This commit updates the Go versions specified in the GitHub Actions workflows. The versions in 'codecov_testonly.yml', 'golangci-lint.yml', 'codecov.yml', and 'sonarqube.yml' files have been updated to more recent versions. These updates ensure the workflows use up-to-date Go language features and maintain compatibility with the latest Go releases.
The expected output counts for password hash matches in the pwned passwords database have been updated in multiple test scenarios. The changes reflect recent statistics, ensuring the tests' output aligns with current data for greater test accuracy.
Deleted all .idea directory files from the repository as these files pertain to individual IDE settings and should not be versioned. The .idea directory has been added to the .gitignore file to keep local IDE settings private and maintain overall repository cleanliness.
The .idea directory, created by JetBrains IDEs, has been added to the .gitignore file. This prevents any local IDE settings from being added to the git repository, which is crucial for working with other developers and keeping the repository clean.
In order to avoid potential indexing issues in password handling, a conditional statement has been added. This ensures that there are two resultant parts after the string splitting operation; if the condition isn't met, the operation simply continues without processing further. This enhances code robustness and reliability.
This PR implements support for NTLM hashes as announced by Troy Hunt:
https://s.pebcak.de/@troyhunt@infosec.exchange/109833758367903768
For this we needed to be able to calculate MD4 hashes, as NTLM basically is calculated like this: `MD4(UTF-16LE(pw))`. For this we ported the official golang.org/x/crypto/md4 package, so we can still claim that "only depends on Go stdlib"
A new Client option has been introduced: `WithPwnedNTLMHash`. If the client is initalized with this option, all generic methods (`ListHashesPassword` and `CheckPassword`) will operate on NTLM hashes.
Additionally, there are now equivalent methods for checking passwords and listing hashes for NTLM: `CheckNTLM` and `ListHashesNTLM`
Fixes#22
- In case of a HTTP error the PastedAccount method is supposed to return the HTTP response, since this can hold valuable information about the reason why the request failed. Instead, it was returning `nil`. This PR fixes this behaviour.
- Additionally, this PR introduces tests to catch such oversights
- Finally a proper `error.New()` error has been introduces, to that `error.Is()` can be used on common error that are detected by the module
- This method replaces the previously private apiCall() method
- Added `ListHashesSHA1()` as well as `ListHashesPassword()` to keep consistency in the naming schema
- Added length checks for SHA1() methods
- Added length check for Prefix() method