Skip to content
This repository has been archived by the owner on Sep 17, 2024. It is now read-only.

Commit

Permalink
Sync with latest upstream changes (technion/ruby-argon2 v2.2.0)
Browse files Browse the repository at this point in the history
  • Loading branch information
joshbuker committed Feb 28, 2023
2 parents 4d2990e + 8d2c132 commit 183f5cd
Show file tree
Hide file tree
Showing 9 changed files with 198 additions and 10 deletions.
74 changes: 74 additions & 0 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"

on:
push:
branches: [ "master" ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ "master" ]
schedule:
- cron: '34 3 * * 3'

jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write

strategy:
fail-fast: false
matrix:
language: [ 'ruby' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support

steps:
- name: Checkout repository
uses: actions/checkout@v3

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.

# Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality


# Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v2

# ℹ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun

# If the Autobuild fails above, remove it and uncomment the following three lines.
# modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.

# - run: |
# echo "Run, Build Application using script"
# ./location_of_script_within_repo/buildscript.sh

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
with:
category: "/language:${{matrix.language}}"
14 changes: 13 additions & 1 deletion .github/workflows/ruby.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ jobs:
- 2.6
- 2.7
- 3.0
- 3.1
- 3.2
- head

runs-on: ${{ matrix.os }}-latest
Expand All @@ -37,6 +39,12 @@ jobs:
run: bin/test
- name: Run tests
run: bundle exec rake test
- name: Coveralls Parallel
uses: coverallsapp/github-action@master
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
flag-name: run-${{ matrix.ruby-version }}
parallel: true

rubocop:

Expand All @@ -52,13 +60,17 @@ jobs:
- name: Run rubocop
run: bundle exec rake rubocop

# TODO: Add code coverage testing (coveralls)
# TODO: Add documentation/maintainability testing?
# TODO: Add dependency testing? (bundle audit)

finish:
runs-on: ubuntu-latest
needs: [ test_matrix, rubocop ]
steps:
- name: Coveralls Finished
uses: coverallsapp/github-action@master
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
parallel-finished: true
- name: Wait for status checks
run: echo "All Green!"
82 changes: 80 additions & 2 deletions .rubocop.yml
Original file line number Diff line number Diff line change
Expand Up @@ -214,8 +214,6 @@ Style/RedundantArgument: # (new in 1.4)
Enabled: true
Style/SwapValues: # (new in 1.1)
Enabled: true
Gemspec/DateAssignment: # (new in 1.10)
Enabled: true
Lint/DeprecatedConstants: # (new in 1.8)
Enabled: true
Lint/LambdaWithoutLiteralBlock: # (new in 1.8)
Expand All @@ -238,3 +236,83 @@ Style/IfWithBooleanLiteralBranches: # (new in 1.9)
Enabled: true
Style/StringChars: # (new in 1.12)
Enabled: true
Gemspec/DeprecatedAttributeAssignment: # new in 1.30
Enabled: true
Gemspec/RequireMFA: # new in 1.23
Enabled: true
Layout/LineContinuationLeadingSpace: # new in 1.31
Enabled: true
Layout/LineContinuationSpacing: # new in 1.31
Enabled: true
Layout/LineEndStringConcatenationIndentation: # new in 1.18
Enabled: true
Lint/AmbiguousOperatorPrecedence: # new in 1.21
Enabled: true
Lint/AmbiguousRange: # new in 1.19
Enabled: true
Lint/ConstantOverwrittenInRescue: # new in 1.31
Enabled: true
Lint/DuplicateMagicComment: # new in 1.37
Enabled: true
Lint/EmptyInPattern: # new in 1.16
Enabled: true
Lint/IncompatibleIoSelectWithFiberScheduler: # new in 1.21
Enabled: true
Lint/NonAtomicFileOperation: # new in 1.31
Enabled: true
Lint/RefinementImportMethods: # new in 1.27
Enabled: true
Lint/RequireRangeParentheses: # new in 1.32
Enabled: true
Lint/RequireRelativeSelfPath: # new in 1.22
Enabled: true
Lint/UselessRuby2Keywords: # new in 1.23
Enabled: true
Naming/BlockForwarding: # new in 1.24
Enabled: true
Security/CompoundHash: # new in 1.28
Enabled: true
Security/IoMethods: # new in 1.22
Enabled: true
Style/EmptyHeredoc: # new in 1.32
Enabled: true
Style/EnvHome: # new in 1.29
Enabled: true
Style/FetchEnvVar: # new in 1.28
Enabled: true
Style/FileRead: # new in 1.24
Enabled: true
Style/FileWrite: # new in 1.24
Enabled: true
Style/InPatternThen: # new in 1.16
Enabled: true
Style/MagicCommentFormat: # new in 1.35
Enabled: true
Style/MapCompactWithConditionalBlock: # new in 1.30
Enabled: true
Style/MapToHash: # new in 1.24
Enabled: true
Style/MultilineInPatternThen: # new in 1.16
Enabled: true
Style/NestedFileDirname: # new in 1.26
Enabled: true
Style/NumberedParameters: # new in 1.22
Enabled: true
Style/NumberedParametersLimit: # new in 1.22
Enabled: true
Style/ObjectThen: # new in 1.28
Enabled: true
Style/OpenStructUse: # new in 1.23
Enabled: true
Style/OperatorMethodCall: # new in 1.37
Enabled: true
Style/QuotedSymbols: # new in 1.16
Enabled: true
Style/RedundantInitialize: # new in 1.27
Enabled: true
Style/RedundantSelfAssignmentBranch: # new in 1.19
Enabled: true
Style/RedundantStringEscape: # new in 1.37
Enabled: true
Style/SelectByRegexp: # new in 1.22
Enabled: true
9 changes: 5 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ improvements. Want to know more about why `argon2` was forked?
Wish to upgrade an existing application to use the improved API?
[Migration guide](#migrating-from-argon2-to-sorcery-argon2)

This fork is kept up-to-date with `argon2`, latest sync: `argon2 - v2.1.0`
This fork is kept up-to-date with `argon2`, latest sync: `argon2 - v2.2.0`

## Table of Contents

Expand Down Expand Up @@ -108,7 +108,7 @@ ruby wrapper (`argon2` - [technion/ruby-argon2](https://github.com/technion/ruby
had some questionable design decisions, and attempted to address them through a
pull request. The sole maintainer of the gem rejected these changes summarily,
without pointing out any specific concerns other than not understanding why the
changes were necessary. This lead to me ([@athix](https://github.com/athix))
changes were necessary. This lead to me ([@joshbuker](https://github.com/joshbuker))
being directed to create a fork instead:
[technion/ruby-argon2#44](https://github.com/technion/ruby-argon2/pull/44#issuecomment-816271661)

Expand All @@ -123,7 +123,7 @@ through the sheer number of intelligent community members looking at the code.
That being said, the original library `argon2` also falls under the same
category. Ultimately, it was also written by a single person and is not
thoroughly vetted by the community at the time of writing. A community member
([@athix](https://github.com/athix), in this case) finding flaws in the
([@joshbuker](https://github.com/joshbuker), in this case) finding flaws in the
implementation, and the fixes being rejected from upstream, is how this fork
came into being.

Expand All @@ -145,6 +145,7 @@ following:
instance = Argon2::Password.new(t_cost: 4, m_cost: 16)
# Use this instance to generate the hash by calling create:
instance.create(password)
=> "$argon2i$v=19$m=65536,t=2,p=1$jL7lLEAjDN+pY2cG1N8D2g$iwj1ueduCvm6B9YVjBSnAHu+6mKzqGmDW745ALR38Uo"
```

Not only is this abstraction step unnecessary, it opens up a new way for
Expand Down Expand Up @@ -296,7 +297,7 @@ Feel free to ask questions using these contact details:

**Current Maintainers:**

* Josh Buker ([@athix](https://github.com/athix)) | [Email](mailto:[email protected]?subject=Sorcery)
* Josh Buker ([@joshbuker](https://github.com/joshbuker)) | [Email](mailto:[email protected]?subject=Sorcery)

## License

Expand Down
1 change: 1 addition & 0 deletions bin/setup
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,6 @@ git submodule update --init --recursive
# Build the Argon2 C Library. Git submodules must be initialized first!
bundle install
cd ext/argon2_wrap/
ruby extconf.rb
make
cd ../..
1 change: 1 addition & 0 deletions ext/argon2_wrap/Makefile → ext/argon2_wrap/Makefile.real
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ LIB_SH := lib$(LIB_NAME).$(LIB_EXT)
all: libs
libs: $(SRC)
$(CC) $(CFLAGS) $(LIB_CFLAGS) $^ -o libargon2_wrap.$(LIB_EXT)
cp libargon2_wrap.$(LIB_EXT) ../../lib

#Deliberately avoiding the CFLAGS for our test cases - disable optimise and
#C89
Expand Down
5 changes: 4 additions & 1 deletion ext/argon2_wrap/extconf.rb
Original file line number Diff line number Diff line change
@@ -1,2 +1,5 @@
# frozen_string_literal: true
#I must admit I have no understanding of why this empty file works.

require 'mkmf'

File.rename('Makefile.real', 'Makefile')
5 changes: 3 additions & 2 deletions sorcery-argon2.gemspec
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,8 @@ Gem::Specification.new do |s|
'bug_tracker_uri' => "#{repo_url}/issues",
'changelog_uri' => "#{repo_url}/releases/tag/v#{version}",
'documentation_uri' => 'https://rubydoc.info/gems/sorcery-argon2',
'source_code_uri' => "#{repo_url}/tree/v#{version}"
'source_code_uri' => "#{repo_url}/tree/v#{version}",
'rubygems_mfa_required' => 'true'
}

s.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
Expand All @@ -35,7 +36,7 @@ Gem::Specification.new do |s|
s.executables = s.files.grep(%r{^exe/}) { |f| File.basename(f) }
s.require_paths = ['lib']

s.add_dependency 'ffi', '~> 1.14'
s.add_dependency 'ffi', '~> 1.15'
s.add_dependency 'ffi-compiler', '~> 1.0'

# Gems required for testing the wrapper locally.
Expand Down
17 changes: 17 additions & 0 deletions test/salt_reuse_test.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# frozen_string_literal: true

require 'test_helper'

class Argon2SaltReuseTest < Minitest::Test
def test_salt_reuse
assert pass1 = Argon2::Password.create('any password here 1')
assert pass2 = Argon2::Password.create('any password here 2')

refute_equal pass1, pass2

assert salt1 = pass1.salt
assert salt2 = pass2.salt

refute_equal salt1, salt2
end
end

0 comments on commit 183f5cd

Please sign in to comment.