New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added obfuscation for keys #67
Added obfuscation for keys #67
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking good. Mostly minor suggestions. Also need to get a CHANGELOG
entry added.
// UtiliKit-iOS | ||
// | ||
// Created by Russell Mirabelli on 7/23/19. | ||
// Copyright © 2019 CocoaPods. All rights reserved. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like we need to update the copyright here to "Bottle Rocket Studios". Could you go ahead and update this comment and make the change in the project file?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
|
||
var value: String { | ||
get { | ||
return _value |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can use the implicit getter here instead of manually specifying the get
block.
var value: String {
return _value
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
Tests/ObfuscationTests.swift
Outdated
// | ||
|
||
import XCTest | ||
@testable import UtiliKit |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm thinking a regular import
might work just as well here since we're testing public APIs (also, we might need to make much ObfuscatedKey.swift
public
so that it's usable in client code).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
Tests/ObfuscationTests.swift
Outdated
func testSimpleObfuscatedString() { | ||
let key = ObfuscatedKey().A.B.A.B.value | ||
let expected = "ABAB" | ||
XCTAssert(key == expected, "Keys do not match: \(key) is not \(expected)") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very minor, but you might consider using XCTAssertEqual()
instead of the more generic XCTAssert()
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
Tests/ObfuscationTests.swift
Outdated
} | ||
|
||
func testExtras() { | ||
let key = ObfuscatedKey().dot.dash.underscore.anything("=").value |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very minor, but we might consider renaming anything(_:)
to read a little better here at the call site. Some potential suggestions:
appending(_:)
explicit(_:)
extra(_:)
additional(_:)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What about literal(_:)
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I kinda like additional
. What about calling it add
?
add(_:)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I used literal.
Codecov Report
@@ Coverage Diff @@
## master #67 +/- ##
=====================================
Coverage 100% 100%
=====================================
Files 4 5 +1
Lines 413 433 +20
=====================================
+ Hits 413 433 +20
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, a few minor changes. Seems like a very useful addition.
/// By using the ObfuscatedKey struct, you can build a human-readable key that nonetheless | ||
/// will not appear simply by running "strings" against your compiled code, and will even | ||
/// not appear as a string within your source code. | ||
struct ObfuscatedKey { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will need to be public
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done.
} | ||
|
||
// codebeat:disable[TOO_MANY_FUNCTIONS] | ||
var A: ObfuscatedKey { return ObfuscatedKey(_value + "A") } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It might make sense to throw these into a public extension
to alleviate the need to define each of these as public var ...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice way to avoid all the publics. Done, and thanks!
Tests/ObfuscationTests.swift
Outdated
} | ||
|
||
func testExtras() { | ||
let key = ObfuscatedKey().dot.dash.underscore.anything("=").value |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What about literal(_:)
?
/// will not appear simply by running "strings" against your compiled code, and will even | ||
/// not appear as a string within your source code. | ||
struct ObfuscatedKey { | ||
private let _value: String |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we lose the internal variable and use public private(set) value: String
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's not available on a "let"; I believe that the immutability of a "let" is important to make the general builder technique make sense.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fair point - withdrawn.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can't help but feel like I'm missing something here - what does the private let _value: String
and public var value { return _value }
get us here over a single immutable public let value
. As far as I can tell, we aren't mutating it or validating internally and the same-file extensions should have the same access regardless.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fair point. Since my merge is still blocked by the license (ugh), I'll think about this and see if there is a good reason I can find.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed, changed.
CHANGELOG.md
Outdated
@@ -2,6 +2,10 @@ | |||
|
|||
##### Enhancements | |||
|
|||
* Added obfuscation for keys/passwords to ensure that they don't appear in plaintext. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very minor, maybe just mention the "Obfuscation" subspec and the ObfuscatedKey
class so that clients can get a general sense of how they can make use of this new feature when they see these release notes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done!
5d7aca1
Simple obfuscation, documentation included.
let key = ObfuscationKey().a.b.c.n1.n2.n3.value