fastlane-community / security Goto Github PK
View Code? Open in Web Editor NEWA Ruby library for interacting with the macOS Keychain
License: MIT License
A Ruby library for interacting with the macOS Keychain
License: MIT License
We ran into a problem on Mac OSX Sierra where the library returned incoherent results: a structure with empty password:
2.3.3 :001 > module Security
2.3.3 :002?> class InternetPassword < Password
2.3.3 :003?> class << self
2.3.3 :004?> def find(options)
2.3.3 :005?> output = `security 2>&1 find-internet-password -g #{flags_for_options(options)}`
2.3.3 :006?> puts "Status #{$?.exitstatus}"
2.3.3 :007?> puts "output #{output}"
2.3.3 :008?> password_from_output(output)
2.3.3 :009?> end
2.3.3 :010?> end
2.3.3 :011?> end
2.3.3 :012?> end
=> :find
2.3.3 :013 >
2.3.3 :014 > puts Security::InternetPassword.find(server: '[email protected]').inspect
Status 36
output
#<Security::InternetPassword:0x007f8c461d1dc8 @keychain=#<Security::Keychain:0x007f8c461d1d78 @filename=nil>, @attributes={}, @password=nil>
=> nil
2.3.3 :015 > `security error 36`
=> "Error: 0x00000024 36 CSSM_ERRCODE_OBJECT_ACL_REQUIRED\n"
The library should handle status codes to detect errors, not just output.
When retrieving a non-ASCII password, Security::Password::password_from_output
fails to decode the password
field.
The security
command outputs non-ASCII values in hexadecimal.
$ security find-internet-password -s example.com -g
keychain: "/Users/nicolas/Library/Keychains/login.keychain"
class: "inet"
attributes:
0x00000007 <blob>="example.com"
0x00000008 <blob>=<NULL>
"acct"<blob>="nicolas"
"atyp"<blob>="dflt"
"cdat"<timedate>=0x32303135303931373135333431355A00 "20150917153415Z\000"
"crtr"<uint32>=<NULL>
"cusi"<sint32>=<NULL>
"desc"<blob>=<NULL>
"icmt"<blob>=<NULL>
"invi"<sint32>=<NULL>
"mdat"<timedate>=0x32303135303931373135333431355A00 "20150917153415Z\000"
"nega"<sint32>=<NULL>
"path"<blob>=<NULL>
"port"<uint32>=0x00000000
"prot"<blob>=<NULL>
"ptcl"<uint32>="htps"
"scrp"<sint32>=<NULL>
"sdmn"<blob>=<NULL>
"srvr"<blob>="example.com"
"type"<uint32>=<NULL>
password: 0x5B455850555247C3895D "[EXPURG\303\211]"
But the hexadecimal value prevents the regex from matching and my password isn't decoded.
To add / delete password to the non default keychain the commands security add-*-password
and security delete-*-password
take as optional argument the keychain or uses the default keychain.
There's no way to specify a non default keychain in the current API: https://github.com/mattt/security/blob/master/lib/security/password.rb#L84
Workaround: modify the default keychain temporarily from the CL
As seen in fastlane/fastlane#21668, we are observing error messages being printed out in the CI console
One way to reproduce this
require 'security'
name="match_https://github.com/fastlane/fastlane/tree/master/certificates"
Security::InternetPassword.delete(server: name)
Potential output:
3.2.2 :005 > Security::InternetPassword.delete(server: name)
keychain: "/Users/lacostej/Library/Keychains/login.keychain-db"
version: 512
class: "inet"
attributes:
0x00000007 <blob>="match_https://github.com/fastlane/fastlane/tree/master/certificates"
0x00000008 <blob>=<NULL>
"acct"<blob>=<NULL>
"atyp"<blob>="dflt"
"cdat"<timedate>=0x32303233313132393130303532385A00 "20231129100528Z\000"
"crtr"<uint32>=<NULL>
"cusi"<sint32>=<NULL>
"desc"<blob>=<NULL>
"icmt"<blob>=<NULL>
"invi"<sint32>=<NULL>
"mdat"<timedate>=0x32303233313132393130303532385A00 "20231129100528Z\000"
"nega"<sint32>=<NULL>
"path"<blob>=<NULL>
"port"<uint32>=0x00000000
"prot"<blob>=<NULL>
"ptcl"<uint32>=0x00000000
"scrp"<sint32>=<NULL>
"sdmn"<blob>=<NULL>
"srvr"<blob>="match_https://github.com/fastlane/fastlane/tree/master/certificates"
"type"<uint32>=<NULL>
password has been deleted.
=> true
3.2.2 :006 > Security::InternetPassword.delete(server: name)
security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain.
=> false
Maybe other methods do generate stderr as well.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.