fastlane-community / security Goto Github PK
View Code? Open in Web Editor NEWA Ruby library for interacting with the macOS Keychain
License: MIT License
security's People
Contributors
Stargazers
Watchers
Forkers
ksuther hellohelloye msylvia joshdholtz niezbop xjbevasion gogoto2 baarde designium lacostej rpendletonsecurity's Issues
library hides relevant failure information
We ran into a problem on Mac OSX Sierra where the library returned incoherent results: a structure with empty password:
2.3.3 :001 > module Security
2.3.3 :002?> class InternetPassword < Password
2.3.3 :003?> class << self
2.3.3 :004?> def find(options)
2.3.3 :005?> output = `security 2>&1 find-internet-password -g #{flags_for_options(options)}`
2.3.3 :006?> puts "Status #{$?.exitstatus}"
2.3.3 :007?> puts "output #{output}"
2.3.3 :008?> password_from_output(output)
2.3.3 :009?> end
2.3.3 :010?> end
2.3.3 :011?> end
2.3.3 :012?> end
=> :find
2.3.3 :013 >
2.3.3 :014 > puts Security::InternetPassword.find(server: '[email protected]').inspect
Status 36
output
#<Security::InternetPassword:0x007f8c461d1dc8 @keychain=#<Security::Keychain:0x007f8c461d1d78 @filename=nil>, @attributes={}, @password=nil>
=> nil
2.3.3 :015 > `security error 36`
=> "Error: 0x00000024 36 CSSM_ERRCODE_OBJECT_ACL_REQUIRED\n"
The library should handle status codes to detect errors, not just output.
Parsing issue with non-ASCII passwords
When retrieving a non-ASCII password, Security::Password::password_from_output fails to decode the password field.
The security command outputs non-ASCII values in hexadecimal.
$ security find-internet-password -s example.com -g
keychain: "/Users/nicolas/Library/Keychains/login.keychain"
class: "inet"
attributes:
0x00000007 <blob>="example.com"
0x00000008 <blob>=<NULL>
"acct"<blob>="nicolas"
"atyp"<blob>="dflt"
"cdat"<timedate>=0x32303135303931373135333431355A00 "20150917153415Z\000"
"crtr"<uint32>=<NULL>
"cusi"<sint32>=<NULL>
"desc"<blob>=<NULL>
"icmt"<blob>=<NULL>
"invi"<sint32>=<NULL>
"mdat"<timedate>=0x32303135303931373135333431355A00 "20150917153415Z\000"
"nega"<sint32>=<NULL>
"path"<blob>=<NULL>
"port"<uint32>=0x00000000
"prot"<blob>=<NULL>
"ptcl"<uint32>="htps"
"scrp"<sint32>=<NULL>
"sdmn"<blob>=<NULL>
"srvr"<blob>="example.com"
"type"<uint32>=<NULL>
password: 0x5B455850555247C3895D "[EXPURG\303\211]"
But the hexadecimal value prevents the regex from matching and my password isn't decoded.
Not able to add/remove passwords from non default keychain
To add / delete password to the non default keychain the commands security add-*-password and security delete-*-password take as optional argument the keychain or uses the default keychain.
There's no way to specify a non default keychain in the current API: https://github.com/mattt/security/blob/master/lib/security/password.rb#L84
Workaround: modify the default keychain temporarily from the CL
library generates stderr
As seen in fastlane/fastlane#21668, we are observing error messages being printed out in the CI console
One way to reproduce this
require 'security'
name="match_https://github.com/fastlane/fastlane/tree/master/certificates"
Security::InternetPassword.delete(server: name)
Potential output:
3.2.2 :005 > Security::InternetPassword.delete(server: name)
keychain: "/Users/lacostej/Library/Keychains/login.keychain-db"
version: 512
class: "inet"
attributes:
0x00000007 <blob>="match_https://github.com/fastlane/fastlane/tree/master/certificates"
0x00000008 <blob>=<NULL>
"acct"<blob>=<NULL>
"atyp"<blob>="dflt"
"cdat"<timedate>=0x32303233313132393130303532385A00 "20231129100528Z\000"
"crtr"<uint32>=<NULL>
"cusi"<sint32>=<NULL>
"desc"<blob>=<NULL>
"icmt"<blob>=<NULL>
"invi"<sint32>=<NULL>
"mdat"<timedate>=0x32303233313132393130303532385A00 "20231129100528Z\000"
"nega"<sint32>=<NULL>
"path"<blob>=<NULL>
"port"<uint32>=0x00000000
"prot"<blob>=<NULL>
"ptcl"<uint32>=0x00000000
"scrp"<sint32>=<NULL>
"sdmn"<blob>=<NULL>
"srvr"<blob>="match_https://github.com/fastlane/fastlane/tree/master/certificates"
"type"<uint32>=<NULL>
password has been deleted.
=> true
3.2.2 :006 > Security::InternetPassword.delete(server: name)
security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain.
=> false
Maybe other methods do generate stderr as well.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.