admin/access.rb +1 -1
- data/lib/controller/admin/commit.rb +53 -0
- data/lib/controller/admin/diff.rb +23 -25
- data/lib/controller/admin/export.rb +9 -11
- data/lib/controller/admin/goto.rb +2 -3
- data/lib/controller/admin/import.rb +5 -7
- data/lib/controller/admin/login.rb +16 -2
- data/lib/controller/admin/logout.rb +1 -1
- data/lib/controller/admin/open.rb +4 -5
- data/lib/controller/admin/refresh.rb +55 -0
- data/lib/controller/admin/token.rb +1 -1
- data/lib/controller/admin/use.rb +1 -1
- data/lib/controller/admin/view.rb +8 -10
- data/lib/controller/api/docker/docker.rb +1 -1
- data/lib/controller/api/jenkins/jenkins.rb +1 -1
- data/lib/controller/api/terraform/terraform.rb +7 -34
- data/lib/controller/api/vpn/vpn.rb +1 -1
- data/lib/controller/{usecase.rb → controller.rb} +15 -8
- data/lib/controller/edit/editverse.rb +2 -2
- data/lib/controller/id.rb +1 -1
- data/lib/controller/query/copy.rb +127 -0
- data/lib/controller/query/queryverse.rb +2 -2
- data/lib/controller/requirer.rb +1 -1
- data/lib/controller/set.rb +1 -1
- data/lib/controller/verse.rb +1 -1
- data/lib/controller/visit/visit.rb +1 -1
- data/lib/manual/copy-paste.md +13 -0
- data/lib/{controller/admin/tree.md → manual/dir-structure.md} +0 -0
- data/lib/manual/drag-drop.md +77 -0
- data/lib/manual/login-logout.md +46 -0
- data/lib/model/README.md +2 -2
- data/lib/model/book.rb +11 -6
- data/lib/model/indices.rb +1 -1
- data/lib/model/state.inspect.rb +67 -53
- data/lib/model/state.migrate.rb +19 -19
- data/lib/model/text_chunk.rb +35 -15
- data/lib/utils/clipboard/clip.rb +92 -0
- data/lib/utils/key.pass.rb +3 -1
- data/lib/version.rb +1 -1
- metadata +11 -7
- data/lib/controller/admin/checkin.rb +0 -83
- data/lib/controller/admin/checkout.rb +0 -57
- data/lib/modules/cryptology/collect.rb +0 -138
@@ -1,57 +0,0 @@
|
|
1
|
-
#!/usr/bin/ruby
|
2
|
-
|
3
|
-
module SafeDb
|
4
|
-
|
5
|
-
# The <b>checkout use case</b> commits any changes made to the safe book into
|
6
|
-
# master. This is straightforward if the master's state has not been forwarded
|
7
|
-
# by a ckeckin from another (shell) branch.
|
8
|
-
#
|
9
|
-
# == master and branch not in sync
|
10
|
-
#
|
11
|
-
# Checkins cannot occur when the master's state has been moved forward by another
|
12
|
-
# branch checkin. In these cases one needs to use the below sequence.
|
13
|
-
#
|
14
|
-
# - <tt>safe diff --checkout</tt> | diff will list what will the state changes during checkout
|
15
|
-
# - <tt>safe checkout</tt> | the actual merge down (from master to branch) that never deletes keys
|
16
|
-
# - <tt>safe checkin</tt> | now the checkin can proceed as the branch is in line with the master
|
17
|
-
#
|
18
|
-
# == checkout | merge up mechanics
|
19
|
-
#
|
20
|
-
# The mechanics of a simple in-sync checkout is to
|
21
|
-
#
|
22
|
-
# - sync the master crypts to exactly mimic the branch crypts
|
23
|
-
# - tell master the content id of the book index file
|
24
|
-
# - tell master what the current random iv (initialization vector) is
|
25
|
-
# - create a new commit ID and set it on both master and branch
|
26
|
-
# - set the master's last updated date and time
|
27
|
-
#
|
28
|
-
class CheckOut < UseCase
|
29
|
-
|
30
|
-
|
31
|
-
# The <b>checkout use case</b> commits any changes made to the safe book into
|
32
|
-
# master. This is straightforward if the master's state has not been forwarded
|
33
|
-
# by a ckeckin from another (shell) branch.
|
34
|
-
def execute
|
35
|
-
|
36
|
-
book = Book.new()
|
37
|
-
|
38
|
-
puts ""
|
39
|
-
puts " == Birth Day := #{book.init_time()}\n"
|
40
|
-
puts " == Book Name := #{book.book_name()} [#{book.book_id}]\n"
|
41
|
-
puts " == Book Mark := #{book.get_open_chapter_name()}/#{book.get_open_verse_name()}\n" if book.is_opened?()
|
42
|
-
puts ""
|
43
|
-
|
44
|
-
StateMigrate.checkout( book )
|
45
|
-
StateMigrate.copy_commit_id_to_branch( book )
|
46
|
-
|
47
|
-
puts "Checkout from master to branch was successful.\n"
|
48
|
-
puts ""
|
49
|
-
|
50
|
-
|
51
|
-
end
|
52
|
-
|
53
|
-
|
54
|
-
end
|
55
|
-
|
56
|
-
|
57
|
-
end
|
@@ -1,138 +0,0 @@
|
|
1
|
-
#!/usr/bin/ruby
|
2
|
-
|
3
|
-
module SafeDb
|
4
|
-
|
5
|
-
module ToolBelt
|
6
|
-
|
7
|
-
require 'io/console'
|
8
|
-
|
9
|
-
# This class will be refactored into an interface implemented by a set
|
10
|
-
# of plugins that will capture sensitive information from users from an
|
11
|
-
# Ubuntu, Windows, RHEL, CoreOS, iOS or CentOS command line interface.
|
12
|
-
#
|
13
|
-
# An equivalent REST API will also be available for bringing in sensitive
|
14
|
-
# information in the most secure (but simple) manner.
|
15
|
-
class Collect
|
16
|
-
|
17
|
-
|
18
|
-
# <tt>Collect something sensitive from the command line</tt> with a
|
19
|
-
# minimum length specified in the first parameter. This method can't
|
20
|
-
# know whether the information is a password, a pin number or whatever
|
21
|
-
# so it takes the integer minimum size at its word.
|
22
|
-
#
|
23
|
-
# <b>Question 5 to App Config | What is the Secret?</b>
|
24
|
-
#
|
25
|
-
# The client may need to acquire the secret if the answer to question 4 indicates the need
|
26
|
-
# to instantiate the keys and encrypt the application's plaintext database. The application
|
27
|
-
# should facilitate communication of the secret via
|
28
|
-
#
|
29
|
-
# - an environment variable
|
30
|
-
# - the system clipboard (cleared after reading)
|
31
|
-
# - a file whose path is a command parameter
|
32
|
-
# - a file in a pre-agreed location
|
33
|
-
# - a file in the present directory (with a pre-agreed name)
|
34
|
-
# - a URL from a parameter or pre-agreed
|
35
|
-
# - the shell's secure password reader
|
36
|
-
# - the DConf / GConf or GSettings configuration stores
|
37
|
-
# - a REST API
|
38
|
-
# - password managers like LastPass, KeePassX or 1Pass
|
39
|
-
# - the Amazon KMS (Key Management Store)
|
40
|
-
# - vaults from Ansible, Terraform and Kubernetes
|
41
|
-
# - credential managers like GitSecrets and Credstash
|
42
|
-
#
|
43
|
-
# @param min_size [Integer] the minimum size of the collected secret
|
44
|
-
# whereby one (1) is the least we can expect. The maximum bound is
|
45
|
-
# not constrained here so will fall under what is allowed by the
|
46
|
-
# interface, be it a CLI, Rest API, Web UI or Mobile App.
|
47
|
-
#
|
48
|
-
# @param prompt_twice [Boolean] indicate whether the user should be
|
49
|
-
# prompted twice. If true the prompt_2 text must be provided and
|
50
|
-
# converse is also true. A true value asserts that both times the
|
51
|
-
# user enters the same (case sensitive) string.
|
52
|
-
#
|
53
|
-
# @param prompt_1 [String] the text (aide memoire) used to prompt the user
|
54
|
-
#
|
55
|
-
# @param prompt_2 [String] if the prompt twice boolean is TRUE, this
|
56
|
-
# second prompt (aide memoire) must be provided.
|
57
|
-
#
|
58
|
-
# @return [String] the collected string text ( watch out for non-ascii chars)
|
59
|
-
# @raise [ArgumentError] if the minimum size is less than one
|
60
|
-
def self.secret_text min_size, prompt_twice, prompt_1, prompt_2=nil
|
61
|
-
|
62
|
-
assert_min_size min_size
|
63
|
-
|
64
|
-
sleep(1)
|
65
|
-
puts "\n#{prompt_1} : "
|
66
|
-
first_secret = STDIN.noecho(&:gets).chomp
|
67
|
-
|
68
|
-
assert_input_text_size first_secret.length, min_size
|
69
|
-
return first_secret unless prompt_twice
|
70
|
-
|
71
|
-
sleep(1)
|
72
|
-
puts "\n#{prompt_2} : "
|
73
|
-
check_secret = STDIN.noecho(&:gets).chomp
|
74
|
-
|
75
|
-
assert_same_size_text first_secret, check_secret
|
76
|
-
|
77
|
-
return first_secret
|
78
|
-
|
79
|
-
end
|
80
|
-
|
81
|
-
|
82
|
-
# --
|
83
|
-
# -- Raise an exception if asked to collect text that is less
|
84
|
-
# -- than 3 characters in length.
|
85
|
-
# --
|
86
|
-
def self.assert_min_size min_size
|
87
|
-
|
88
|
-
min_length_msg = "\n\nCrypts with 2 (or less) characters open up exploitable holes.\n\n"
|
89
|
-
raise ArgumentError.new min_length_msg if min_size < 3
|
90
|
-
|
91
|
-
end
|
92
|
-
|
93
|
-
|
94
|
-
# --
|
95
|
-
# -- Output an error message and then exit if the entered input
|
96
|
-
# -- text size does not meet the minimum requirements.
|
97
|
-
# --
|
98
|
-
def self.assert_input_text_size input_size, min_size
|
99
|
-
|
100
|
-
if( input_size < min_size )
|
101
|
-
|
102
|
-
puts
|
103
|
-
puts "Input is too short. Please enter at least #{min_size} characters."
|
104
|
-
puts
|
105
|
-
|
106
|
-
exit
|
107
|
-
|
108
|
-
end
|
109
|
-
|
110
|
-
end
|
111
|
-
|
112
|
-
|
113
|
-
# --
|
114
|
-
# -- Assert that the text entered the second time is exactly (case sensitive)
|
115
|
-
# -- the same as the text entered the first time.
|
116
|
-
# --
|
117
|
-
def self.assert_same_size_text first_text, second_text
|
118
|
-
|
119
|
-
unless( first_text.eql? second_text )
|
120
|
-
|
121
|
-
puts
|
122
|
-
puts "Those two bits of text are not the same (in my book)!"
|
123
|
-
puts
|
124
|
-
|
125
|
-
exit
|
126
|
-
|
127
|
-
end
|
128
|
-
|
129
|
-
end
|
130
|
-
|
131
|
-
|
132
|
-
end
|
133
|
-
|
134
|
-
|
135
|
-
end
|
136
|
-
|
137
|
-
|
138
|
-
end
|