sym 2.8.1 → 3.0.0

data/lib/sym/app/password/providers.rb

@@ -15,7 +15,7 @@ module Sym
             self.providers << provider_class
           end
 
-          # Detect first instance that is "alive?" and return it.
+          # Detect first instance tht is "alive?" and return it.
           def detect
             self.detected ||= self.providers.inject(nil) do |instance, provider_class|
               instance || (p = provider_class.new; p.alive? ? p : nil)
@@ -38,7 +38,7 @@ module Sym
 
           def provider_from_argument(p, **opts, &block)
             case p
-              when String, Symbol
+            when String, Symbol
                 provider_class_name = "#{p.to_s.capitalize}Provider"
                 Sym::App::Password::Providers.const_defined?(provider_class_name) ?
                   Sym::App::Password::Providers.const_get(provider_class_name).new(**opts, &block) :
@@ -53,4 +53,3 @@ end
 
 # Order is important — they are tried in this order for auto detect
 require 'sym/app/password/providers/memcached_provider'
-require 'sym/app/password/providers/drb_provider'

data/lib/sym/app/private_key/decryptor.rb

@@ -31,10 +31,10 @@ module Sym
             rescue ::OpenSSL::Cipher::CipherError => e
               input_handler.puts 'Invalid password. Please try again.'
 
-              if ((retries += 1) < 3)
+              if (retries += 1) < 3
                 retry
               else
-                raise(Sym::Errors::InvalidPasswordProvidedForThePrivateKey.new('Invalid password.'))
+                raise(Sym::Errors::WrongPasswordForKey.new('Invalid password.'))
               end
             end
           else

data/lib/sym/app/private_key/detector.rb

@@ -23,11 +23,10 @@ module Sym
         # procs on a given string.
         def read!
           KeySourceCheck::CHECKS.each do |source_check|
-            if result = source_check.detect(self) rescue nil
-              if key_ = normalize_key(result.key)
-                key_source_ = result.to_s
-                return key_, key_source_
-              end
+            next unless result = source_check.detect(self) rescue nil
+            if key_ = normalize_key(result.key)
+              key_source_ = result.to_s
+              return key_, key_source_
             end
           end
           nil
@@ -51,8 +50,6 @@ module Sym
             rescue
               nil
             end
-          else
-            nil
           end
         end
       end

data/lib/sym/application.rb

@@ -32,7 +32,6 @@ module Sym
                   :stdin, :stdout, :stderr, :kernel
 
     def initialize(opts, stdin = STDIN, stdout = STDOUT, stderr = STDERR, kernel = nil)
-
       self.stdin  = stdin
       self.stdout = stdout
       self.stderr = stderr
@@ -111,16 +110,12 @@ module Sym
     end
 
     def editor
-      editors_to_try.find { |editor| File.exist?(editor) }
+      editors_to_try.compact.find { |editor| File.exist?(editor) }
     end
 
     def process_output(result)
-      unless result.is_a?(Hash)
-        self.output.call(result)
-        result
-      else
-        result
-      end
+      self.output.call(result) unless result.is_a?(Hash)
+      result
     end
 
     private
@@ -182,7 +177,7 @@ module Sym
       args[:verbose]  = opts[:verbose]
       args[:provider] = opts[:cache_provider] if opts[:cache_provider]
 
-      self.password_cache = Sym::App::Password::Cache.instance.configure(args)
+      self.password_cache = Sym::App::Password::Cache.instance.configure(**args)
     end
 
     def process_edit_option
@@ -207,7 +202,7 @@ module Sym
     end
 
     def initialize_action
-      self.action = if opts[:encrypt] then
+      self.action = if opts[:encrypt]
                       :encr
                     elsif opts[:decrypt]
                       :decr
@@ -217,7 +212,7 @@ module Sym
     # If we are encrypting or decrypting, and no data has been provided, check if we
     # should read from STDIN
     def initialize_data_source
-      if self.action && opts[:string].nil? && opts[:file].nil? && !(self.stdin.tty?)
+      if self.action && opts[:string].nil? && opts[:file].nil? && !self.stdin.tty?
         opts[:file] = '-'
       end
     end

data/lib/sym/constants.rb

@@ -1,43 +1,59 @@
 require 'logger'
 module Sym
+  #
+  # This module is responsible for installing Sym BASH extensions.
+  #
   module Constants
-    module Bash
 
-      BASH_FILES = Dir.glob("#{File.expand_path('../../../bin', __FILE__)}/sym.*.bash").freeze
+    BASH_FILES = Dir.glob("#{File.expand_path('../../bin', __dir__)}/sym.*.bash").freeze
 
-      Config = {}
+    class << self
+      attr_reader :user_home
 
-      class << self
-        def register_bash_files!
-          BASH_FILES.each do |bash_file|
-            register_bash_extension bash_file, Config
-          end
-        end
+      def user_home=(value)
+        @user_home = value
+        register_bash_files!
+      end
 
-        private
+      def config
+        @config ||= {}
+      end
 
-        def register_bash_extension(bash_file, hash)
-          source_file = File.basename(bash_file)
-          home_file   = "#{Dir.home}/.#{source_file}"
+      def sym_key_file
+        "#{user_home}/.sym.key"
+      end
 
-          hash[source_file.gsub(/sym\./, '').gsub(/\.bash/, '').to_sym] = {
-              dest:   home_file,
-              source: bash_file,
-              script: "[[ -f #{home_file} ]] && source #{home_file}"
-          }
+      def register_bash_files!
+        BASH_FILES.each do |bash_file|
+          register_bash_extension bash_file
         end
       end
 
-      self.register_bash_files!
+      private
+
+      def register_bash_extension(bash_file)
+        return unless user_home && Dir.exist?(user_home)
+
+        source_file = File.basename(bash_file)
+        home_file   = "#{user_home}/.#{source_file}"
+        config_key  = source_file.gsub(/sym\./, '').gsub(/\.bash/, '').to_sym
+
+        config[config_key] = {
+          dest:   home_file,
+          source: bash_file,
+          script: "[[ -f #{home_file} ]] && source #{home_file}"
+        }
+      end
     end
 
+    self.user_home ||= ::Dir.home rescue nil
+    self.user_home ||= '/tmp'
+
+    self.register_bash_files!
+
     module Log
       NIL = Logger.new(nil).freeze # empty logger
       LOG = Logger.new(STDERR).freeze
     end
-
-    ENV_ARGS_VARIABLE_NAME = 'SYM_ARGS'.freeze
-    SYM_KEY_FILE           = "#{ENV['HOME']}/.sym.key"
-
   end
 end

data/lib/sym/data/wrapper_struct.rb

@@ -2,24 +2,32 @@ require 'sym/errors'
 module Sym
   module Data
     class WrapperStruct < Struct.new(
-      :encrypted_data,        # [Blob] Binary encrypted data (possibly compressed)
-      :iv,                    # [String] IV used to encrypt the data
-      :cipher_name,           # [String] Name of the cipher used
-      :salt,                  # [Integer] For password-encrypted data this is the salt
-      :version,               # [Integer] Version of the cipher used
-      :compress               # [Boolean] indicates if compression should be applied
-      )
+      # [Blob] Binary encrypted data (possibly compressed)s
+      :encrypted_data,
+      # [String] IV used to encrypt the datas
+      :iv,
+      # [String] Name of the cipher used
+      :cipher_name,
+      # [Integer] For password-encrypted data this is the salt
+      :salt,
+      # [Integer] Version of the cipher used
+      :version,
+      # [Boolean] indicates if compression should be applied
+      :compress
+    )
+
+      define_singleton_method(:new, Class.method(:new))
 
       VERSION = 1
 
       attr_accessor :compressed
 
       def initialize(
-        encrypted_data:, # [Blob] Binary encrypted data (possibly compressed)
-        iv:, # [String] IV used to encrypt the data
-        cipher_name:, # [String] Name of the cipher used
-        salt: nil, # [Integer] For password-encrypted data this is the salt
-        version: VERSION, # [Integer] Version of the cipher used
+        encrypted_data:,
+        iv:,
+        cipher_name:,
+        salt: nil,
+        version: VERSION,
         compress: Sym::Configuration.config.compression_enabled
       )
         super(encrypted_data, iv, cipher_name, salt, version, compress)

data/lib/sym/errors.rb

@@ -1,16 +1,23 @@
 module Sym
   # All public exceptions of this library are here.
   module Errors
+    # @formatter:off
     # Exceptions superclass for this library.
-    class Sym::Errors::Error < StandardError; end
+    class Error < StandardError; end
 
     # No secret has been provided for encryption or decryption
     class InsufficientOptionsError < Sym::Errors::Error; end
 
     class PasswordError < Sym::Errors::Error; end
+
+    class InvalidSymHomeDirectory < Sym::Errors::Error; end
+
     class NoPasswordProvided < Sym::Errors::PasswordError; end
+
     class PasswordsDontMatch < Sym::Errors::PasswordError; end
+
     class PasswordTooShort < Sym::Errors::PasswordError; end
+
     class CantReadPasswordNoTTY < Sym::Errors::PasswordError; end
 
     class EditorExitedAbnormally < Sym::Errors::Error; end
@@ -20,13 +27,17 @@ module Sym
     class DataEncodingVersionMismatch< Sym::Errors::Error; end
 
     class KeyError < Sym::Errors::Error; end
+
     class InvalidEncodingPrivateKey < Sym::Errors::KeyError; end
-    class InvalidPasswordProvidedForThePrivateKey < Sym::Errors::KeyError; end
+
+    class WrongPasswordForKey < Sym::Errors::KeyError; end
+
     class NoPrivateKeyFound < Sym::Errors::KeyError; end
 
     class NoDataProvided < Sym::Errors::Error; end
 
     class KeyChainCommandError < Sym::Errors::Error; end
+    # @formatter:on
 
     # Method was called on an abstract class. Override such methods in
     # subclasses, and use subclasses for instantiation of objects.

data/lib/sym/extensions/instance_methods.rb

@@ -71,7 +71,7 @@ module Sym
       def make_password_key(cipher, password, salt = nil)
         key_len = cipher.key_len
         salt    ||= OpenSSL::Random.random_bytes 16
-        iter    = 20000
+        iter    = 20_000
         digest  = OpenSSL::Digest::SHA256.new
         key     = OpenSSL::PKCS5.pbkdf2_hmac(password, salt, iter, key_len, digest)
         return key, salt
@@ -87,12 +87,12 @@ module Sym
         block.call(cipher_struct) if block
 
         encrypted_data = update_cipher(cipher_struct.cipher, data)
-        wrapper_struct = WrapperStruct.new(
-          encrypted_data: encrypted_data,
-          iv:             cipher_struct.iv,
-          cipher_name:    cipher_struct.cipher.name,
-          salt:           cipher_struct.salt,
-          compress:       !compression_enabled)
+        arguments      = { encrypted_data: encrypted_data,
+                           iv:             cipher_struct.iv,
+                           cipher_name:    cipher_struct.cipher.name,
+                           salt:           cipher_struct.salt,
+                           compress:       !compression_enabled }
+        wrapper_struct = WrapperStruct.new(arguments)
         encode(wrapper_struct, false)
       end
 
@@ -107,7 +107,6 @@ module Sym
         decode(update_cipher(cipher_struct.cipher, wrapper_struct.encrypted_data))
       end
 
-
       def encode_incoming_data(data)
         compression_enabled = !data.respond_to?(:size) || (data.size > 100 && encryption_config.compression_enabled)
         data                = encode(data, compression_enabled)

data/lib/sym/extensions/stdlib.rb

@@ -1,4 +1,3 @@
-
 module Kernel
   def require_dir(___dir)
     @___dir ||= File.dirname(__FILE__)

data/lib/sym/extensions/with_retry.rb

@@ -2,7 +2,7 @@ module Sym
   module Extensions
     module WithRetry
 
-      def with_retry(retries: 3, fail_block: nil, &block)
+      def with_retry(retries: 3, fail_block: nil)
         attempts = 0
         yield if block_given?
       rescue StandardError => e

data/lib/sym/extensions/with_timeout.rb

@@ -3,7 +3,7 @@ module Sym
     module WithTimeout
 
       def with_timeout(timeout = 3)
-        status = Timeout::timeout(timeout) {
+        status = Timeout.timeout(timeout) {
           yield if block_given?
         }
       end

data/lib/sym/version.rb

@@ -1,8 +1,57 @@
 module Sym
-  VERSION     = '2.8.1'
-  DESCRIPTION = <<-eof
-Sym is a ruby library (gem) that offers both the command line interface (CLI) and a set of rich Ruby APIs, which make it rather trivial to add encryption and decryption of sensitive data to your development or deployment flow. As a layer of additional security, you can encrypt the private key itself with a password.  Unlike many other existing encryption tools, Sym focuses on getting out of the way — by offering its streamlined interface, hoping to make encryption of application secrets nearly completely transparent to the developers.  For the data encryption Sym uses a symmetric 256-bit key with the AES-256-CBC cipher, same cipher as used by the US Government. For password-protecting the key Sym uses AES-128-CBC cipher. The resulting data is zlib-compressed and base64-encoded. The keys are also base64 encoded for easy copying/pasting/etc.
-  
-Sym accomplishes encryption transparency by combining convenience features: 1) Sym can read the private key from multiple source types, such as: a pathname to a file, an environment variable name, a keychain entry, or CLI argument. You simply pass either of these to the -k flag — one flag that works for all source types. 2) By utilizing OS-X Keychain on a Mac, Sym offers truly secure way of storing the key on a local machine, much more secure then storing it on a file system, 3) By using a local password cache (activated with -c) via an in-memory provider such as memcached or drb, sym invocations take advantage of password cache, and only ask for a password once per a configurable time period, 4) By using SYM_ARGS environment variable, where common flags can be saved. This is activated with sym -A, 5) By reading the key from the default key source file ~/.sym.key which requires no flags at all, 6) By utilizing the --negate option to quickly encrypt a regular file, or decrypt an encrypted file with extension .enc 7) By implementing the -t (edit) mode, that opens an encrypted file in your $EDITOR, and replaces the encrypted version upon save & exit, optionally creating a backup. 8) By offering the Sym::MagicFile ruby API to easily read encrypted files into memory.
+  VERSION     = '3.0.0'
+  DESCRIPTION = <<~eof
+
+     Sym is a ruby library (gem) that offers both the command line interface 
+     (CLI) and a set of rich Ruby APIs, which make it rather trivial to add 
+     encryption and decryption of sensitive data to your development or deployment 
+     workflow.
+     
+     For additional security the private key itself can be encrypted with a 
+     user-generated password. For decryption using the key the password can be 
+     input into STDIN, or be defined by an ENV variable, or an OS-X Keychain Entry. 
+     
+     Unlike many other existing encryption tools, Sym focuses on getting out of 
+     your way by offering a streamlined interface with password caching (if 
+     MemCached is installed and running locally) in hopes to make encryption of 
+     application secrets nearly completely transparent to the developers. 
+     
+     Sym uses symmetric 256-bit key encryption with the AES-256-CBC cipher, 
+     same cipher as used by the US Government. 
+     
+     For password-protecting the key Sym uses AES-128-CBC cipher. The resulting 
+     data is zlib-compressed and base64-encoded. The keys are also base64 encoded 
+     for easy copying/pasting/etc.
+     
+     Sym accomplishes encryption transparency by combining several convenient features:
+      
+       1. Sym can read the private key from multiple source types, such as pathname, 
+          an environment variable name, a keychain entry, or CLI argument. You simply 
+          pass either of these to the -k flag — one flag that works for all source types.
+      
+       2. By utilizing OS-X Keychain on a Mac, Sym offers truly secure way of 
+          storing the key on a local machine, much more secure then storing it on a file system,
+      
+       3. By using a local password cache (activated with -c) via an in-memory provider 
+          such as memcached, sym invocations take advantage of password cache, and 
+          only ask for a password once per a configurable time period, 
+     
+       4. By using SYM_ARGS environment variable, where common flags can be saved. This 
+          is activated with sym -A,
+      
+       5. By reading the key from the default key source file ~/.sym.key which 
+          requires no flags at all,
+      
+       6. By utilizing the --negate option to quickly encrypt a regular file, or decrypt 
+          an encrypted file with extension .enc
+      
+       7. By implementing the -t (edit) mode, that opens an encrypted file in your $EDITOR, 
+          and replaces the encrypted version upon save & exit, optionally creating a backup.
+      
+       8. By offering the Sym::MagicFile ruby API to easily read encrypted files into memory.
+
+    Please refer the module documentation available here:
+    https://www.rubydoc.info/gems/sym
+     
   eof
 end

data/sym.gemspec

@@ -1,4 +1,3 @@
-# coding: utf-8
 lib = File.expand_path('../lib', __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'sym/version'
@@ -19,48 +18,50 @@ Gem::Specification.new do |spec|
   spec.bindir        = 'exe'
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
-  spec.required_ruby_version = '>= 2.2'
-  spec.post_install_message = <<-EOF
-
-Thank you for installing Sym! 
-
-BLOG POST
-=========
-http://kig.re/2017/03/10/dead-simple-encryption-with-sym.html
-
-BASH COMPLETION
-===============
-To enable bash command line completion and install highly useful
-command line BASH wrapper 'symit', please run the following 
-command after installing the gem. It appends sym's shell completion 
-wrapper to the file specified in arguments to -B flag.
-
-  sym -B ~/.bash_profile
-  source ~/.bash_profile
-  # then:
-  sym --help
-  symit --help
- 
-Thank you for using Sym and happy encrypting :)
-
-@kigster on Github, 
-    @kig on Twitter.
-
-EOF
+  spec.required_ruby_version = '>= 2.3'
+  spec.post_install_message = <<~EOF
+    
+    Thank you for installing Sym! 
+    
+    BLOG POST
+    =========
+    http://kig.re/2017/03/10/dead-simple-encryption-with-sym.html
+    
+    BASH COMPLETION
+    ===============
+    To enable bash command line completion and install highly useful
+    command line BASH wrapper 'symit', please run the following 
+    command after installing the gem. It appends sym's shell completion 
+    wrapper to the file specified in arguments to -B flag.
+    
+      sym -B ~/.bash_profile
+      source ~/.bash_profile
+      # then:
+      sym --help
+      symit --help
+     
+    Thank you for using Sym and happy encrypting :)
+    
+    @kigster on Github, 
+        @kig on Twitter.
+    
+  EOF
   spec.add_dependency 'colored2', '~> 3'
   spec.add_dependency 'slop', '~> 4.3'
   spec.add_dependency 'activesupport'
-  spec.add_dependency 'highline', '~> 1.7'
-  spec.add_dependency 'coin', '~> 0.1.8'
-  spec.add_dependency 'dalli', '~> 2.7'
+  spec.add_dependency 'highline'
+  spec.add_dependency 'dalli'
 
-  spec.add_development_dependency 'codeclimate-test-reporter', '~> 1.0'
-  spec.add_development_dependency 'simplecov'
-  spec.add_development_dependency 'irbtools'
+  spec.add_development_dependency 'asciidoctor'
   spec.add_development_dependency 'aruba'
   spec.add_development_dependency 'bundler'
+  spec.add_development_dependency 'irbtools'
   spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'relaxed-rubocop'
   spec.add_development_dependency 'rspec', '~> 3'
   spec.add_development_dependency 'rspec-its'
+  spec.add_development_dependency 'rubocop', '0.81.0'
+  spec.add_development_dependency 'simplecov'
+  spec.add_development_dependency 'codecov'
   spec.add_development_dependency 'yard'
 end