Tuesday, March 2, 2010

Using Google App Script to return a GRC Password

On the weekend a did some experimenting with Google App Script. I first looked at Google App Script  during its brief pre-release phase but aside from following the tutorials I never did something useful with it of my own.

Of course there are lots of useful things Google App Script can help you out with, especially now that Google has added additional APIs for accessing more services. Workplaces using Google Apps (like my company) should especially find a lot of use for the script for automating common tasks.

To get my feet wet again with Google App Script I chose to work on something very simple (single function simple) and marginally useful to me. I wrote a Google Spreadsheet function that would pull a new 64 character high-quality random password from grc.com whenever it runs. Aside: GRC stands for Gibson Research Corporation; I listen to Steve Gibson and the Security Now netcast each week.

See below for the script itself. It is very simple. To try it, open a google spreadsheet, open its script editor and paste in the script. In a spreadsheet cell, use the formula '=getGRCPassword()'. Whenever the cell recalculates, a new password will be retrieved.

var sPasswordPageAddr = 'https://www.grc.com/passwords.htm';
var sPreambleText = 'preceding fragment from grc. Unfortunately '

  + 'blogger could not deal with it';

//This is a function which will return a new alphamnumeric only 

//password from GRC.com.
function getGrcPassword() {

  //get content of password page
  try {
    var response = UrlFetchApp.fetch(sPasswordPageAddr);
  } catch(e) { return e.message; }

  //Examine response and extract password
  //check to see if page received successfully:
  if(response.getResponseCode() == 200) {

    //if received successfully, examine the content and look for our preamble    

    responseText = response.getContentText();
    iPasswordPreambleStart = responseText.indexOf(sPreambleText);

    //check to see if preamble marker was found
    if(iPasswordPreambleStart > 0) {

    //preamble marker was found, extract the password
    iPasswordStart = iPasswordPreambleStart + sPreambleText.length;
    sPassword = responseText.substr(iPasswordStart, 63);

    //display the password for now
    return sPassword;

  } else {

    //We could not find the password preamble. Maybe the page has changed?
    return 'Could not find password string. Page structure might have changed';

} else {

    //bad response from webserver. Maybe our address is wrong.
    //Maybe their webserver is down, etc

    return 'Problem accessing ' + sPasswordPageAddr
    + ': Response code ' + response.getResponseCode();

Note that I pull the password out using basic text searching. A more robust approach would be to use forgiving HTML parser. As it stands now the approach below is easily broken by a minor page update. I did not use a HTML parser since I could not find an appropriate one to use given the environment. I will keep looking.

No comments:

Post a Comment