Chore(deps): bump deps - Bump golangci-lint to v1.43.0 (fixing a typo) - Update golangci-lint configs for v1.43.0 - Bump the go toolchain used in CI to 1.17.3 - Bump go-internal and /x/sys to the latest commits
Chore(lint): update/pin golangci-lint to v1.43.0 Update golangci-lint's configs for the new golangci-lint 1.43.0, featuring two new linters. The parent commit e561b8675a43d8a9030719a1329898692a2300a7 ensured compliance with the new varnamelen linter.
Chore(style): more descriptive varnames Some varnames had confusing names, which were enough to confuse the maintainer after a couple weeks away from the project. The varnamelen linter recently introduced to golangci-lint helped pinpoint non-descriptive names used across a nontrivial number of lines. Single-letter names used across fewer than 5 lines are fine, though.
Fix some spelling mistakes "liklihood" -> "likelihood" "alculate" -> "calculate"
Refactor: move grapheme logic to shared file Forgot to format the grandparent commit; clean up import-order, whitespace, etc. The complexity of main1() grew a bit and the grapheme handling was repetitive, so moved it to the shared internal/cli subpkg.
Test(CLI): add tests for grapheme clustering Add testscripts for uniseg-based grapheme cluster detection + warning. This also involved following the process for adding a new dependency: added it go.mod, go.sum, and .go-arch-lint.yml. Also updated SECURITY.md documentation to remove now-outdated info regarding 3p deps.
CLI: warn if grapheme clusters are detected The uniseg package was used to detect grapheme clusters, because it is the only one which supports it at the moment. [Ticket: 19]
Chore(CI): fix OpenBSD build flags OpenBSD's ubsan doesn't seem to be working; remove it for now. Any undefined behavior would probably be unavoidable anyway, as it's probably just from the go stdlib.
Chore(deps): bump deps - Support golangci-lint with gocritic v0.6.0 - Bump golang.org/x/sys to latest commit
Doc: document more security requirements Just some clarifications to the project's security requirements, no new information or major changes. - Link to SECURITY.md in CONTRIBUTING. - Use some better terminology when describing test types. - Nits: grammar fixes, minor clarifications.
Doc(README): add more alternatives - Group alternatives by scope (pwgen, password analysis, both). - Add alternatives: pass-checker, repassgen, and my own genpw.
Chore(CI): use Go 1.17.2 Download and use the Go 1.17.2 toolchain for glibc-based builds in CI. Used to be 1.17.1.
Feat(CLI): allow setting guesses-per-sec Add a CLI flag -G to set guesses-per-second. This obviously required updating flag parsing, manpages, and CLi testscript scenarios. In addition, GuessesPerSecond had to be checked for validity (i.e. it couldn't be negative); this added to the checking of CLI error messages. Also edited error strings that generated said error messages to remove single quotes since testscript doesn't like them and "cannot" is cleaner than "can't" with a bunch of escapes.
Test: ensure GenPW panics properly w/o crypto/rand Run a test that temporarily breaks crypto/rand and ensures that GenPW panics without a CSPRNG. Also check that the logged message is correct. This uses an approach borrowed from gopass: github.com/gopasspw/gopass/blob/3894fb96b/pkg/pwgen/pwgen_test.go#L38
Refactor: remove impossible/unnecessary panics Remove impossible and unnecessary panics in givens.go; these checked for impossible situations that are now accounted for and tested. For instance, one check ensured that energy was never zero, but since then givens is guaranteed to set energy to a nonzero value or error appropriately. Re-ordered the functions to follow a more logical flow.
Test: add test case for custom guesses-per-second Since I'm about to add functionality to the CLI to specify a custom number of guesses per second, it seemed appropriate to test this functionality in the library first. Surprisingly, a custom guesses-per-second was never accounted for until now. When I add the ability to specify custom guesses-per-second on the CLI, the corresponding scenario test can re-use these values.
Fix: remove ineffective code (from mutesting) Mutation testing revealed some code to have no effect; remove it. Further testing showed that some code intended to improve performance (e.g. exiting loops early) did absolutely nothing. One of these changes made the computation of guesses-per-second in Givens.Populate() mirror everything else that used setBottleneck; since everything else had been moved to its own function, do the same for guesses-per-second.
Test: add stress test for long pw Add a test case for generating a super long password whose length is the output of getLoops squared. Could be useful for detecting crashes, esp. with CGO+sanitizers enabled. Since this new case along with the previous empty-charset case aren't part of the other pairwise pwgen test tables, move them to their own file.
Doc: add more project requirements - Add SECURITY.md to list the project's security requirements - Update the contribution guidelines/requirements in CONTRIBUTING.md with a reference to the new SECURITY.md - Explicitly set shfmt formatting flags to meet portability requirements.
Chore(style): remove unnecessary "else" statements Remove unnecessary "else" statements, replacing them with early exits if appropriate. This keeps the code simpler and flatter, and also neatly separates a "normal" flow from a "special-case" flow.