Optimisations and bug fixes

cristianst85 commented 5 years ago

Code optimizations:

properly dispose resources (e.g.: SHA1CryptoServiceProvider, FileStream, StreamReader);
use StringBuilder instead of string concatenations;
fix Code Analysis warnings.

Bug fixes:

fixed issue with referenced password field that was causing incorrect Pwned status to be shown. Password field is compiled before SHA-1 hashing;
fixed build script to work with paths containing spaces;

P.S. Feel free to merge (or cherry pick) these changes if you find them useful.

mihaifm commented 5 years ago

Thanks, good stuff. I'll test these changes and merge them.

What was the issue you mentioned in one of the commits?

Fixed issue with referenced password field that was causing incorrect Pwned status to be shown

cristianst85 commented 5 years ago

I'll give you the steps to reproduce the issue:

Open KeePass and Create a new entry:

Title: test Password: 12345678

Check the status with HIBPOfflineCheck > this should return Pwned (password count: 2840404) as this is a weak/compromised password.

Now we make a copy of the above entry:

Right-click on the above entry > Select Duplicate entry (CTRL+K)
Check Replace user names and passwords by references > Click OK to save
Now Check the status with HIBPOfflineCheck > this will return Secure which is incorrect as the old implementation hashed the reference string (e.g., {REF:P@I:808317FD401EAF449326E7EAF80C660C}) instead of the actual password.

I hope this clarify the issue.

mihaifm commented 5 years ago

Cool, thanks. Indeed, references were not handled properly.

mihaifm / HIBPOfflineCheck