HIBP excluded entries are still included when scanning

[koitsu]

Scenario

• A KeePass group has 10 entries in it
• Of those 10 entries, 4 are marked "Excluded" (for HIBP checks)
• Select all 10 entries in KeePass
• Right-click and select "Have I Been Pwned? -> Check"
• All 10 entries are checked (rather than just 6)
  • I ASSUME all 10 are checked; the progress bar size etc. seems to imply all 10 are checked, given the interval delay between all 10

Conclusion

It seems the Excluded feature is only considered when checking the entire password database (via Tools -> HIBP Offline Check... -> Check All Passwords), and not through the right-click context menu.

I can see the use for doing HIBP checks for entries which are marked Excluded, but not as a default; a user expects an excluded entry to truly be excluded.

Recommended change

In the right-click context menu, make a new option called "Check (forced)", which will check selected entries regardless of their Excluded status. However, "Check" should exclude entries as described above.

[mihaifm]

Hi, thanks for the detailed report.

Excluded passwords are not checked, it is just the progress bar that counts all passwords.

Not sure if it's worth fixing, it would just complicate the logic for the progress bar, but I'll give it a thought.

[koitsu]

This provokes a lot of questions :) Sorry for them in advance.

• How would this complicate the logic? The progress bar certainly knows "how many" total items there are (otherwise it would not be able to calculate the length accurately); is it that hard to count the number of "Excluded" entries and subtract that from the total?
• If it's just the progress bar that counts all the selected entries, then what is it doing for the entries that are excluded? In my example, for those 4 entries? Why is there an interval delay (which implies a sleep/wait interval to keep HIBP API rate-limiting from kicking or the equivalent)?

Kind of strange logic going on here, but you know the code, not me.