From 691f79b76b9d36cc75dfb3c6f44e153c5c706c75 Mon Sep 17 00:00:00 2001
From: Jonathan Desrosiers <desrosj@git.wordpress.org>
Date: Thu, 20 Dec 2018 19:45:15 +0000
Subject: [PATCH] External Libraries: Update zxcvbn to 4.2.2.

Version 4.2.2 of the zxcvbn password strength library has several bug fixes. A full list of changes can be seen here: https://github.com/dropbox/zxcvbn/compare/v4.4.1...v4.4.2.

This commit also adds the library as a project dependency, making it easier to update in the future. Because the dictionary within the library contains non-PG language, a `rot13:zxcvbn` task has been added to Grunt to perform a ROT-13 cipher on the library. This task has been added to `grunt build` and `grunt build:js`.

Props omarreiss, netweb, desrosj.
Fixes #43749.

git-svn-id: https://develop.svn.wordpress.org/trunk@44354 602fd350-edb4-49c9-b593-d223f7449a82
---
 Gruntfile.js      |  70 ++++++++++++++++++++++++++++++-
 package-lock.json | 105 +++++++++++++++++++++++++++++++++++++++++++---
 package.json      |   5 +++
 3 files changed, 173 insertions(+), 7 deletions(-)

diff --git a/Gruntfile.js b/Gruntfile.js
index 05f25ac56d..669e680e8a 100644
--- a/Gruntfile.js
+++ b/Gruntfile.js
@@ -5,6 +5,10 @@ var webpackConfig = require( './webpack.config' );
 module.exports = function(grunt) {
 	var path = require('path'),
 		fs = require( 'fs' ),
+		rot = require( 'rot' );
+		esprima = require( 'esprima' );
+		estraverse = require( 'estraverse' );
+		escodegen = require( 'escodegen' );
 		spawn = require( 'child_process' ).spawnSync,
 		SOURCE_DIR = 'src/',
 		BUILD_DIR = 'build/',
@@ -680,7 +684,10 @@ module.exports = function(grunt) {
 					'!wp-admin/js/custom-header.js', // Why? We should minify this.
 					'!wp-admin/js/farbtastic.js',
 					'!wp-includes/js/swfobject.js',
-					'!wp-includes/js/wp-embed.js' // We have extra options for this, see uglify:embed
+					'!wp-includes/js/wp-embed.js', // We have extra options for this, see uglify:embed
+
+					// .min files that still need to be minified.
+					'wp-includes/js/zxcvbn.min.js'
 				]
 			},
 			embed: {
@@ -1068,6 +1075,12 @@ module.exports = function(grunt) {
 				]
 			}
 		},
+		rot13: {
+			zxcvbn: {
+				src: './node_modules/zxcvbn/dist/zxcvbn.js',
+				dest: 'build/wp-includes/js/zxcvbn.min.js'
+			},
+		},
 		_watch: {
 			options: {
 				interval: 2000
@@ -1346,6 +1359,7 @@ module.exports = function(grunt) {
 		'clean:js',
 		'webpack:dev',
 		'copy:js',
+		'rot13:zxcvbn',
 		'file_append',
 		'uglify:all',
 		'build:tinymce',
@@ -1364,6 +1378,7 @@ module.exports = function(grunt) {
 	grunt.registerTask( 'build', [
 		'clean:all',
 		'copy:all',
+		'rot13:zxcvbn',
 		'file_append',
 		'cssmin:core',
 		'colors',
@@ -1436,6 +1451,59 @@ module.exports = function(grunt) {
 	// Default task.
 	grunt.registerTask('default', ['build']);
 
+	grunt.registerMultiTask('rot13', 'ROT-13 zxcvbn passwords for PG-ness.', function() {
+		this.files.forEach(function(f) {
+			// Build AST from source code
+			var code = grunt.file.read(f.src);
+			var ast = esprima.parse(code);
+
+			ast = estraverse.replace(ast, {
+				enter: function(node) {
+					// Filter string
+					let key_names = [
+						'passwords',
+						'english_wikipedia',
+						'female_names',
+						'surnames',
+						'us_tv_and_film',
+						'male_names'
+					];
+
+					if( node.type === 'Property' && key_names.includes( node.key.name ) ) {
+						// Wrap encrypted string with decrypt function.
+						var value = {
+							type: 'CallExpression',
+							callee: {
+								type: 'Identifier',
+								name: 'rot'
+							},
+							arguments: [{
+								type: 'Literal',
+								value: rot(node.value.callee.object.value, 13),
+								raw: rot(node.value.callee.object.raw, 13)
+							}, {
+								type: 'Literal',
+								value: 13,
+								raw: 13
+							}]
+						};
+						node.value = value;
+						return node;
+					}
+				}
+			});
+
+			// ROT-13 decode function
+			var prependCode = 'var lowercase="abcdefghijklmnopqrstuvwxyz",uppercase="ABCDEFGHIJKLMNOPQRSTUVWXYZ",regexLowercase=/[a-z]/,regexUppercase=/[A-Z]/,rot=function(e,r){if(null==r&&(r=13),r=Number(r),e=String(e),0==r)return e;0>r&&(r+=26);for(var a,c,t,s=e.length,p=-1,n="";++p<s;)a=e.charAt(p),regexLowercase.test(a)?(c=lowercase.indexOf(a),t=(c+r)%26,n+=lowercase.charAt(t)):regexUppercase.test(a)?(c=uppercase.indexOf(a),t=(c+r)%26,n+=uppercase.charAt(t)):n+=a;return n};\n';
+
+			// Generate new file from modified AST
+			var modifiedCode = prependCode + escodegen.generate(ast);
+			grunt.file.write(f.dest, modifiedCode);
+
+			grunt.log.writeln('File "' + f.dest + '" encrypted.');
+		});
+	});
+
 	/*
 	 * Automatically updates the `:dynamic` configurations
 	 * so that only the changed files are updated.
diff --git a/package-lock.json b/package-lock.json
index f9930236ba..d9eecbb782 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -4428,6 +4428,11 @@
 				"lodash.isplainobject": "^4.0.6"
 			}
 		},
+		"deep-is": {
+			"version": "0.1.3",
+			"resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.3.tgz",
+			"integrity": "sha1-s2nW+128E+7PUk+RsHD+7cNXzzQ="
+		},
 		"deepmerge": {
 			"version": "1.5.2",
 			"resolved": "https://registry.npmjs.org/deepmerge/-/deepmerge-1.5.2.tgz",
@@ -4988,6 +4993,31 @@
 			"resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
 			"integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ="
 		},
+		"escodegen": {
+			"version": "1.10.0",
+			"resolved": "https://registry.npmjs.org/escodegen/-/escodegen-1.10.0.tgz",
+			"integrity": "sha512-fjUOf8johsv23WuIKdNQU4P9t9jhQ4Qzx6pC2uW890OloK3Zs1ZAoCNpg/2larNF501jLl3UNy0kIRcF6VI22g==",
+			"requires": {
+				"esprima": "^3.1.3",
+				"estraverse": "^4.2.0",
+				"esutils": "^2.0.2",
+				"optionator": "^0.8.1",
+				"source-map": "~0.6.1"
+			},
+			"dependencies": {
+				"esprima": {
+					"version": "3.1.3",
+					"resolved": "https://registry.npmjs.org/esprima/-/esprima-3.1.3.tgz",
+					"integrity": "sha1-/cpRzuYTOJXjyI1TXOSdv/YqRjM="
+				},
+				"source-map": {
+					"version": "0.6.1",
+					"resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
+					"integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
+					"optional": true
+				}
+			}
+		},
 		"eslint-scope": {
 			"version": "4.0.0",
 			"resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-4.0.0.tgz",
@@ -4999,10 +5029,9 @@
 			}
 		},
 		"esprima": {
-			"version": "1.0.4",
-			"resolved": "https://registry.npmjs.org/esprima/-/esprima-1.0.4.tgz",
-			"integrity": "sha1-n1V+CPw7TSbs6d00+Pv0drYlha0=",
-			"dev": true
+			"version": "4.0.0",
+			"resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.0.tgz",
+			"integrity": "sha512-oftTcaMu/EGrEIu904mWteKIv8vMuOgGYo7EhVJJN00R/EED9DCua/xxHRdYnKtcECzVg7xOWhflvJMnqcFZjw=="
 		},
 		"esrecurse": {
 			"version": "4.2.1",
@@ -5016,8 +5045,7 @@
 		"estraverse": {
 			"version": "4.2.0",
 			"resolved": "https://registry.npmjs.org/estraverse/-/estraverse-4.2.0.tgz",
-			"integrity": "sha1-De4/7TH81GlhjOc0IJn8GvoL2xM=",
-			"dev": true
+			"integrity": "sha1-De4/7TH81GlhjOc0IJn8GvoL2xM="
 		},
 		"esutils": {
 			"version": "2.0.2",
@@ -5383,6 +5411,11 @@
 			"integrity": "sha1-1RQsDK7msRifh9OnYREGT4bIu/I=",
 			"dev": true
 		},
+		"fast-levenshtein": {
+			"version": "2.0.6",
+			"resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz",
+			"integrity": "sha1-PYpcZog6FqMMqGQ+hR8Zuqd5eRc="
+		},
 		"faye-websocket": {
 			"version": "0.10.0",
 			"resolved": "https://registry.npmjs.org/faye-websocket/-/faye-websocket-0.10.0.tgz",
@@ -7079,6 +7112,14 @@
 			"dev": true,
 			"requires": {
 				"esprima": "~1.0.0"
+			},
+			"dependencies": {
+				"esprima": {
+					"version": "1.0.4",
+					"resolved": "https://registry.npmjs.org/esprima/-/esprima-1.0.4.tgz",
+					"integrity": "sha1-n1V+CPw7TSbs6d00+Pv0drYlha0=",
+					"dev": true
+				}
 			}
 		},
 		"grunt-known-options": {
@@ -9274,6 +9315,15 @@
 				"invert-kv": "^1.0.0"
 			}
 		},
+		"levn": {
+			"version": "0.3.0",
+			"resolved": "https://registry.npmjs.org/levn/-/levn-0.3.0.tgz",
+			"integrity": "sha1-OwmSTt+fCDwEkP3UwLxEIeBHZO4=",
+			"requires": {
+				"prelude-ls": "~1.1.2",
+				"type-check": "~0.3.2"
+			}
+		},
 		"line-height": {
 			"version": "0.3.1",
 			"resolved": "https://registry.npmjs.org/line-height/-/line-height-0.3.1.tgz",
@@ -11149,6 +11199,26 @@
 				}
 			}
 		},
+		"optionator": {
+			"version": "0.8.2",
+			"resolved": "https://registry.npmjs.org/optionator/-/optionator-0.8.2.tgz",
+			"integrity": "sha1-NkxeQJ0/TWMB1sC0wFu6UBgK62Q=",
+			"requires": {
+				"deep-is": "~0.1.3",
+				"fast-levenshtein": "~2.0.4",
+				"levn": "~0.3.0",
+				"prelude-ls": "~1.1.2",
+				"type-check": "~0.3.2",
+				"wordwrap": "~1.0.0"
+			},
+			"dependencies": {
+				"wordwrap": {
+					"version": "1.0.0",
+					"resolved": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz",
+					"integrity": "sha1-J1hIEIkUVqQXHI0CJkQa3pDLyus="
+				}
+			}
+		},
 		"optipng-bin": {
 			"version": "3.1.4",
 			"resolved": "https://registry.npmjs.org/optipng-bin/-/optipng-bin-3.1.4.tgz",
@@ -12146,6 +12216,11 @@
 				}
 			}
 		},
+		"prelude-ls": {
+			"version": "1.1.2",
+			"resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.1.2.tgz",
+			"integrity": "sha1-IZMqVJ9eUv/ZqCf1cOBL5iqX2lQ="
+		},
 		"prepend-http": {
 			"version": "1.0.4",
 			"resolved": "https://registry.npmjs.org/prepend-http/-/prepend-http-1.0.4.tgz",
@@ -13242,6 +13317,11 @@
 				"inherits": "^2.0.1"
 			}
 		},
+		"rot": {
+			"version": "0.1.0",
+			"resolved": "https://registry.npmjs.org/rot/-/rot-0.1.0.tgz",
+			"integrity": "sha1-rPQEhNIAhC6LxIRDgmFuSGNdSN4="
+		},
 		"rtlcss": {
 			"version": "2.2.1",
 			"resolved": "https://registry.npmjs.org/rtlcss/-/rtlcss-2.2.1.tgz",
@@ -15303,6 +15383,14 @@
 			"resolved": "https://registry.npmjs.org/twemoji/-/twemoji-11.0.0.tgz",
 			"integrity": "sha1-fuxX0Sv9H//o1efwXaC2QipgeQ8="
 		},
+		"type-check": {
+			"version": "0.3.2",
+			"resolved": "https://registry.npmjs.org/type-check/-/type-check-0.3.2.tgz",
+			"integrity": "sha1-WITKtRLPHTVeP7eE8wgEsrUg23I=",
+			"requires": {
+				"prelude-ls": "~1.1.2"
+			}
+		},
 		"type-is": {
 			"version": "1.6.16",
 			"resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.16.tgz",
@@ -16785,6 +16873,11 @@
 				"lodash": "^4.8.0",
 				"readable-stream": "^2.0.0"
 			}
+		},
+		"zxcvbn": {
+			"version": "4.4.2",
+			"resolved": "https://registry.npmjs.org/zxcvbn/-/zxcvbn-4.4.2.tgz",
+			"integrity": "sha1-KOwXzwl0PtyrBW3dixsGJizHPDA="
 		}
 	}
 }
diff --git a/package.json b/package.json
index 36a5827d8c..f067193847 100644
--- a/package.json
+++ b/package.json
@@ -94,6 +94,9 @@
 		"@wordpress/wordcount": "^2.0.3",
 		"backbone": "1.3.3",
 		"element-closest": "^2.0.2",
+		"escodegen": "1.10.0",
+		"esprima": "4.0.0",
+		"estraverse": "4.2.0",
 		"formdata-polyfill": "^3.0.12",
 		"imagesloaded": "3.2.0",
 		"jquery": "1.12.4",
@@ -107,8 +110,10 @@
 		"polyfill-library": "^3.26.0-0",
 		"react": "^16.6.3",
 		"react-dom": "^16.6.3",
+		"rot": "0.1.0",
 		"twemoji": "11.0.0",
 		"underscore": "1.8.3",
+		"zxcvbn": "4.4.2",
 		"whatwg-fetch": "^3.0.0"
 	},
 	"scripts": {