From cabceaa7fd18f89f6adce33ab710c5f434e951eb Mon Sep 17 00:00:00 2001
From: Michael Rodin <rodinmi@corvinianum.de>
Date: Wed, 15 Feb 2023 17:11:00 +0100
Subject: [PATCH] Limit entries in selection

---
 README.md   |  4 ++--
 image-index | 35 +++++++++++++++++++----------------
 2 files changed, 21 insertions(+), 18 deletions(-)

diff --git a/README.md b/README.md
index f7017a4..862d2b8 100644
--- a/README.md
+++ b/README.md
@@ -24,7 +24,6 @@ This project was written and tested on an Arch Linux-based distribution and pyth
 * sqlite3
 
 ## Downloading
-There isn't an install script currently.
 ```sh
 git clone https://gitlab.com/rodin_schule/image-index-py.git
 cd ./image-index-py
@@ -36,4 +35,5 @@ The top of the file holds some very important variables that need to be looked a
 * INDEX_FILE: The absolute path of the database file.
 * LINUX_APP_STARTER: The linux command which can open a file in the default application. Most distributions use `xdg-open`.
 * ENCRYPT: This setting tells the script whether to encrypt the added files by default or not. 
-    * If set to True, the ids of the categories will be fully random (fe627ea4-3fd60 instead of category-3fd60) for pretty much zero-knowledge storage on a remote server without access to the database.
\ No newline at end of file
+    * If set to True, the ids of the categories will be randomly generated (fe627ea4-3fd60 instead of category-3fd60) for pretty much zero-knowledge storage on a remote server without access to the database.
+* MAX_ITEMS: The maximal amount of entries shown in the selection menu.
\ No newline at end of file
diff --git a/image-index b/image-index
index 7468a4b..1d163ae 100755
--- a/image-index
+++ b/image-index
@@ -9,6 +9,7 @@ ROOT_DIR=os.getcwd() # The directory where all directories and files of the inde
 INDEX_FILE=ROOT_DIR+"/index.db" # The database file
 LINUX_APP_STARTER="xdg-open" # The command which opens the files in the default application
 ENCRYPT=True # True or False; Whether the default is to encrypt the file or to save it as a plain file
+MAX_ITEMS=10 # Maximal amount of shown entries for selection
 
 class database():
     def __init__(self,filepath = INDEX_FILE):
@@ -116,7 +117,7 @@ class database():
             if len(sel_list) > 1:
                 n=0
                 print("Found several matches:")
-                for tup in sel_list:
+                for tup in sel_list[:MAX_ITEMS]:
                     temp_list=[]
                     for j in tup:
                         temp_list.append(j)
@@ -141,6 +142,8 @@ class database():
                         print("\tAlias:\t ",temp_list[1])
                         print("\tDescription: ",temp_list[2])
                     n+=1
+                if len(sel_list) > MAX_ITEMS:
+                    print(f"The list was too long, so it was reduced to {MAX_ITEMS} entries.")
                 eingabe=input("Enter number(s) (0-{}; '*' for all entries): ".format(n-1))
                 if not eingabe:
                     return [""]
@@ -179,6 +182,8 @@ class database():
             if not secondlist:
                 n=0
                 for i in self.get_col(typ):
+                    if len(temp_list) > MAX_ITEMS:
+                        break
                     aliases=[]
                     if i == "" and self.name == "FILES":
                         print("NO ENTRIES IN THE INDEX!")
@@ -233,7 +238,7 @@ class database():
                     return secondlist
             if not temp_list:
                 return [""]
-            return temp_list
+            return temp_list[:MAX_ITEMS+1]
         return secondlist
 
     def update_index(self,typ,update,where,val):
@@ -247,11 +252,10 @@ class enctable(database): # https://www.thesecuritybuddy.com/cryptography-and-py
         self.collist=["NAME","CIPHER","PASSWORD"]
         super().__init__(filepath)
 
-    def derive_key_and_iv(self, password, salt, key_length, iv_length): #derive key and IV from password and salt.
+    def derive_key_and_iv(self, password, salt, key_length, iv_length): # derive key and IV from password and salt.
         d = d_i = b''
         while len(d) < key_length + iv_length:
-            #d_i = hashlib.md5(d_i + str.encode(password) + salt).digest() #obtain the md5 hash value
-            d_i = hashlib.md5(d_i + password + salt).digest() #obtain the md5 hash value
+            d_i = hashlib.md5(d_i + password + salt).digest() # obtain the md5 hash value
             d += d_i
         return d[:key_length], d[key_length:key_length+iv_length]
 
@@ -260,7 +264,7 @@ class enctable(database): # https://www.thesecuritybuddy.com/cryptography-and-py
         in_file=open(in_file,"rb")
         out_uuid=out_filepath.split("/")[-1].split(".")[0]
         out_file=open(f"{out_filepath}","wb")
-        bs = AES.block_size #16 bytes
+        bs = AES.block_size # 16 bytes
         if not password:
             password = os.urandom(bs*random.randint(1,4))
             if self.get_item("NAME", out_uuid)[0] == "":
@@ -273,9 +277,7 @@ class enctable(database): # https://www.thesecuritybuddy.com/cryptography-and-py
                     else:
                         print("ERROR: MULTIPLE PASSWORD ENTRIES FOUND!")
                         return False
-                #print("ERROR: ENTRY FOR UUID {} ALREADY EXISTS!".format(out_uuid))
-                #return False
-        salt = os.urandom(bs) #return a string of random bytes
+        salt = os.urandom(bs) # return a string of random bytes
         key, iv = self.derive_key_and_iv(password, salt, key_length, bs)
         cipher = AES.new(key, AES.MODE_CBC, iv)
         out_file.write(salt)
@@ -283,7 +285,7 @@ class enctable(database): # https://www.thesecuritybuddy.com/cryptography-and-py
 
         while not finished:
             chunk = in_file.read(1024 * bs) 
-            if len(chunk) == 0 or len(chunk) % bs != 0:#final block/chunk is padded before encryption
+            if len(chunk) == 0 or len(chunk) % bs != 0:# final block/chunk is padded before encryption
                 padding_length = (bs - len(chunk) % bs) or bs
                 chunk += str.encode(padding_length * chr(padding_length))
                 finished = True
@@ -304,7 +306,6 @@ class enctable(database): # https://www.thesecuritybuddy.com/cryptography-and-py
             out_temp=tempfile.mkstemp(prefix="image-index-")
             filepath=out_temp[1]
             out_file=open(filepath,"wb")
-            #out_file=temp_file
         else:
             filepath=out_file
             out_file=open(out_file,"wb")
@@ -313,12 +314,14 @@ class enctable(database): # https://www.thesecuritybuddy.com/cryptography-and-py
             if password_list[0] != "":
                 if len(password_list) == 1:
                     password=b64decode(password_list[0][2].encode())
-                else:
+                elif len(password_list) > 1:
                     print("ERROR: MULTIPLE PASSWORD ENTRIES FOUND!")
                     return False
             else:
                 print("ERROR: NO PASSWORD FOUND FOR DECRYPTION!")
                 return False
+        else:
+            password=b64decode(password.encode())
         bs = AES.block_size
         salt = in_file.read(bs)
         key, iv = self.derive_key_and_iv(password, salt, key_length, bs)
@@ -349,9 +352,9 @@ class metatable(database):
 
     def add_index(self,val,alias,randhex=None):
         if not randhex:
-            randhex=get_randhex()
+            randhex=get_randchar()
         if self.name == "TAGS" or bencrypt:
-            val=get_randhex(8)
+            val=get_randchar(8)
         else:
             val=re.sub('[ ,?!/\\:!*"<>|]', '', val)
         super().add_index([val[:8] + "-" + randhex,alias])
@@ -663,10 +666,10 @@ class filestable(database):
         
         return self.select_index(selection,quiet)
 
-def get_randhex(count=5):
+def get_randchar(count=5):
     randhex=""
     for i in range(count):
-        randhex+=random.choice("0123456789abcdef")
+        randhex+=random.choice("0123456789abcdefghijklmnopqrstuvwxyz")
     return randhex
 
 def add(args):