IJHack / QtPass / 23720673324

coverage: 18.447% (-0.06%) from 18.506%
23720673324

Pull #847

github

web-flow 
Merge 252a5f095 into c646f8d59
Pull Request #847: refactor: add intRoundTrip and stringRoundTrip data-driven tests

931 of 5047 relevant lines covered (18.45%)

7.68 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

33.88
/src/pass.cpp
1 
// SPDX-FileCopyrightText: 2016 Anne Jan Brouwer
2 
// SPDX-License-Identifier: GPL-3.0-or-later
3 
#include "pass.h"
4 
#include "helpers.h"
5 
#include "qtpasssettings.h"
6 
#include "util.h"
7 
#include <QDir>
8 
#include <QRandomGenerator>
9 
#include <QRegularExpression>
10 
#include <utility>
11 









12



#ifdef QT_DEBUG










13



#include "debughelper.h"










14



#endif










15












16



using Enums::GIT_INIT;










17



using Enums::GIT_PULL;










18



using Enums::GIT_PUSH;










19



using Enums::GPG_GENKEYS;










20



using Enums::PASS_COPY;










21



using Enums::PASS_INIT;










22



using Enums::PASS_INSERT;










23



using Enums::PASS_MOVE;










24



using Enums::PASS_OTP_GENERATE;










25



using Enums::PASS_REMOVE;










26



using Enums::PASS_SHOW;










27












28



/**










29



 * @brief Pass::Pass wrapper for using either pass or the pass imitation










30



 */










31



Pass::Pass() : wrapperRunning(false), env(QProcess::systemEnvironment()) {




10





32



  connect(&exec,




10





33



          static_cast<void (Executor::*)(int, int, const QString &,










34



                                         const QString &)>(&Executor::finished),










35



          this, &Pass::finished);




10





36












37



  // TODO(bezet): stop using process










38



  // connect(&process, SIGNAL(error(QProcess::ProcessError)), this,










39



  //        SIGNAL(error(QProcess::ProcessError)));










40












41



  connect(&exec, &Executor::starting, this, &Pass::startingExecuteWrapper);




10





42



  env.append("WSLENV=PASSWORD_STORE_DIR/p");




10





43



}




10





44












45



void Pass::executeWrapper(PROCESS id, const QString &app,




×







46



                          const QStringList &args, bool readStdout,










47



                          bool readStderr) {










48



  executeWrapper(id, app, args, QString(), readStdout, readStderr);




×







49



}




×







50












51



void Pass::executeWrapper(PROCESS id, const QString &app,




×







52



                          const QStringList &args, QString input,










53



                          bool readStdout, bool readStderr) {










54



#ifdef QT_DEBUG










55



  dbg() << app << args;










56



#endif










57



  exec.execute(id, QtPassSettings::getPassStore(), app, args, std::move(input),




×







58



               readStdout, readStderr);










59



}




×







60












61



void Pass::init() {




1





62



#ifdef __APPLE__










63



  // If it exists, add the gpgtools to PATH










64



  if (QFile("/usr/local/MacGPG2/bin").exists())










65



    env.replaceInStrings("PATH=", "PATH=/usr/local/MacGPG2/bin:");










66



  // Add missing /usr/local/bin










67



  if (env.filter("/usr/local/bin").isEmpty())










68



    env.replaceInStrings("PATH=", "PATH=/usr/local/bin:");










69



#endif










70












71



  if (!QtPassSettings::getGpgHome().isEmpty()) {




2





72



    QDir absHome(QtPassSettings::getGpgHome());




×







73



    absHome.makeAbsolute();




×







74



    env << "GNUPGHOME=" + absHome.path();




×







75



  }




×







76



}




1





77












78



/**










79



 * @brief Pass::Generate use either pwgen or internal password










80



 * generator










81



 * @param length of the desired password










82



 * @param charset to use for generation










83



 * @return the password










84



 */










85



auto Pass::Generate_b(unsigned int length, const QString &charset) -> QString {




1,004





86



  QString passwd;




1,004





87



  if (QtPassSettings::isUsePwgen()) {




1,004





88



    // --secure goes first as it overrides --no-* otherwise










89



    QStringList args;




×







90



    args.append("-1");




×







91



    if (!QtPassSettings::isLessRandom()) {




×







92



      args.append("--secure");




×







93



    }










94



    args.append(QtPassSettings::isAvoidCapitals() ? "--no-capitalize"




×







95



                                                  : "--capitalize");










96



    args.append(QtPassSettings::isAvoidNumbers() ? "--no-numerals"




×







97



                                                 : "--numerals");










98



    if (QtPassSettings::isUseSymbols()) {




×







99



      args.append("--symbols");




×







100



    }










101



    args.append(QString::number(length));




×







102



    // TODO(bezet): try-catch here(2 statuses to merge o_O)










103



    if (Executor::executeBlocking(QtPassSettings::getPwgenExecutable(), args,




×







104



                                  &passwd) == 0) {










105



      static const QRegularExpression literalNewLines{"[\\n\\r]"};




×







106



      passwd.remove(literalNewLines);




×







107



    } else {










108



      passwd.clear();




×







109



#ifdef QT_DEBUG










110



      qDebug() << __FILE__ << ":" << __LINE__ << "\t"










111



               << "pwgen fail";










112



#endif










113



      // TODO(bezet): emit critical ?










114



    }










115



  } else {










116



    // Validate charset - if CUSTOM is selected but chars are empty,










117



    // fall back to ALLCHARS to prevent weak passwords (issue #780)










118



    QString effectiveCharset = charset;










119



    if (effectiveCharset.isEmpty()) {




1,004





120



      effectiveCharset = QtPassSettings::getPasswordConfiguration()




2





121



                             .Characters[PasswordConfiguration::ALLCHARS];










122



    }










123



    if (effectiveCharset.length() > 0) {




1,004





124



      passwd = generateRandomPassword(effectiveCharset, length);




2,008





125



    } else {










126



      emit critical(




×







127



          tr("No characters chosen"),




×







128



          tr("Can't generate password, there are no characters to choose from "




×







129



             "set in the configuration!"));










130



    }










131



  }










132



  return passwd;




1,004





133



}










134












135



/**










136



 * @brief Pass::gpgSupportsEd25519 check if GPG supports ed25519 (ECC)










137



 * GPG 2.1+ supports ed25519 which is much faster for key generation










138



 * @return true if ed25519 is supported










139



 */










140



bool Pass::gpgSupportsEd25519() {




3





141



  QString out, err;




3





142



  if (Executor::executeBlocking(QtPassSettings::getGpgExecutable(),




12





143



                                {"--version"}, &out, &err) != 0) {










144



    return false;










145



  }










146



  QRegularExpression versionRegex(R"(gpg \(GnuPG\) (\d+)\.(\d+))");




×







147



  QRegularExpressionMatch match = versionRegex.match(out);




×







148



  if (!match.hasMatch()) {




×







149



    return false;










150



  }










151



  int major = match.captured(1).toInt();




×







152



  int minor = match.captured(2).toInt();




×







153



  return major > 2 || (major == 2 && minor >= 1);




×







154



}




3





155












156



/**










157



 * @brief Pass::getDefaultKeyTemplate return default key generation template










158



 * Uses ed25519 if supported, otherwise falls back to RSA










159



 * @return GPG batch template string










160



 */










161



QString Pass::getDefaultKeyTemplate() {




1





162



  if (gpgSupportsEd25519()) {




1





163



    return QStringLiteral("%echo Generating a default key\n"




×







164



                          "Key-Type: EdDSA\n"










165



                          "Key-Curve: Ed25519\n"










166



                          "Subkey-Type: ECDH\n"










167



                          "Subkey-Curve: Curve25519\n"










168



                          "Name-Real: \n"










169



                          "Name-Comment: QtPass\n"










170



                          "Name-Email: \n"










171



                          "Expire-Date: 0\n"










172



                          "%no-protection\n"










173



                          "%commit\n"










174



                          "%echo done");










175



  }










176



  return QStringLiteral("%echo Generating a default key\n"




1





177



                        "Key-Type: RSA\n"










178



                        "Subkey-Type: RSA\n"










179



                        "Name-Real: \n"










180



                        "Name-Comment: QtPass\n"










181



                        "Name-Email: \n"










182



                        "Expire-Date: 0\n"










183



                        "%no-protection\n"










184



                        "%commit\n"










185



                        "%echo done");










186



}










187












188



/**










189



 * @brief Pass::GenerateGPGKeys internal gpg keypair generator . .










190



 * @param batch GnuPG style configuration string










191



 */










192



void Pass::GenerateGPGKeys(QString batch) {




×







193



  executeWrapper(GPG_GENKEYS, QtPassSettings::getGpgExecutable(),




×







194



                 {"--gen-key", "--no-tty", "--batch"}, std::move(batch));










195



}




×







196












197



/**










198



 * @brief Pass::listKeys list users










199



 * @param keystrings










200



 * @param secret list private keys










201



 * @return QList<UserInfo> users










202



 */










203



auto Pass::listKeys(QStringList keystrings, bool secret) -> QList<UserInfo> {




×







204



  QList<UserInfo> users;




×







205



  QStringList args = {"--no-tty", "--with-colons", "--with-fingerprint"};




×







206



  args.append(secret ? "--list-secret-keys" : "--list-keys");




×







207












208



  for (const QString &keystring : AS_CONST(keystrings)) {




×







209



    if (!keystring.isEmpty()) {




×







210



      args.append(keystring);










211



    }










212



  }










213



  QString p_out;




×







214



  if (Executor::executeBlocking(QtPassSettings::getGpgExecutable(), args,




×







215



                                &p_out) != 0) {










216



    return users;










217



  }










218



#if QT_VERSION >= QT_VERSION_CHECK(5, 15, 0)










219



  const QStringList keys =










220



      p_out.split(Util::newLinesRegex(), Qt::SkipEmptyParts);




×







221



#else










222



  const QStringList keys =










223



      p_out.split(Util::newLinesRegex(), QString::SkipEmptyParts);










224



#endif










225



  UserInfo current_user;




×







226



  for (const QString &key : keys) {




×







227



    QStringList props = key.split(':');




×







228



    if (props.size() < 10) {




×







229



      continue;










230



    }










231



    if (props[0] == (secret ? "sec" : "pub")) {




×







232



      if (!current_user.key_id.isEmpty()) {




×







233



        users.append(current_user);










234



      }










235



      current_user = UserInfo();




×







236



      current_user.key_id = props[4];




×







237



      current_user.name = props[9].toUtf8();




×







238



      current_user.validity = props[1][0].toLatin1();




×







239



      current_user.created.setSecsSinceEpoch(props[5].toUInt());




×







240



      current_user.expiry.setSecsSinceEpoch(props[6].toUInt());




×







241



    } else if (current_user.name.isEmpty() && props[0] == "uid") {




×







242



      current_user.name = props[9];




×







243



    } else if ((props[0] == "fpr") && props[9].endsWith(current_user.key_id)) {




×







244



      current_user.key_id = props[9];




×







245



    }










246



  }










247



  if (!current_user.key_id.isEmpty()) {




×







248



    users.append(current_user);










249



  }










250



  return users;










251



}




×







252












253



/**










254



 * @brief Pass::listKeys list users










255



 * @param keystring










256



 * @param secret list private keys










257



 * @return QList<UserInfo> users










258



 */










259



auto Pass::listKeys(const QString &keystring, bool secret) -> QList<UserInfo> {




×







260



  return listKeys(QStringList(keystring), secret);




×







261



}










262












263



/**










264



 * @brief Pass::processFinished reemits specific signal based on what process










265



 * has finished










266



 * @param id    id of Pass process that was scheduled and finished










267



 * @param exitCode  return code of a process










268



 * @param out   output generated by process(if capturing was requested, empty










269



 *              otherwise)










270



 * @param err   error output generated by process(if capturing was requested,










271



 *              or error occurred)










272



 */










273



void Pass::finished(int id, int exitCode, const QString &out,




×







274



                    const QString &err) {










275



  auto pid = static_cast<PROCESS>(id);










276



  if (exitCode != 0) {




×







277



    emit processErrorExit(exitCode, err);




×







278



    return;




×







279



  }










280



  switch (pid) {




×







281



  case GIT_INIT:




×







282



    emit finishedGitInit(out, err);




×







283



    break;




×







284



  case GIT_PULL:




×







285



    emit finishedGitPull(out, err);




×







286



    break;




×







287



  case GIT_PUSH:




×







288



    emit finishedGitPush(out, err);




×







289



    break;




×







290



  case PASS_SHOW:




×







291



    emit finishedShow(out);




×







292



    break;




×







293



  case PASS_OTP_GENERATE:




×







294



    emit finishedOtpGenerate(out);




×







295



    break;




×







296



  case PASS_INSERT:




×







297



    emit finishedInsert(out, err);




×







298



    break;




×







299



  case PASS_REMOVE:




×







300



    emit finishedRemove(out, err);




×







301



    break;




×







302



  case PASS_INIT:




×







303



    emit finishedInit(out, err);




×







304



    break;




×







305



  case PASS_MOVE:




×







306



    emit finishedMove(out, err);




×







307



    break;




×







308



  case PASS_COPY:




×







309



    emit finishedCopy(out, err);




×







310



    break;




×







311



  case GPG_GENKEYS:




×







312



    emit finishedGenerateGPGKeys(out, err);




×







313



    break;




×







314



  default:










315



#ifdef QT_DEBUG










316



    dbg() << "Unhandled process type" << pid;










317



#endif










318



    break;










319



  }










320



}










321












322



/**










323



 * @brief Pass::updateEnv update the execution environment (used when










324



 * switching profiles)










325



 */










326



void Pass::updateEnv() {




×







327



  // put PASSWORD_STORE_SIGNING_KEY in env










328



  QStringList envSigningKey = env.filter("PASSWORD_STORE_SIGNING_KEY=");




×







329



  QString currentSigningKey = QtPassSettings::getPassSigningKey();




×







330



  if (envSigningKey.isEmpty()) {




×







331



    if (!currentSigningKey.isEmpty()) {




×







332



      // dbg()<< "Added










333



      // PASSWORD_STORE_SIGNING_KEY with" + currentSigningKey;










334



      env.append("PASSWORD_STORE_SIGNING_KEY=" + currentSigningKey);




×







335



    }










336



  } else {










337



    if (currentSigningKey.isEmpty()) {




×







338



      // dbg() << "Removed










339



      // PASSWORD_STORE_SIGNING_KEY";










340



      env.removeAll(envSigningKey.first());










341



    } else {










342



      // dbg()<< "Update










343



      // PASSWORD_STORE_SIGNING_KEY with " + currentSigningKey;










344



      env.replaceInStrings(envSigningKey.first(),




×







345



                           "PASSWORD_STORE_SIGNING_KEY=" + currentSigningKey);




×







346



    }










347



  }










348



  // put PASSWORD_STORE_DIR in env










349



  QStringList store = env.filter("PASSWORD_STORE_DIR=");




×







350



  if (store.isEmpty()) {




×







351



    // dbg()<< "Added










352



    // PASSWORD_STORE_DIR";










353



    env.append("PASSWORD_STORE_DIR=" + QtPassSettings::getPassStore());




×







354



  } else {










355



    // dbg()<< "Update










356



    // PASSWORD_STORE_DIR with " + passStore;










357



    env.replaceInStrings(store.first(), "PASSWORD_STORE_DIR=" +




×







358



                                            QtPassSettings::getPassStore());




×







359



  }










360



  exec.setEnvironment(env);




×







361



}




×







362












363



/**










364



 * @brief Pass::getGpgIdPath return gpgid file path for some file (folder).










365



 * @param for_file which file (folder) would you like the gpgid file path for.










366



 * @return path to the gpgid file.










367



 */










368



auto Pass::getGpgIdPath(const QString &for_file) -> QString {




8





369



  QString passStore =










370



      QDir::fromNativeSeparators(QtPassSettings::getPassStore());




16





371



  QString normalizedFile = QDir::fromNativeSeparators(for_file);




8





372



  QString fullPath = normalizedFile.startsWith(passStore)




8





373



                         ? normalizedFile




8





374



                         : passStore + "/" + normalizedFile;




6





375



  QDir gpgIdDir(QFileInfo(fullPath).absoluteDir());




8





376



  bool found = false;










377



  while (gpgIdDir.exists() && gpgIdDir.absolutePath().startsWith(passStore)) {




10





378



    if (QFile(gpgIdDir.absoluteFilePath(".gpg-id")).exists()) {




2





379



      found = true;










380



      break;










381



    }










382



    if (!gpgIdDir.cdUp()) {




×







383



      break;










384



    }










385



  }










386



  QString gpgIdPath(found ? gpgIdDir.absoluteFilePath(".gpg-id")




8





387



                          : QtPassSettings::getPassStore() + ".gpg-id");




22





388












389



  return gpgIdPath;




8





390



}




8





391












392



/**










393



 * @brief Pass::getRecipientList return list of gpg-id's to encrypt for










394



 * @param for_file which file (folder) would you like recepients for










395



 * @return recepients gpg-id contents










396



 */










397



auto Pass::getRecipientList(const QString &for_file) -> QStringList {




5





398



  QFile gpgId(getGpgIdPath(for_file));




5





399



  if (!gpgId.open(QIODevice::ReadOnly | QIODevice::Text)) {




5





400



    return {};




×







401



  }










402



  QStringList recipients;




5





403



  while (!gpgId.atEnd()) {




14





404



    QString recipient(gpgId.readLine());




18





405



    recipient = recipient.split("#")[0].trimmed();




18





406



    if (!recipient.isEmpty()) {




9





407



      recipients += recipient;










408



    }










409



  }










410



  return recipients;










411



}




5





412












413



/**










414



 * @brief Pass::getRecipientString formated string for use with GPG










415



 * @param for_file which file (folder) would you like recepients for










416



 * @param separator formating separator eg: " -r "










417



 * @param count










418



 * @return recepient string










419



 */










420



auto Pass::getRecipientString(const QString &for_file, const QString &separator,




2





421



                              int *count) -> QStringList {










422



  Q_UNUSED(separator)










423



  QStringList recipients = Pass::getRecipientList(for_file);




2





424



  if (count) {




2





425



    *count = recipients.size();




1





426



  }










427



  return recipients;




2





428



}










429












430



/* Copyright (C) 2017 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.










431



 */










432












433



auto Pass::boundedRandom(quint32 bound) -> quint32 {




1,160





434



  if (bound < 2) {




1,160





435



    return 0;










436



  }










437












438



  quint32 randval;










439



  const quint32 max_mod_bound = (1 + ~bound) % bound;




1,160





440












441



  do {










442



    randval = QRandomGenerator::system()->generate();










443



  } while (randval < max_mod_bound);




1,160





444












445



  return randval % bound;




1,160





446



}










447












448



auto Pass::generateRandomPassword(const QString &charset, unsigned int length)




1,004





449



    -> QString {










450



  QString out;




1,004





451



  for (unsigned int i = 0; i < length; ++i) {




2,164





452



    out.append(charset.at(static_cast<int>(




1,160





453



        boundedRandom(static_cast<quint32>(charset.length())))));




1,160





454



  }










455



  return out;




1,004





456



}
























    

  • 

    •