zxcvbn 0.1.8 → 0.1.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -4
- data/README.md +14 -5
- data/lib/zxcvbn/matching.rb +13 -2
- data/lib/zxcvbn/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6a374558176fa132c830032ab3cf333483389b98ce54ef92bfd026400362a224
|
|
4
|
+
data.tar.gz: eb751fc63e94b4573144f66ef9cc343695104cd4461fd170931b5b5fa06e0ad2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e50119ccf438121beee719afe200c7a2085c0a266f5c5595fb95bebc01a10fca980dec4df8a30374dc5f7cf7bb5c57708a7f71565877ee8885d6740e54e71d66
|
|
7
|
+
data.tar.gz: 1323dff6d9433298bc44c4a2632de42af7137629d02113e60f2a64f6d184967a27a13e161ff3d2404b6a58177d880465bd865cc4d95158bd33c07849ed0361f4
|
data/CHANGELOG.md
CHANGED
|
@@ -1,11 +1,14 @@
|
|
|
1
|
+
## [0.1.9] - 2023-01-27
|
|
2
|
+
- [#6] [#7] Security/Performance fix to vulnerability to DoS attacks.
|
|
3
|
+
|
|
1
4
|
## [0.1.8] - 2023-01-22
|
|
2
5
|
- How to find information on translations on README.
|
|
3
6
|
- Drop automatic tests on ruby 2.5 (It still works on it but development gems are failing to build).
|
|
4
7
|
- Update dev gems to prepare to test on Ruby 3.1 and 3.2. (mini_racer, rubocop and bundler)
|
|
5
|
-
- Fix Style/RedundantStringEscape on frequency_lists.rb
|
|
6
|
-
- Add automated tests for Ruby 3.1 and 3.2
|
|
7
|
-
- Add MFA requirement on release
|
|
8
|
-
- Trim non-production files from final gem
|
|
8
|
+
- Fix Style/RedundantStringEscape on frequency_lists.rb.
|
|
9
|
+
- Add automated tests for Ruby 3.1 and 3.2.
|
|
10
|
+
- Add MFA requirement on release.
|
|
11
|
+
- Trim non-production files from final gem.
|
|
9
12
|
|
|
10
13
|
## [0.1.7] - 2021-06-12
|
|
11
14
|
- Ported original specs
|
data/README.md
CHANGED
|
@@ -5,7 +5,20 @@
|
|
|
5
5
|
|
|
6
6
|
Ruby port of Dropbox's [zxcvbn.js](https://github.com/dropbox/zxcvbn) JavaScript library running completely in Ruby (no need to load execjs or libv8).
|
|
7
7
|
|
|
8
|
-
|
|
8
|
+
### Goals:
|
|
9
|
+
- Exact same results as [dropbox/zxcvbn.js (Version 4.4.2)](https://github.com/dropbox/zxcvbn). If **result compatibility** is found or made different a major version will be bumped so no one is caught off guard.
|
|
10
|
+
- Parity of features to [dropbox/zxcvbn.js (Version 4.4.2)](https://github.com/dropbox/zxcvbn) interface.
|
|
11
|
+
- 100% native Ruby solution: **No Javascript Runtime**.
|
|
12
|
+
|
|
13
|
+
### Compatible with [zxcvbn-js](https://github.com/bitzesty/zxcvbn-js) and [zxcvbn-ruby](https://github.com/envato/zxcvbn-ruby)
|
|
14
|
+
|
|
15
|
+
This gem include compatibility interfaces so it can be used as a drop-in substitution both of the most popular alternatives `zxcvbn-js` and `zxcvbn-ruby`). Besides `Zxcvbn.zxcvbn` you can just call `Zxcvbn.test` or use `Zxcvbn::Tester.new` the same way as you would if you were using any of them.
|
|
16
|
+
|
|
17
|
+
| | `zxcvbn-rb` | `zxcvbn-js` | `zxcvbn-ruby` |
|
|
18
|
+
|------------------------------------|------------------------|------------------------|------------------------|
|
|
19
|
+
| Results match `zxcvbn.js (V4.4.2)` | :white_check_mark: yes | :white_check_mark: yes | :x: no |
|
|
20
|
+
| Run without Javascript Runtime | :white_check_mark: yes | :x: no | :white_check_mark: yes |
|
|
21
|
+
| Interface compatibility with others| :white_check_mark: yes | :x: no | :x: no |
|
|
9
22
|
|
|
10
23
|
## Installation
|
|
11
24
|
|
|
@@ -71,10 +84,6 @@ Zxcvbn.zxcvbn("password")
|
|
|
71
84
|
}
|
|
72
85
|
```
|
|
73
86
|
|
|
74
|
-
### Compatible with `zxcvbn-js` and `zxcvbn-ruby`
|
|
75
|
-
|
|
76
|
-
This gem include a compatible interface so it can be used as a drop-in substitution for `zxcvbn-js` or `zxcvbn-ruby`. You can just call `Zxcvbn.test` or use `Zxcvbn::Tester.new` the same way as you would if you were using `zxcvbn-js` or `zxcvbn-ruby`.
|
|
77
|
-
|
|
78
87
|
### Note about translations (i18n, gettext, etc...)
|
|
79
88
|
Check the [wiki](https://github.com/formigarafa/zxcvbn-rb/wiki) for more details on how to handle translations.
|
|
80
89
|
|
data/lib/zxcvbn/matching.rb
CHANGED
|
@@ -15,6 +15,10 @@ module Zxcvbn
|
|
|
15
15
|
build_ranked_dict(lst)
|
|
16
16
|
end
|
|
17
17
|
|
|
18
|
+
RANKED_DICTIONARIES_MAX_WORD_SIZE = RANKED_DICTIONARIES.transform_values do |word_scores|
|
|
19
|
+
word_scores.keys.max_by(&:size).size
|
|
20
|
+
end
|
|
21
|
+
|
|
18
22
|
GRAPHS = {
|
|
19
23
|
"qwerty" => ADJACENCY_GRAPHS["qwerty"],
|
|
20
24
|
"dvorak" => ADJACENCY_GRAPHS["dvorak"],
|
|
@@ -151,8 +155,13 @@ module Zxcvbn
|
|
|
151
155
|
len = password.length
|
|
152
156
|
password_lower = password.downcase
|
|
153
157
|
_ranked_dictionaries.each do |dictionary_name, ranked_dict|
|
|
158
|
+
longest_dict_word_size = RANKED_DICTIONARIES_MAX_WORD_SIZE.fetch(dictionary_name) do
|
|
159
|
+
ranked_dict.keys.max_by(&:size)&.size || 0
|
|
160
|
+
end
|
|
161
|
+
search_width = [longest_dict_word_size, len].min
|
|
154
162
|
(0...len).each do |i|
|
|
155
|
-
|
|
163
|
+
search_end = [i + search_width, len].min
|
|
164
|
+
(i...search_end).each do |j|
|
|
156
165
|
if ranked_dict.key?(password_lower[i..j])
|
|
157
166
|
word = password_lower[i..j]
|
|
158
167
|
rank = ranked_dict[word]
|
|
@@ -187,7 +196,9 @@ module Zxcvbn
|
|
|
187
196
|
end
|
|
188
197
|
|
|
189
198
|
def self.user_input_dictionary=(ordered_list)
|
|
190
|
-
|
|
199
|
+
ranked_dict = build_ranked_dict(ordered_list.dup)
|
|
200
|
+
RANKED_DICTIONARIES["user_inputs"] = ranked_dict
|
|
201
|
+
RANKED_DICTIONARIES_MAX_WORD_SIZE["user_inputs"] = ranked_dict.keys.max_by(&:size)&.size || 0
|
|
191
202
|
end
|
|
192
203
|
|
|
193
204
|
#-------------------------------------------------------------------------------
|
data/lib/zxcvbn/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: zxcvbn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.9
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Rafael Santos
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-01-
|
|
11
|
+
date: 2023-01-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: 100% native Ruby 100% compatible port of Dropbox's zxcvbn.js
|
|
14
14
|
email:
|