line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
# |
2
|
|
|
|
|
|
|
#=============================================================================== |
3
|
|
|
|
|
|
|
# |
4
|
|
|
|
|
|
|
# FILE: Pwned.pm |
5
|
|
|
|
|
|
|
# |
6
|
|
|
|
|
|
|
# DESCRIPTION: Check HIBP to see if this password has been pwned |
7
|
|
|
|
|
|
|
# |
8
|
|
|
|
|
|
|
# FILES: --- |
9
|
|
|
|
|
|
|
# BUGS: --- |
10
|
|
|
|
|
|
|
# NOTES: https://haveibeenpwned.com/API/v2#PwnedPasswords |
11
|
|
|
|
|
|
|
# AUTHOR: Pete Houston (pete), cpan@openstrike.co.uk |
12
|
|
|
|
|
|
|
# ORGANIZATION: Openstrike |
13
|
|
|
|
|
|
|
# VERSION: See $VERSION in code |
14
|
|
|
|
|
|
|
# CREATED: 29/05/18 14:44:30 |
15
|
|
|
|
|
|
|
# REVISION: --- |
16
|
|
|
|
|
|
|
#=============================================================================== |
17
|
|
|
|
|
|
|
|
18
|
4
|
|
|
4
|
|
159378
|
use strict; |
|
4
|
|
|
|
|
13
|
|
|
4
|
|
|
|
|
84
|
|
19
|
4
|
|
|
4
|
|
12
|
use warnings; |
|
4
|
|
|
|
|
8
|
|
|
4
|
|
|
|
|
101
|
|
20
|
|
|
|
|
|
|
|
21
|
|
|
|
|
|
|
package Password::Policy::Rule::Pwned; |
22
|
|
|
|
|
|
|
|
23
|
4
|
|
|
4
|
|
18
|
use parent 'Password::Policy::Rule'; |
|
4
|
|
|
|
|
8
|
|
|
4
|
|
|
|
|
13
|
|
24
|
|
|
|
|
|
|
|
25
|
4
|
|
|
4
|
|
2539
|
use Password::Policy::Exception::Pwned; |
|
4
|
|
|
|
|
7
|
|
|
4
|
|
|
|
|
69
|
|
26
|
4
|
|
|
4
|
|
902
|
use Password::Policy::Exception::PwnedError; |
|
4
|
|
|
|
|
6
|
|
|
4
|
|
|
|
|
69
|
|
27
|
4
|
|
|
4
|
|
1887
|
use LWP::UserAgent; |
|
4
|
|
|
|
|
126770
|
|
|
4
|
|
|
|
|
115
|
|
28
|
4
|
|
|
4
|
|
1577
|
use Digest::SHA 'sha1_hex'; |
|
4
|
|
|
|
|
8923
|
|
|
4
|
|
|
|
|
791
|
|
29
|
|
|
|
|
|
|
|
30
|
|
|
|
|
|
|
our $VERSION = '0.01'; |
31
|
|
|
|
|
|
|
my $ua = __PACKAGE__ . '/' . $VERSION; |
32
|
|
|
|
|
|
|
my $timeout = 5; |
33
|
|
|
|
|
|
|
our $base_url = 'https://api.pwnedpasswords.com/range/'; |
34
|
|
|
|
|
|
|
|
35
|
|
|
|
|
|
|
sub check { |
36
|
14
|
|
|
14
|
1
|
54448
|
my $self = shift; |
37
|
14
|
|
|
|
|
47
|
my $password = $self->prepare (shift); |
38
|
14
|
|
|
|
|
187
|
my $hash = uc sha1_hex ($password); |
39
|
14
|
|
|
|
|
46
|
my $range = substr ($hash, 0, 5, ''); |
40
|
14
|
|
|
|
|
33
|
my $url = $base_url . $range; |
41
|
14
|
|
|
|
|
89
|
my $res = LWP::UserAgent->new (agent => $ua, timeout => $timeout)->get ($url); |
42
|
14
|
100
|
|
|
|
1608601
|
if ($res->code != 200) { |
43
|
3
|
|
|
|
|
33
|
warn $res->status_line; |
44
|
3
|
|
|
|
|
457
|
Password::Policy::Exception::PwnedError->throw; |
45
|
|
|
|
|
|
|
} |
46
|
11
|
100
|
|
|
|
168
|
if (index ($res->content, "$hash:") > -1) { |
47
|
6
|
|
|
|
|
1871
|
Password::Policy::Exception::Pwned->throw; |
48
|
|
|
|
|
|
|
} |
49
|
5
|
|
|
|
|
1771
|
return 1; |
50
|
|
|
|
|
|
|
} |
51
|
|
|
|
|
|
|
|
52
|
|
|
|
|
|
|
__END__ |