From 8b9aec6940941913ed85c97f3902534b330d5fbf Mon Sep 17 00:00:00 2001 From: Matjaz Kavcic Date: Fri, 5 May 2023 17:29:36 +0200 Subject: [PATCH 1/6] Fix encryption/decryption of arrays --- lib/diffcrypt/encryptor.rb | 17 +++++++++++++---- lib/diffcrypt/version.rb | 2 +- test/diffcrypt/encryptor_test.rb | 12 +++++++++++- test/rails_test.rb | 4 ++-- 4 files changed, 27 insertions(+), 8 deletions(-) diff --git a/lib/diffcrypt/encryptor.rb b/lib/diffcrypt/encryptor.rb index 2bfc98b..eafb039 100644 --- a/lib/diffcrypt/encryptor.rb +++ b/lib/diffcrypt/encryptor.rb @@ -33,16 +33,21 @@ def decrypt(contents) # @param [Hash] data # @return [Hash] + # rubocop:disable Metrics/MethodLength def decrypt_hash(data) data.each do |key, value| - data[key] = if value.is_a?(Hash) || value.is_a?(Array) + data[key] = case value + when Hash decrypt_hash(value) + when Array + value.map { |v| decrypt_hash(v) } else decrypt_string value end end data end + # rubocop:enable Metrics/MethodLength # @param [String] contents The raw YAML string to be encrypted # @param [String, nil] original_encrypted_contents The original (encrypted) content to determine which keys have changed @@ -72,14 +77,18 @@ def encrypt_string(value) end # TODO: Fix the complexity of this method - # rubocop:disable Metrics/PerceivedComplexity, Metrics/MethodLength, Metrics/CyclomaticComplexity + # rubocop:disable Metrics/MethodLength, Metrics/CyclomaticComplexity # @param [Hash] keys # @return [Hash] def encrypt_values(data, original_data = nil) data.each do |key, value| original_encrypted_value = original_data ? original_data[key] : nil - data[key] = if value.is_a?(Hash) || value.is_a?(Array) + + data[key] = case value + when Hash encrypt_values(value, original_encrypted_value) + when Array + value.map { |v| encrypt_values(v, original_encrypted_value) } else original_decrypted_value = original_encrypted_value ? decrypt_string(original_encrypted_value) : nil key_changed = original_decrypted_value.nil? || original_decrypted_value != value @@ -88,7 +97,7 @@ def encrypt_values(data, original_data = nil) end data.sort.to_h end - # rubocop:enable Metrics/PerceivedComplexity, Metrics/MethodLength, Metrics/CyclomaticComplexity + # rubocop:enable Metrics/MethodLength, Metrics/CyclomaticComplexity # @param [String] value The encrypted value that needs decrypting # @return [String] diff --git a/lib/diffcrypt/version.rb b/lib/diffcrypt/version.rb index 55d2d2a..f3b3c04 100644 --- a/lib/diffcrypt/version.rb +++ b/lib/diffcrypt/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Diffcrypt - VERSION = '0.6.1' + VERSION = '0.6.2' end diff --git a/test/diffcrypt/encryptor_test.rb b/test/diffcrypt/encryptor_test.rb index 675a06d..7fa3e20 100644 --- a/test/diffcrypt/encryptor_test.rb +++ b/test/diffcrypt/encryptor_test.rb @@ -46,12 +46,19 @@ def test_it_encrypts_root_values def test_it_decrypts_nested_structures encrypted_content = <<~CONTENT data: + array: + - item1: 7HJjrwQ6KqH+jvu1pOZGqQ==--E2ipnCNCszD6oixM--QZapG/8wrPtwbUVDe9evsw== + - item2: IvwdxcAV+38MvNsKYdNCEg==--6y7Aj4nmFLOTGrx3--rRH8ni3yks2eid91jde2hg== secret_key_base: 88Ry6HESUoXBr6QUFXmni9zzfCIYt9qGNFvIWFcN--4xoecI5mqbNRBibI--62qPJbkzzh5h8lhFEFOSaQ== aws: access_key_id: Ot/uCTEL+8kp61EPctnxNlg=--Be6sg7OdvjZlfxgR--7qRbbf0lA4VgjnUGUrrFwg== + CONTENT expected = <<~CONTENT --- + array: + - item1: value1 + - item2: value2 secret_key_base: secret_key_base_test aws: access_key_id: AKIAXXX @@ -66,8 +73,11 @@ def test_it_encrypts_nested_structures secret_key_base: secret_key_base_test aws: access_key_id: AKIAXXX + array: + - item1: value1 + - item2: value2 CONTENT - expected_pattern = /---\naws:\n access_key_id: #{ENCRYPTED_VALUE_PATTERN}\nsecret_key_base: #{ENCRYPTED_VALUE_PATTERN}\n/ + expected_pattern = /---\narray:\n- item1: #{ENCRYPTED_VALUE_PATTERN}\n- item2: #{ENCRYPTED_VALUE_PATTERN}\naws:\n access_key_id: #{ENCRYPTED_VALUE_PATTERN}\nsecret_key_base: #{ENCRYPTED_VALUE_PATTERN}/ assert_match expected_pattern, Diffcrypt::Encryptor.new(TEST_KEY_128, cipher: 'aes-128-gcm').encrypt_data(content).to_yaml end diff --git a/test/rails_test.rb b/test/rails_test.rb index 405ad80..96e16b0 100644 --- a/test/rails_test.rb +++ b/test/rails_test.rb @@ -6,9 +6,9 @@ require 'open3' RAILS_VERSIONS = %w[ - 6.0.4.4 + 6.0.6.1 6.1.4.4 - 7.0.1 + 7.0.4.3 ].freeze RAILS_FLAGS = %w[ From 241a10123446243e8d87098687e98c941e3f5459 Mon Sep 17 00:00:00 2001 From: Matjaz Kavcic Date: Fri, 5 May 2023 17:59:19 +0200 Subject: [PATCH 2/6] Add subitems to specs --- test/diffcrypt/encryptor_test.rb | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/test/diffcrypt/encryptor_test.rb b/test/diffcrypt/encryptor_test.rb index 7fa3e20..9be3304 100644 --- a/test/diffcrypt/encryptor_test.rb +++ b/test/diffcrypt/encryptor_test.rb @@ -47,8 +47,9 @@ def test_it_decrypts_nested_structures encrypted_content = <<~CONTENT data: array: - - item1: 7HJjrwQ6KqH+jvu1pOZGqQ==--E2ipnCNCszD6oixM--QZapG/8wrPtwbUVDe9evsw== - - item2: IvwdxcAV+38MvNsKYdNCEg==--6y7Aj4nmFLOTGrx3--rRH8ni3yks2eid91jde2hg== + - item1: 7HJjrwQ6KqH+jvu1pOZGqQ==--E2ipnCNCszD6oixM--QZapG/8wrPtwbUVDe9evsw== + subitem: oNNLBGwL45VvOv7elkRTHZTcNQ==--iFBc53R3F26zsvTK--6iEtqH7TR7TSS6fJOHwfPg== + - item2: IvwdxcAV+38MvNsKYdNCEg==--6y7Aj4nmFLOTGrx3--rRH8ni3yks2eid91jde2hg== secret_key_base: 88Ry6HESUoXBr6QUFXmni9zzfCIYt9qGNFvIWFcN--4xoecI5mqbNRBibI--62qPJbkzzh5h8lhFEFOSaQ== aws: access_key_id: Ot/uCTEL+8kp61EPctnxNlg=--Be6sg7OdvjZlfxgR--7qRbbf0lA4VgjnUGUrrFwg== @@ -58,6 +59,7 @@ def test_it_decrypts_nested_structures --- array: - item1: value1 + subitem: value sub - item2: value2 secret_key_base: secret_key_base_test aws: @@ -74,10 +76,13 @@ def test_it_encrypts_nested_structures aws: access_key_id: AKIAXXX array: - - item1: value1 - - item2: value2 + - item1: value1 + subitem: value sub + - item2: value2 CONTENT - expected_pattern = /---\narray:\n- item1: #{ENCRYPTED_VALUE_PATTERN}\n- item2: #{ENCRYPTED_VALUE_PATTERN}\naws:\n access_key_id: #{ENCRYPTED_VALUE_PATTERN}\nsecret_key_base: #{ENCRYPTED_VALUE_PATTERN}/ + expected_pattern = /---\narray:\n- item1: #{ENCRYPTED_VALUE_PATTERN}\n subitem: #{ENCRYPTED_VALUE_PATTERN}\n- item2: #{ENCRYPTED_VALUE_PATTERN}\naws:\n access_key_id: #{ENCRYPTED_VALUE_PATTERN}\nsecret_key_base: #{ENCRYPTED_VALUE_PATTERN}/ + + pp Diffcrypt::Encryptor.new(TEST_KEY_128, cipher: 'aes-128-gcm').encrypt_data(content).to_yaml assert_match expected_pattern, Diffcrypt::Encryptor.new(TEST_KEY_128, cipher: 'aes-128-gcm').encrypt_data(content).to_yaml end From fcd035554d385451c6867c82c1cea155647dc3e8 Mon Sep 17 00:00:00 2001 From: Matjaz Kavcic Date: Fri, 5 May 2023 18:07:44 +0200 Subject: [PATCH 3/6] Remove pp --- test/diffcrypt/encryptor_test.rb | 2 -- 1 file changed, 2 deletions(-) diff --git a/test/diffcrypt/encryptor_test.rb b/test/diffcrypt/encryptor_test.rb index 9be3304..2c40a86 100644 --- a/test/diffcrypt/encryptor_test.rb +++ b/test/diffcrypt/encryptor_test.rb @@ -82,8 +82,6 @@ def test_it_encrypts_nested_structures CONTENT expected_pattern = /---\narray:\n- item1: #{ENCRYPTED_VALUE_PATTERN}\n subitem: #{ENCRYPTED_VALUE_PATTERN}\n- item2: #{ENCRYPTED_VALUE_PATTERN}\naws:\n access_key_id: #{ENCRYPTED_VALUE_PATTERN}\nsecret_key_base: #{ENCRYPTED_VALUE_PATTERN}/ - pp Diffcrypt::Encryptor.new(TEST_KEY_128, cipher: 'aes-128-gcm').encrypt_data(content).to_yaml - assert_match expected_pattern, Diffcrypt::Encryptor.new(TEST_KEY_128, cipher: 'aes-128-gcm').encrypt_data(content).to_yaml end From f2ba74e13aa1567d6f162e017a870e19fb82435d Mon Sep 17 00:00:00 2001 From: Matjaz Kavcic Date: Fri, 5 May 2023 19:50:30 +0200 Subject: [PATCH 4/6] Diff arrays correctly --- lib/diffcrypt/encryptor.rb | 8 ++++---- test/diffcrypt/encryptor_test.rb | 8 ++++++++ 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/lib/diffcrypt/encryptor.rb b/lib/diffcrypt/encryptor.rb index eafb039..9db64ed 100644 --- a/lib/diffcrypt/encryptor.rb +++ b/lib/diffcrypt/encryptor.rb @@ -77,18 +77,18 @@ def encrypt_string(value) end # TODO: Fix the complexity of this method - # rubocop:disable Metrics/MethodLength, Metrics/CyclomaticComplexity + # rubocop:disable Metrics/MethodLength, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/AbcSize # @param [Hash] keys # @return [Hash] def encrypt_values(data, original_data = nil) data.each do |key, value| - original_encrypted_value = original_data ? original_data[key] : nil + original_encrypted_value = original_data&.dig(key) data[key] = case value when Hash encrypt_values(value, original_encrypted_value) when Array - value.map { |v| encrypt_values(v, original_encrypted_value) } + value.map.with_index { |v, i| encrypt_values(v, original_encrypted_value&.dig(i)) } else original_decrypted_value = original_encrypted_value ? decrypt_string(original_encrypted_value) : nil key_changed = original_decrypted_value.nil? || original_decrypted_value != value @@ -97,7 +97,7 @@ def encrypt_values(data, original_data = nil) end data.sort.to_h end - # rubocop:enable Metrics/MethodLength, Metrics/CyclomaticComplexity + # rubocop:enable Metrics/MethodLength, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/AbcSize # @param [String] value The encrypted value that needs decrypting # @return [String] diff --git a/test/diffcrypt/encryptor_test.rb b/test/diffcrypt/encryptor_test.rb index 2c40a86..0b8aaa8 100644 --- a/test/diffcrypt/encryptor_test.rb +++ b/test/diffcrypt/encryptor_test.rb @@ -95,6 +95,14 @@ def test_it_only_updates_changed_values assert_match expected_pattern, Diffcrypt::Encryptor.new(TEST_KEY_128, cipher: 'aes-128-gcm').encrypt_data(updated_content, original_encrypted_content).to_yaml end + def test_it_only_updates_changed_values_for_arrays + original_encrypted_content = "---\ndata:\n array:\n - item1: 7HJjrwQ6KqH+jvu1pOZGqQ==--E2ipnCNCszD6oixM--QZapG/8wrPtwbUVDe9evsw==\n - item2: IvwdxcAV+38MvNsKYdNCEg==--6y7Aj4nmFLOTGrx3--rRH8ni3yks2eid91jde2hg==\n" + updated_content = "---\narray:\n - item1: value1\n - item2: value2" + expected_pattern = %r{---\narray:\n- item1: 7HJjrwQ6KqH\+jvu1pOZGqQ==--E2ipnCNCszD6oixM--QZapG/8wrPtwbUVDe9evsw==\n- item2: IvwdxcAV\+38MvNsKYdNCEg==--6y7Aj4nmFLOTGrx3--rRH8ni3yks2eid91jde2hg==\n} + + assert_match expected_pattern, Diffcrypt::Encryptor.new(TEST_KEY_128, cipher: 'aes-128-gcm').encrypt_data(updated_content, original_encrypted_content).to_yaml + end + def test_it_assumes_changed_when_no_original_value original_encrypted_content = "---\ndata:\n secret_key_base_1: 88Ry6HESUoXBr6QUFXmni9zzfCIYt9qGNFvIWFcN--4xoecI5mqbNRBibI--62qPJbkzzh5h8lhFEFOSaQ==\n" updated_content = "---\nsecret_key_base_1: secret_key_base_test\naws:\n access_key_id: new_value\n" From 7fd777ed702dc28e0c481b2b6976166f2e869b87 Mon Sep 17 00:00:00 2001 From: Matjaz Kavcic Date: Thu, 21 Dec 2023 08:18:41 +0100 Subject: [PATCH 5/6] PR comments --- lib/diffcrypt/version.rb | 2 +- test/rails_test.rb | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/diffcrypt/version.rb b/lib/diffcrypt/version.rb index f3b3c04..55d2d2a 100644 --- a/lib/diffcrypt/version.rb +++ b/lib/diffcrypt/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Diffcrypt - VERSION = '0.6.2' + VERSION = '0.6.1' end diff --git a/test/rails_test.rb b/test/rails_test.rb index 96e16b0..d7af07b 100644 --- a/test/rails_test.rb +++ b/test/rails_test.rb @@ -8,7 +8,6 @@ RAILS_VERSIONS = %w[ 6.0.6.1 6.1.4.4 - 7.0.4.3 ].freeze RAILS_FLAGS = %w[ From 9386db47ed6eb425af37784310718e0d92a61553 Mon Sep 17 00:00:00 2001 From: Matjaz Kavcic Date: Thu, 21 Dec 2023 08:26:20 +0100 Subject: [PATCH 6/6] Fix test versions --- test/rails_test.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/rails_test.rb b/test/rails_test.rb index d7af07b..405ad80 100644 --- a/test/rails_test.rb +++ b/test/rails_test.rb @@ -6,8 +6,9 @@ require 'open3' RAILS_VERSIONS = %w[ - 6.0.6.1 + 6.0.4.4 6.1.4.4 + 7.0.1 ].freeze RAILS_FLAGS = %w[