claudijd / c7decrypt Goto Github PK
View Code? Open in Web Editor NEWCisco Password Encryptor/Decryptor
License: Other
Cisco Password Encryptor/Decryptor
License: Other
Current Namespaces:
C7Decrypt::Type7::InvalidFirstCharacter
C7Decrypt::Type7::InvalidCharacter
C7Decrypt::Type7::OddNumberOfCharacters
C7Decrypt::Type7::InvalidEncryptionSeed
Proposed Namespaces:
C7Decrypt::Type7::Exceptions::InvalidFirstCharacter
C7Decrypt::Type7::Exceptions::InvalidCharacter
C7Decrypt::Type7::Exceptions::OddNumberOfCharacters
C7Decrypt::Type7::Exceptions::InvalidEncryptionSeed
In order to do this, I believe it's also a good convention to blow the types into their own folders and then have the proper type#.rb and associated exceptions.rb for each.
c7decrypt-0.2.0:
total used in directory 0 available 86825190
drwxrwxr-x+ 3 ryan staff 102 May 25 19:29 .
drwxrwxr-x+ 37 ryan staff 1394 May 25 19:29 ..
drwxrwxr-x+ 2 ryan staff 102 May 25 19:29 lib
c7decrypt-0.2.0/lib:
total used in directory 8 available 86825190
drwxrwxr-x+ 2 ryan staff 102 May 25 19:29 .
drwxrwxr-x+ 3 ryan staff 102 May 25 19:29 ..
-rw-r--r--+ 1 ryan staff 58 May 25 19:29 c7decrypt.rb
???
Using the rake-based release process for releasing a new rubygem, it should automatically tag the release so I'm properly populating tag information on every gem release.
C7Decrypt is now being used in a service (ThreatAgent) and probably getting some decent usage via user input. As such, I'd like to be a bit smarter about what happens if we're provided invalid or malformed hashes from an end-user.
Here are some conditions that I'm thinking about handling better:
1.) User presents a hash to the decrypt function which contains a non-numeric first character
2.) User presents a hash to the decrypt function which contains lower-case alpha chars
3.) User presents a hash to the decrypt function which contains something other than alpha-numeric characters.
I think that these three cases would throw the following Ruby exceptions respectively:
1.) InvalidFirstCharacter
2.) InvalidLowerCaseLetter
3.) InvalidCharacter
Note: The implementer of the decrypt function would then need to be informed of these custom exceptions (likely via Yard documentation) and would need to implement exception handling if the string being supplied is "unknown" or "user controlled"
Some other thoughts would be to talk to Marcus and get feedback on whether this is something (1) that is reasonable for his current use case and (2) whether it would reasonable to get telemetry data on these exceptions and any other standard exceptions that are thrown by the library to help bolster it's exception handling.
Upstream Issue Reference:
Related Work Around Commits to get Travis builds to pass:
I heard about this interesting gem called fuzzbert, which does random fuzzing against ruby-based apps. I think it would be cool if C7Decrypt implemented two rake tasks to make it easier to fuzz the app and find bugs in the library.
1.) Implement a rake task for light fuzzing routine that can regularly test the library during it's regular CI runs. Maybe this could be limited, but random so we'll periodically cover more testing space on each run.
2.) Implement a rake task for increasing levels of thoroughness (perhaps parameterized for time or test coverage) to afford myself and other users of the library to discover bugs in the library.
Also, looking for additional ideas here if anyone reading this is interested in this idea too.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.