zxcvbn-ruby 1.2.0 → 1.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fa14ec0484793f1034f5dda8b84c6265e2fc8b161e47fa323be7e78dc3223cc4
-  data.tar.gz: e42207b60f1d6b1c4a198e6e7b466e7dcc68caaaf610bdf6e4d29a85978da58d
+  metadata.gz: 7132f3b910a1849c47f1edcb52d2dd2f6f3954472ad912bd20520c942fbc0bda
+  data.tar.gz: 45c893886c18c81fcb03627b7dd341eecab816a5fab4e7a9efb9ab5ca0ff9375
 SHA512:
-  metadata.gz: d6b789be21697b782a87bc8c946fed85e8f088d8097f75f2e50ae8f9f95954c01dd1df76d8eb58f031b5b6e4ee43bbb14e15264c102371cdbb20696b50e0f3c1
-  data.tar.gz: a9a0fa505d0896c58cd1e34780ddd07a37d1d5fe34e103c09c86c4b9bdff3d8ddb78c607e2c158ef4d562f93b5a16f20e0f41b0db89dfddc1b7522c4467f1171
+  metadata.gz: 259633b2081be2ddd35ae1dfbcf17cf44e50f099e2bff7accbe15ffc6f1faa92217517a6ffdb060540276170f1a12d4cb8fab3ef256ee152efc525b6a902d3c2
+  data.tar.gz: 73e728a75b41c46e87074a95a7a8b1849eb6fcb50899e3b3bee6900d77ca0ecacd85f7d2ed539a180420423f0a6d705dc9da377bce107db5e21cb7f661682230

data/CHANGELOG.md

@@ -6,7 +6,25 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
-[Unreleased]: https://github.com/envato/zxcvbn-ruby/compare/v1.2.0...HEAD
+[Unreleased]: https://github.com/envato/zxcvbn-ruby/compare/v1.2.2...HEAD
+
+## [1.2.2] - 2025-12-06
+
+### Changed
+ - Address layout and frozen string literal issues ([#49])
+
+[1.2.2]: https://github.com/envato/zxcvbn-ruby/compare/v1.2.1...v.1.2.2
+[#49]: https://github.com/envato/zxcvbn-ruby/pull/49
+
+## [1.2.1] - 2025-12-05
+
+### Removed
+- Removed the dependency on the Ruby `benchmark` module ([#44]).
+- Tests are no longer included in the gem package ([#45]).
+
+[1.2.1]: https://github.com/envato/zxcvbn-ruby/compare/v1.2.0...v.1.2.1
+[#44]: https://github.com/envato/zxcvbn-ruby/pull/44
+[#45]: https://github.com/envato/zxcvbn-ruby/pull/45
 
 ## [1.2.0] - 2021-01-05
 

data/README.md

@@ -119,7 +119,7 @@ $ irb
 **Note**: Storing the entropy of an encrypted or hashed value provides
 information that can make cracking the value orders of magnitude easier for an
 attacker. For this reason we advise you not to store the results of
-`Zxcvbn::Tester#test`. Further reading: [A Tale of Security Gone Wrong](http://gavinmiller.io/2016/a-tale-of-security-gone-wrong/).
+`Zxcvbn::Tester#test`. Further reading: [A Tale of Security Gone Wrong](https://web.archive.org/web/20240715041147/http://gavinmiller.io/2016/a-tale-of-security-gone-wrong/).
 
 ## Contact
 

data/lib/zxcvbn/clock.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Zxcvbn
+  module Clock
+    def self.realtime
+      start = Process.clock_gettime(Process::CLOCK_MONOTONIC)
+      yield
+      Process.clock_gettime(Process::CLOCK_MONOTONIC) - start
+    end
+  end
+end

data/lib/zxcvbn/crack_time.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Zxcvbn
   module CrackTime
     SINGLE_GUESS = 0.010
@@ -6,7 +8,7 @@ module Zxcvbn
     SECONDS_PER_GUESS = SINGLE_GUESS / NUM_ATTACKERS
 
     def entropy_to_crack_time(entropy)
-      0.5 * (2 ** entropy) * SECONDS_PER_GUESS
+      0.5 * (2**entropy) * SECONDS_PER_GUESS
     end
 
     def crack_time_to_score(seconds)
@@ -50,4 +52,4 @@ module Zxcvbn
       end
     end
   end
-end
+end

data/lib/zxcvbn/data.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'json'
 require 'zxcvbn/dictionary_ranker'
 
@@ -5,11 +7,11 @@ module Zxcvbn
   class Data
     def initialize
       @ranked_dictionaries = DictionaryRanker.rank_dictionaries(
-        "english" =>      read_word_list("english.txt"),
+        "english" => read_word_list("english.txt"),
         "female_names" => read_word_list("female_names.txt"),
-        "male_names" =>   read_word_list("male_names.txt"),
-        "passwords" =>    read_word_list("passwords.txt"),
-        "surnames" =>     read_word_list("surnames.txt")
+        "male_names" => read_word_list("male_names.txt"),
+        "passwords" => read_word_list("passwords.txt"),
+        "surnames" => read_word_list("surnames.txt")
       )
       @adjacency_graphs = JSON.load(DATA_PATH.join('adjacency_graphs.json').read)
     end

data/lib/zxcvbn/dictionary_ranker.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Zxcvbn
   class DictionaryRanker
     def self.rank_dictionaries(lists)

data/lib/zxcvbn/entropy.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'zxcvbn/math'
 
 module Zxcvbn::Entropy
@@ -6,24 +8,25 @@ module Zxcvbn::Entropy
   def calc_entropy(match)
     return match.entropy unless match.entropy.nil?
 
-    match.entropy = case match.pattern
-                    when 'repeat'
-                      repeat_entropy(match)
-                    when 'sequence'
-                      sequence_entropy(match)
-                    when 'digits'
-                      digits_entropy(match)
-                    when 'year'
-                      year_entropy(match)
-                    when 'date'
-                      date_entropy(match)
-                    when 'spatial'
-                      spatial_entropy(match)
-                    when 'dictionary'
-                      dictionary_entropy(match)
-                    else
-                      0
-                    end
+    match.entropy =
+      case match.pattern
+      when 'repeat'
+        repeat_entropy(match)
+      when 'sequence'
+        sequence_entropy(match)
+      when 'digits'
+        digits_entropy(match)
+      when 'year'
+        year_entropy(match)
+      when 'date'
+        date_entropy(match)
+      when 'spatial'
+        spatial_entropy(match)
+      when 'dictionary'
+        dictionary_entropy(match)
+      else
+        0
+      end
   end
 
   def repeat_entropy(match)
@@ -33,21 +36,22 @@ module Zxcvbn::Entropy
 
   def sequence_entropy(match)
     first_char = match.token[0]
-    base_entropy = if ['a', '1'].include?(first_char)
-      1
-    elsif first_char.match(/\d/)
-      lg(10)
-    elsif first_char.match(/[a-z]/)
-      lg(26)
-    else
-      lg(26) + 1
-    end
+    base_entropy =
+      if ['a', '1'].include?(first_char)
+        1
+      elsif first_char.match(/\d/)
+        lg(10)
+      elsif first_char.match(/[a-z]/)
+        lg(26)
+      else
+        lg(26) + 1
+      end
     base_entropy += 1 unless match.ascending
     base_entropy + lg(match.token.length)
   end
 
   def digits_entropy(match)
-    lg(10 ** match.token.length)
+    lg(10**match.token.length)
   end
 
   NUM_YEARS = 119 # years match against 1900 - 2019
@@ -90,8 +94,8 @@ module Zxcvbn::Entropy
     [START_UPPER, END_UPPER, ALL_UPPER].each do |regex|
       return 1 if word.match(regex)
     end
-    num_upper = word.chars.count{|c| c.match(/[A-Z]/) }
-    num_lower = word.chars.count{|c| c.match(/[a-z]/) }
+    num_upper = word.chars.count { |c| c.match(/[A-Z]/) }
+    num_lower = word.chars.count { |c| c.match(/[a-z]/) }
     possibilities = 0
     (0..[num_upper, num_lower].min).each do |i|
       possibilities += nCk(num_upper + num_lower, i)
@@ -102,10 +106,11 @@ module Zxcvbn::Entropy
   def extra_l33t_entropy(match)
     word = match.token
     return 0 unless match.l33t
+
     possibilities = 0
     match.sub.each do |subbed, unsubbed|
-      num_subbed = word.chars.count{|c| c == subbed}
-      num_unsubbed = word.chars.count{|c| c == unsubbed}
+      num_subbed = word.chars.count { |c| c == subbed }
+      num_unsubbed = word.chars.count { |c| c == unsubbed }
       (0..[num_subbed, num_unsubbed].min).each do |i|
         possibilities += nCk(num_subbed + num_unsubbed, i)
       end
@@ -131,7 +136,7 @@ module Zxcvbn::Entropy
     (2..token_length).each do |i|
       possible_turns = [turns, i - 1].min
       (1..possible_turns).each do |j|
-        possibilities += nCk(i - 1, j - 1) * starting_positions * average_degree ** j
+        possibilities += nCk(i - 1, j - 1) * starting_positions * average_degree**j
       end
     end
 

data/lib/zxcvbn/feedback.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Zxcvbn
   class Feedback
     attr_accessor :warning, :suggestions

data/lib/zxcvbn/feedback_giver.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'zxcvbn/entropy'
 require 'zxcvbn/feedback'
 

data/lib/zxcvbn/match.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'ostruct'
 
 module Zxcvbn

data/lib/zxcvbn/matchers/date.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'zxcvbn/matchers/regex_helpers'
 
 module Zxcvbn
@@ -71,9 +73,9 @@ module Zxcvbn
         dates = []
         date_patterns_for_length(token.length).map do |pattern|
           candidate = {
-            :year => '',
-            :month => '',
-            :day => ''
+            :year => +'',
+            :month => +'',
+            :day => +''
           }
           for i in 0...token.length
             candidate[PATTERN_CHAR_TO_SYM[pattern[i]]] << token[i]
@@ -92,11 +94,11 @@ module Zxcvbn
       end
 
       DATE_PATTERN_FOR_LENGTH = {
-        8 => %w[ yyyymmdd ddmmyyyy mmddyyyy ],
-        7 => %w[ yyyymdd yyyymmd ddmyyyy dmmyyyy ],
-        6 => %w[ yymmdd ddmmyy mmddyy ],
-        5 => %w[ yymdd yymmd ddmyy dmmyy mmdyy mddyy ],
-        4 => %w[ yymd dmyy mdyy ]
+        8 => %w[yyyymmdd ddmmyyyy mmddyyyy],
+        7 => %w[yyyymdd yyyymmd ddmyyyy dmmyyyy],
+        6 => %w[yymmdd ddmmyy mmddyy],
+        5 => %w[yymdd yymmd ddmyy dmmyy mmdyy mddyy],
+        4 => %w[yymd dmyy mdyy]
       }
 
       PATTERN_CHAR_TO_SYM = {
@@ -112,6 +114,7 @@ module Zxcvbn
       def valid_date?(day, month, year)
         return false if day > 31 || month > 12
         return false unless year >= 1900 && year <= 2019
+
         true
       end
 

data/lib/zxcvbn/matchers/dictionary.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'zxcvbn/match'
 
 module Zxcvbn
@@ -33,4 +35,4 @@ module Zxcvbn
       end
     end
   end
-end
+end

data/lib/zxcvbn/matchers/digits.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'zxcvbn/matchers/regex_helpers'
 
 module Zxcvbn

data/lib/zxcvbn/matchers/l33t.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Zxcvbn
   module Matchers
     class L33t
@@ -30,6 +32,7 @@ module Zxcvbn
             matcher.matches(subbed_password).each do |match|
               token = password[match.i..match.j]
               next if token.downcase == match.matched_word.downcase
+
               match_substitutions = {}
               substitution.each do |s, letter|
                 match_substitutions[s] = letter if token.include?(s)
@@ -79,6 +82,7 @@ module Zxcvbn
 
       def find_substitutions(subs, table, keys)
         return subs if keys.empty?
+
         first_key = keys[0]
         rest_keys = keys[1..-1]
         next_subs = []
@@ -114,7 +118,7 @@ module Zxcvbn
           assoc = sub.dup
 
           assoc.sort! rescue debugger
-          label = assoc.map{|k, v| "#{k},#{v}"}.join('-')
+          label = assoc.map { |k, v| "#{k},#{v}" }.join('-')
           unless members.include?(label)
             members << label
             deduped << sub
@@ -124,4 +128,4 @@ module Zxcvbn
       end
     end
   end
-end
+end

data/lib/zxcvbn/matchers/new_l33t.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Zxcvbn
   module Matchers
     class L33t
@@ -31,6 +33,7 @@ module Zxcvbn
             matcher.matches(subbed_password).each do |match|
               token = lowercased_password[match.i..match.j]
               next if token == match.matched_word.downcase
+
               # debugger if token == '1'
               match_substitutions = {}
               substitution.each do |letter, substitution|
@@ -82,7 +85,7 @@ module Zxcvbn
         expanded_substitutions.each do |substitution_hash|
           # convert a hash to an array of hashes with 1 key each
           subs_array = substitution_hash.map do |letter, substitutions|
-            {letter => substitutions}
+            { letter => substitutions }
           end
           combinations << subs_array
 
@@ -110,11 +113,11 @@ module Zxcvbn
       #      [{'a' => '4', 'i' => 1}, {'a' => '@', 'i' => '1'}]
       def expanded_substitutions(hash)
         return {} if hash.empty?
+
         values = hash.values
         product_values = values[0].product(*values[1..-1])
-        product_values.map{ |p| Hash[hash.keys.zip(p)] }
+        product_values.map { |p| Hash[hash.keys.zip(p)] }
       end
-
     end
   end
-end
+end

data/lib/zxcvbn/matchers/regex_helpers.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'zxcvbn/match'
 
 module Zxcvbn

data/lib/zxcvbn/matchers/repeat.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'zxcvbn/match'
 
 module Zxcvbn
@@ -17,7 +19,7 @@ module Zxcvbn
             result << Match.new(
               :pattern => 'repeat',
               :i => i,
-              :j => j-1,
+              :j => j - 1,
               :token => password[i...j],
               :repeated_char => cur_char
             )

data/lib/zxcvbn/matchers/sequences.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'zxcvbn/match'
 
 module Zxcvbn
@@ -14,7 +16,7 @@ module Zxcvbn
         j = 1
         while from + j < password.length &&
               password[from + j] == seq[index_from + direction * j]
-          j+= 1
+          j += 1
         end
         j
       end
@@ -24,7 +26,7 @@ module Zxcvbn
       def applicable_sequence(password, i)
         SEQUENCES.each do |name, sequence|
           index1 = sequence.index(password[i])
-          index2 = sequence.index(password[i+1])
+          index2 = sequence.index(password[i + 1])
           if index1 and index2
             seq_direction = index2 - index1
             if [-1, 1].include?(seq_direction)

data/lib/zxcvbn/matchers/spatial.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'zxcvbn/match'
 
 module Zxcvbn
@@ -24,7 +26,7 @@ module Zxcvbn
           turns = 0
           shifted_count = 0
           loop do
-            prev_char = password[j-1]
+            prev_char = password[j - 1]
             found = false
             found_direction = -1
             cur_direction = -1
@@ -61,7 +63,7 @@ module Zxcvbn
                 result << Match.new(
                   :pattern => 'spatial',
                   :i => i,
-                  :j => j-1,
+                  :j => j - 1,
                   :token => password[i...j],
                   :graph => graph_name,
                   :turns => turns,
@@ -78,4 +80,4 @@ module Zxcvbn
       end
     end
   end
-end
+end

data/lib/zxcvbn/matchers/year.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'zxcvbn/matchers/regex_helpers'
 
 module Zxcvbn
@@ -17,4 +19,4 @@ module Zxcvbn
       end
     end
   end
-end
+end

data/lib/zxcvbn/math.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Zxcvbn
   module Math
     def bruteforce_cardinality(password)
@@ -31,6 +33,7 @@ module Zxcvbn
     def nCk(n, k)
       return 0 if k > n
       return 1 if k == 0
+
       r = 1
       (1..k).each do |d|
         r = r * n

data/lib/zxcvbn/omnimatch.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'zxcvbn/dictionary_ranker'
 require 'zxcvbn/matchers/dictionary'
 require 'zxcvbn/matchers/l33t'
@@ -26,13 +28,13 @@ module Zxcvbn
 
     def user_input_matchers(user_inputs)
       return [] unless user_inputs.any?
+
       user_ranked_dictionary = DictionaryRanker.rank_dictionary(user_inputs)
       dictionary_matcher = Matchers::Dictionary.new('user_inputs', user_ranked_dictionary)
       l33t_matcher = Matchers::L33t.new([dictionary_matcher])
       [dictionary_matcher, l33t_matcher]
     end
 
-
     def build_matchers
       matchers = []
       dictionary_matchers = @data.ranked_dictionaries.map do |name, dictionary|

data/lib/zxcvbn/password_strength.rb

@@ -1,4 +1,6 @@
-require 'benchmark'
+# frozen_string_literal: true
+
+require 'zxcvbn/clock'
 require 'zxcvbn/feedback_giver'
 require 'zxcvbn/omnimatch'
 require 'zxcvbn/scorer'
@@ -13,7 +15,7 @@ module Zxcvbn
     def test(password, user_inputs = [])
       password = password || ''
       result = nil
-      calc_time = Benchmark.realtime do
+      calc_time = Clock.realtime do
         matches = @omnimatch.matches(password, user_inputs)
         result = @scorer.minimum_entropy_match_sequence(password, matches)
       end
@@ -22,4 +24,4 @@ module Zxcvbn
       result
     end
   end
-end
+end

data/lib/zxcvbn/score.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Zxcvbn
   class Score
     attr_accessor :entropy, :crack_time, :crack_time_display, :score, :pattern,
@@ -12,4 +14,4 @@ module Zxcvbn
       @password           = options[:password]
     end
   end
-end
+end

data/lib/zxcvbn/scorer.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'zxcvbn/entropy'
 require 'zxcvbn/crack_time'
 require 'zxcvbn/score'
@@ -16,11 +18,13 @@ module Zxcvbn
 
     def minimum_entropy_match_sequence(password, matches)
       bruteforce_cardinality = bruteforce_cardinality(password) # e.g. 26 for lowercase
-      up_to_k = []      # minimum entropy up to k.
-      backpointers = [] # for the optimal sequence of matches up to k, holds the final match (match.j == k). null means the sequence ends w/ a brute-force character.
+      up_to_k = [] # minimum entropy up to k.
+      # for the optimal sequence of matches up to k, holds the final match (match.j == k).
+      # null means the sequence ends w/ a brute-force character.
+      backpointers = []
       (0...password.length).each do |k|
         # starting scenario to try and beat: adding a brute-force character to the minimum entropy sequence at k-1.
-        previous_k_entropy = k > 0 ? up_to_k[k-1] : 0
+        previous_k_entropy = k > 0 ? up_to_k[k - 1] : 0
         up_to_k[k] = previous_k_entropy + lg(bruteforce_cardinality)
         backpointers[k] = nil
         matches.select do |match|
@@ -28,7 +32,7 @@ module Zxcvbn
         end.each do |match|
           i, j = match.i, match.j
           # see if best entropy up to i-1 + entropy of this match is less than the current minimum at j.
-          previous_i_entropy = i > 0 ? up_to_k[i-1] : 0
+          previous_i_entropy = i > 0 ? up_to_k[i - 1] : 0
           candidate_entropy = previous_i_entropy + calc_entropy(match)
           if up_to_k[j] && candidate_entropy < up_to_k[j]
             up_to_k[j] = candidate_entropy
@@ -55,7 +59,7 @@ module Zxcvbn
     end
 
     def score_for password, match_sequence, up_to_k
-      min_entropy = up_to_k[password.length - 1] || 0  # or 0 corner case is for an empty password ''
+      min_entropy = up_to_k[password.length - 1] || 0 # or 0 corner case is for an empty password ''
       crack_time = entropy_to_crack_time(min_entropy)
 
       # final result object
@@ -69,7 +73,6 @@ module Zxcvbn
       )
     end
 
-
     def pad_with_bruteforce_matches(match_sequence, password, bruteforce_cardinality)
       k = 0
       match_sequence_copy = []
@@ -85,6 +88,7 @@ module Zxcvbn
       end
       match_sequence_copy
     end
+
     # fill in the blanks between pattern matches with bruteforce "matches"
     # that way the match sequence fully covers the password:
     # match1.j == match2.i - 1 for every adjacent match1, match2.
@@ -94,7 +98,7 @@ module Zxcvbn
         :i => i,
         :j => j,
         :token => password[i..j],
-        :entropy => lg(bruteforce_cardinality ** (j - i + 1)),
+        :entropy => lg(bruteforce_cardinality**(j - i + 1)),
         :cardinality => bruteforce_cardinality
       )
     end

data/lib/zxcvbn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Zxcvbn
-  VERSION = '1.2.0'
+  VERSION = '1.2.2'
 end

data/lib/zxcvbn.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'pathname'
 require 'zxcvbn/version'
 require 'zxcvbn/tester'