RubyGems - active_storage_encryption - Versions diffs - 0.1.0 → 0.2.0 - Mend

active_storage_encryption 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (142) hide show

data/test/integration/encrypted_blobs_controller_test.rb CHANGED Viewed

@@ -9,9 +9,6 @@ class ActiveStorageEncryptionEncryptedBlobsControllerTest < ActionDispatch::Inte
     @service = ActiveStorageEncryption::EncryptedDiskService.new(root: @storage_dir, private_url_policy: "stream")
     @service.name = "amazing_encrypting_disk_service" # Needed for the controller and service lookup
-    # Hack: sneakily add our service to them configurations
-    # ActiveStorage::Blob.services.send(:services)["amazing_encrypting_disk_service"] = @service
     # We need to set our service as the default, because the controller does lookup from the application config -
     # which does not include the service we define here
     @previous_default_service = ActiveStorage::Blob.service
@@ -48,133 +45,6 @@ class ActiveStorageEncryptionEncryptedBlobsControllerTest < ActionDispatch::Inte
     ActiveStorageEncryption::Engine.routes.url_helpers
   end
-  test "show() returns the decrypted blob body" do
-    rng = Random.new(Minitest.seed)
-    key = SecureRandom.base36(12)
-    encryption_key = rng.bytes(32)
-    plaintext = rng.bytes(512)
-    @service.upload(key, StringIO.new(plaintext).binmode, encryption_key: encryption_key)
-    streaming_url = @service.url(key, encryption_key: encryption_key, filename: ActiveStorage::Filename.new("private.doc"), expires_in: 30.seconds, disposition: "inline", content_type: "x-office/severance")
-    get streaming_url
-    assert_response :success
-    assert_equal "x-office/severance", response.headers["content-type"]
-    assert_equal plaintext, response.body
-  end
-  test "show() refuses a request which goes to a non-encrypted Service" do
-    rng = Random.new(Minitest.seed)
-    key = SecureRandom.base36(12)
-    encryption_key = rng.bytes(32)
-    plaintext = rng.bytes(512)
-    @service.upload(key, StringIO.new(plaintext).binmode, encryption_key: encryption_key)
-    streaming_url = @service.url(key, encryption_key: encryption_key, filename: ActiveStorage::Filename.new("private.doc"), expires_in: 30.seconds, disposition: "inline", content_type: "x-office/severance")
-    # Sneak in a non-encrypted service under the same key
-    ActiveStorage::Blob.services[@service.name] = @non_encrypted_default_service
-    get streaming_url
-    assert_response :forbidden
-  end
-  test "show() refuses a request which has an incorrect encryption key" do
-    rng = Random.new(Minitest.seed)
-    key = SecureRandom.base36(12)
-    encryption_key = rng.bytes(32)
-    plaintext = rng.bytes(512)
-    @service.upload(key, StringIO.new(plaintext).binmode, encryption_key: encryption_key)
-    another_encryption_key = rng.bytes(32)
-    refute_equal encryption_key, another_encryption_key
-    streaming_url = @service.url(key, encryption_key: another_encryption_key, filename: ActiveStorage::Filename.new("private.doc"), expires_in: 30.seconds, disposition: "inline", content_type: "x-office/severance")
-    get streaming_url
-    assert_response :forbidden
-  end
-  test "show() refuses a request with a garbage token" do
-    get engine_routes.encrypted_blob_streaming_get_path(token: "garbage", filename: "exfil.bin")
-    assert_response :forbidden
-  end
-  test "show() refuses a request with a token that has been encrypted using an incorrect encryption key" do
-    https!
-    rng = Random.new(Minitest.seed)
-    encryptor_key = rng.bytes(32)
-    other_encryptor = ActiveStorageEncryption::TokenEncryptor.new(encryptor_key, url_safe: encryptor_key)
-    key = SecureRandom.base36(12)
-    encryption_key = rng.bytes(32)
-    @service.upload(key, StringIO.new(rng.bytes(512)).binmode, encryption_key: encryption_key)
-    streaming_url = ActiveStorageEncryption.stub(:token_encryptor, -> { other_encryptor }) do
-      @service.url(key, encryption_key: encryption_key, filename: ActiveStorage::Filename.new("private.doc"), expires_in: 3.seconds, disposition: "inline", content_type: "binary/octet-stream")
-    end
-    get streaming_url
-    assert_response :forbidden
-  end
-  test "show() refuses a request with a token that has expired" do
-    rng = Random.new(Minitest.seed)
-    key = SecureRandom.base36(12)
-    encryption_key = rng.bytes(32)
-    @service.upload(key, StringIO.new(rng.bytes(512)).binmode, encryption_key: encryption_key)
-    streaming_url = @service.url(key, encryption_key: encryption_key, filename: ActiveStorage::Filename.new("private.doc"), expires_in: 3.seconds, disposition: "inline", content_type: "binary/octet-stream")
-    travel 5.seconds
-    get streaming_url
-    assert_response :forbidden
-  end
-  test "show() requires headers if the private_url_policy of the service is set to :require_headers" do
-    rng = Random.new(Minitest.seed)
-    key = SecureRandom.base36(12)
-    encryption_key = rng.bytes(32)
-    plaintext = rng.bytes(512)
-    @service.upload(key, StringIO.new(plaintext).binmode, encryption_key: encryption_key)
-    # The policy needs to be set before we generate the token (the token includes require_headers)
-    @service.private_url_policy = :require_headers
-    streaming_url = @service.url(key, encryption_key: encryption_key, filename: ActiveStorage::Filename.new("private.doc"), expires_in: 30.seconds, disposition: "inline", content_type: "x-office/severance")
-    get streaming_url
-    assert_response :forbidden # Without headers
-    get streaming_url, headers: {"HTTP_X_ACTIVE_STORAGE_ENCRYPTION_KEY" => Base64.strict_encode64(encryption_key)}
-    assert_response :success
-    assert_equal "x-office/severance", response.headers["content-type"]
-    assert_equal plaintext, response.body
-  end
-  test "show() refuses a request if the service no longer permits private URLs" do
-    rng = Random.new(Minitest.seed)
-    key = SecureRandom.base36(12)
-    encryption_key = rng.bytes(32)
-    plaintext = rng.bytes(512)
-    @service.upload(key, StringIO.new(plaintext).binmode, encryption_key: encryption_key)
-    streaming_url = @service.url(key, encryption_key: encryption_key, filename: ActiveStorage::Filename.new("private.doc"), expires_in: 30.seconds, disposition: "inline", content_type: "x-office/severance")
-    @service.private_url_policy = :disable
-    get streaming_url
-    assert_response :forbidden # Without headers
-    get streaming_url, headers: {"HTTP_X_ACTIVE_STORAGE_ENCRYPTION_KEY" => Base64.strict_encode64(encryption_key)}
-    assert_response :forbidden # Without headers
-  end
   test "create_direct_upload creates a blob and returns the headers and the URL to start the upload, which are for the correct service name" do
     rng = Random.new(Minitest.seed)
     plaintext = rng.bytes(512)

data/test/lib/encrypted_disk_service_test.rb CHANGED Viewed

@@ -91,95 +91,15 @@ class ActiveStorageEncryption::EncryptedDiskServiceTest < ActiveSupport::TestCas
     assert_equal Digest::SHA256.hexdigest(plaintext_upload_bytes), Digest::SHA256.hexdigest(readback_bytes)
   end
-  def test_get_with_headers_always_succeeds
-    @service.private_url_policy = :require_headers
-    key = "key-1"
-    k = Random.bytes(68)
-    plaintext_upload_bytes = generate_random_binary_string
-    @service.upload(key, StringIO.new(plaintext_upload_bytes), encryption_key: k)
-    ActiveStorage::Blob.service = @service # So that the controller can find it
-    # ActiveStorage wraps the passed filename in a wrapper thingy
-    filename_with_sanitization = ActiveStorage::Filename.new("temp.bin")
-    url = @service.url(key, filename: filename_with_sanitization, content_type: "binary/octet-stream", disposition: "inline", encryption_key: k, expires_in: 10.seconds)
-    assert url.include?("/active-storage-encryption/blob/")
-    uri = URI.parse(url)
-    # Do a super-minimalistic test on the DiskController. ActionController is actually a Rack app (or, rather: every controller action is a Rack app).
-    # It can thus be called with a minimal Rack env. For the definition of "minimal", see https://github.com/rack/rack/blob/main/SPEC.rdoc#the-environment-
-    rack_env = {
-      "SCRIPT_NAME" => "",
-      "PATH_INFO" => uri.path,
-      "QUERY_STRING" => uri.query,
-      "REQUEST_METHOD" => "GET",
-      "SERVER_NAME" => uri.host,
-      "HTTP_X_ACTIVE_STORAGE_ENCRYPTION_KEY" => Base64.strict_encode64(k),
-      "rack.input" => StringIO.new(""),
-      "action_dispatch.request.parameters" => {
-        # The controller expects the Rails router to have injected this param by extracting
-        # it from the route path. The upload param is mapped to :encoded_token, the download param is
-        # mapped to :encoded_key - likely because there was an exploit with ActiveStorage where keys
-        # generated for download could be used for uploading (and thus - overwriting)
-        "token" => uri.path.split("/")[-2] # For "show", the last path param is actually the filename - this is because Content-Disposition can be unreliable for download filename
-      }
-    }
-    action_app = ActiveStorageEncryption::EncryptedBlobsController.action(:show)
-    status, _headers, body = action_app.call(rack_env)
-    assert_equal 200, status
-    readback_bytes = (+"").b.tap do |buf|
-      body.each { |chunk| buf << chunk }
-    end
-    assert_equal Digest::SHA256.hexdigest(plaintext_upload_bytes), Digest::SHA256.hexdigest(readback_bytes)
-  end
-  def test_get_without_headers_succeeds_if_service_permits
+  def test_private_url
     @service.private_url_policy = :stream
-    key = "key-1"
-    k = Random.bytes(68)
-    plaintext_upload_bytes = generate_random_binary_string
-    @service.upload(key, StringIO.new(plaintext_upload_bytes), encryption_key: k)
-    ActiveStorage::Blob.service = @service # So that the controller can find it
     # ActiveStorage wraps the passed filename in a wrapper thingy
     filename_with_sanitization = ActiveStorage::Filename.new("temp.bin")
-    url = @service.url(key, filename: filename_with_sanitization, content_type: "binary/octet-stream", disposition: "inline", encryption_key: k, expires_in: 10.seconds)
+    key = "key-1"
+    encryption_key = Random.bytes(32)
+    url = @service.url(key, blob_byte_size: 14, filename: filename_with_sanitization, content_type: "binary/octet-stream", disposition: "inline", encryption_key:, expires_in: 10.seconds)
     assert url.include?("/active-storage-encryption/blob/")
-    uri = URI.parse(url)
-    # Do a super-minimalistic test on the DiskController. ActionController is actually a Rack app (or, rather: every controller action is a Rack app).
-    # It can thus be called with a minimal Rack env. For the definition of "minimal", see https://github.com/rack/rack/blob/main/SPEC.rdoc#the-environment-
-    rack_env = {
-      "SCRIPT_NAME" => "",
-      "PATH_INFO" => uri.path,
-      "QUERY_STRING" => uri.query,
-      "REQUEST_METHOD" => "GET",
-      "SERVER_NAME" => uri.host,
-      "rack.input" => StringIO.new(""),
-      "action_dispatch.request.parameters" => {
-        # The controller expects the Rails router to have injected this param by extracting
-        # it from the route path. The upload param is mapped to :encoded_token, the download param is
-        # mapped to :encoded_key - likely because there was an exploit with ActiveStorage where keys
-        # generated for download could be used for uploading (and thus - overwriting)
-        "token" => uri.path.split("/")[-2] # For "show", the last path param is actually the filename - this is because Content-Disposition can be unreliable for download filename
-      }
-    }
-    action_app = ActiveStorageEncryption::EncryptedBlobsController.action(:show)
-    status, _headers, body = action_app.call(rack_env)
-    assert_equal 200, status
-    readback_bytes = (+"").b.tap do |buf|
-      body.each { |chunk| buf << chunk }
-    end
-    assert_equal Digest::SHA256.hexdigest(plaintext_upload_bytes), Digest::SHA256.hexdigest(readback_bytes)
   end
   def test_generating_url_fails_if_streaming_is_off_for_the_service
@@ -193,44 +113,10 @@ class ActiveStorageEncryption::EncryptedDiskServiceTest < ActiveSupport::TestCas
     # ActiveStorage wraps the passed filename in a wrapper thingy
     filename_with_sanitization = ActiveStorage::Filename.new("temp.bin")
     assert_raises ActiveStorageEncryption::StreamingDisabled do
-      @service.url(key, filename: filename_with_sanitization, content_type: "binary/octet-stream", disposition: "inline", encryption_key: k, expires_in: 10.seconds)
+      @service.url(key, blob_byte_size: 12, filename: filename_with_sanitization, content_type: "binary/octet-stream", disposition: "inline", encryption_key: k, expires_in: 10.seconds)
     end
   end
-  def test_get_without_headers_fails_if_service_does_not_permit
-    @service.private_url_policy = :require_headers
-    key = "key-1"
-    k = Random.bytes(68)
-    plaintext_upload_bytes = generate_random_binary_string
-    @service.upload(key, StringIO.new(plaintext_upload_bytes), encryption_key: k)
-    ActiveStorage::Blob.service = @service # So that the controller can find it
-    # ActiveStorage wraps the passed filename in a wrapper thingy
-    filename_with_sanitization = ActiveStorage::Filename.new("temp.bin")
-    url = @service.url(key, filename: filename_with_sanitization, content_type: "binary/octet-stream", disposition: "inline", encryption_key: k, expires_in: 10.seconds)
-    uri = URI.parse(url)
-    # Do a super-minimalistic test on the DiskController. ActionController is actually a Rack app (or, rather: every controller action is a Rack app).
-    # It can thus be called with a minimal Rack env. For the definition of "minimal", see https://github.com/rack/rack/blob/main/SPEC.rdoc#the-environment-
-    rack_env = {
-      "SCRIPT_NAME" => "",
-      "PATH_INFO" => uri.path,
-      "QUERY_STRING" => uri.query,
-      "REQUEST_METHOD" => "GET",
-      "SERVER_NAME" => uri.host,
-      "rack.input" => StringIO.new(""),
-      # Omit x-disk-encryption-key
-      "action_dispatch.request.parameters" => {
-        "token" => uri.path.split("/")[-2] # For "show", the last path param is actually the filename - this is because Content-Disposition can be unreliable for download filename
-      }
-    }
-    action_app = ActiveStorageEncryption::EncryptedBlobsController.action(:show)
-    status, _headers, _body = action_app.call(rack_env)
-    assert_equal 403, status
-  end
   def test_upload_then_download_using_correct_key
     storage_blob_key = "key-1"
     k = Random.bytes(68)

data/test/lib/encrypted_mirror_service_test.rb CHANGED Viewed

@@ -119,7 +119,7 @@ class ActiveStorageEncryption::EncryptedMirrorServiceTest < ActiveSupport::TestC
     # ActiveStorage wraps the passed filename in a wrapper thingy
     filename_with_sanitization = ActiveStorage::Filename.new("temp.bin")
-    url = @service.url(key, filename: filename_with_sanitization, content_type: "binary/octet-stream", disposition: "inline", encryption_key: k, expires_in: 10.seconds)
+    url = @service.url(key, blob_byte_size: 13, filename: filename_with_sanitization, content_type: "binary/octet-stream", disposition: "inline", encryption_key: k, expires_in: 10.seconds)
     assert url.include?("/active-storage-encryption/blob/")
   end

data/test/lib/encrypted_s3_service_test.rb CHANGED Viewed

@@ -73,7 +73,9 @@ class ActiveStorageEncryption::EncryptedS3ServiceTest < ActiveSupport::TestCase
     # ActiveStorage wraps the passed filename in a wrapper thingy
     filename_with_sanitization = ActiveStorage::Filename.new("temp.bin")
-    url = @service.url(key, filename: filename_with_sanitization, content_type: "binary/octet-stream", disposition: "inline", encryption_key: k, expires_in: 10.seconds)
+    url = @service.url(key, blob_byte_size: plaintext_upload_bytes.bytesize,
+      filename: filename_with_sanitization, content_type: "binary/octet-stream",
+      disposition: "inline", encryption_key: k, expires_in: 10.seconds)
     assert url.include?("/active-storage-encryption/blob/")
   end
@@ -88,7 +90,8 @@ class ActiveStorageEncryption::EncryptedS3ServiceTest < ActiveSupport::TestCase
     # ActiveStorage wraps the passed filename in a wrapper thingy
     filename_with_sanitization = ActiveStorage::Filename.new("temp.bin")
-    url = @service.url(key, filename: filename_with_sanitization, content_type: "binary/octet-stream", disposition: "inline", encryption_key: k, expires_in: 240.seconds)
+    url = @service.url(key, blob_byte_size: plaintext_upload_bytes.bytesize,
+      filename: filename_with_sanitization, content_type: "binary/octet-stream", disposition: "inline", encryption_key: k, expires_in: 240.seconds)
     assert url.include?("x-amz-server-side-encryption-customer-algorithm")
     refute url.include?("x-amz-server-side-encryption-customer-key=") # The key should not be in the URL

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: active_storage_encryption
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Julik Tarkhanov
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-03-12 00:00:00.000000000 Z
+date: 2025-03-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -39,6 +39,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.0.4
+- !ruby/object:Gem::Dependency
+  name: serve_byte_range
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: activestorage
   requirement: !ruby/object:Gem::Requirement
@@ -174,6 +188,7 @@ files:
 - lib/active_storage/service/encrypted_mirror_service.rb
 - lib/active_storage/service/encrypted_s3_service.rb
 - lib/active_storage_encryption.rb
+- lib/active_storage_encryption/encrypted_blob_proxy_controller.rb
 - lib/active_storage_encryption/encrypted_blobs_controller.rb
 - lib/active_storage_encryption/encrypted_disk_service.rb
 - lib/active_storage_encryption/encrypted_disk_service/v1_scheme.rb
@@ -219,6 +234,7 @@ files:
 - test/dummy/db/migrate/20250304023851_create_active_storage_tables.active_storage.rb
 - test/dummy/db/migrate/20250304023853_add_blob_encryption_key_column.rb
 - test/dummy/db/schema.rb
+- test/dummy/log/development.log
 - test/dummy/log/test.log
 - test/dummy/public/404.html
 - test/dummy/public/406-unsupported-browser.html
@@ -226,9 +242,126 @@ files:
 - test/dummy/public/500.html
 - test/dummy/public/icon.png
 - test/dummy/public/icon.svg
+- test/dummy/storage/0a/mt/0amtaps713liftrtbxt9h998epz4
+- test/dummy/storage/0b/93/0b93pygovuunam1a3ovzwmrbuw2x
+- test/dummy/storage/0m/3s/0m3s7r3nboblijr1jxlnvm3p3l4b
+- test/dummy/storage/0o/9s/0o9s4ctbpu757qh7ucyony0itek4
+- test/dummy/storage/1e/q6/1eq646og0wazgfw7bwjqz2uem0g4
+- test/dummy/storage/1n/o3/1no30cpwrm727bm6arvb7zxagdg1
+- test/dummy/storage/1x/6w/1x6wsoq3pew17reztwax78lrr3hc
+- test/dummy/storage/28/de/28deswrv89c9f2tk7dz1l5uovd4r
+- test/dummy/storage/2h/sd/2hsd1mh20c6os2nzyoicfyymhwev
+- test/dummy/storage/2t/ni/2tnidhdk4c6cj0tnw3jiw88dgs4g
+- test/dummy/storage/2v/e0/2ve0555nluisy2el5cf4txzgae3j
+- test/dummy/storage/2z/c5/2zc5mj8g0o9l7mfnim0vs4v48xd6
+- test/dummy/storage/34/xc/34xc9hk74dm9227d6mhgfcfxl4ue
+- test/dummy/storage/3z/0t/3z0tnve7ivrq0qyrvfhfzztjhjqs
+- test/dummy/storage/49/14/4914188q1dptpw4po91cp54f32bg
+- test/dummy/storage/4c/74/4c7412lfz0pm2ocg6u01h67bnsch
+- test/dummy/storage/52/qf/52qfbgjlf3gor3agsyrt09t19o55
+- test/dummy/storage/57/go/57gok1uc4ebc3ugrjrje4lpe1ram
+- test/dummy/storage/5f/dv/5fdvt6tu1mkyajbz4hbxbw6fpt9w
+- test/dummy/storage/5x/b7/5xb7zzi66fi5f6yrn09pq4ogb9wo
+- test/dummy/storage/6m/vr/6mvr1fr5it125tm4vahjw6bv9wkz
+- test/dummy/storage/7b/hb/7bhbdxqn67lape1f49jqfktcei4n
+- test/dummy/storage/7n/4v/7n4vpm1q14y4qffc4jj78m036gtw
+- test/dummy/storage/7q/ku/7qkufbjwbbqwnf89uciosleixnew
+- test/dummy/storage/8l/5v/8l5vb4o02hx46s5qohfn5to945p3
+- test/dummy/storage/8q/pu/8qpun3f8vzl7auxajvqyq8f48ngw
+- test/dummy/storage/8w/ag/8wag4ptmox207h7mobamk0tcebwx
+- test/dummy/storage/8w/v8/8wv8lrhsw4s2r6guh1csd3jd89ii
+- test/dummy/storage/9b/c6/9bc6wlpfnqdywpnxgeoin3w9b5ch
+- test/dummy/storage/9l/wk/9lwkt21k5iburdaitbwliw7krtwt
+- test/dummy/storage/9p/0v/9p0vgfw3l2854k7so3rp33rmyh7p
+- test/dummy/storage/9r/sy/9rsya3r6syft34qz24g1h4u4qq44
+- test/dummy/storage/9s/es/9seslusr46xjf3mfzq10hkp13kc1
+- test/dummy/storage/9t/nv/9tnvn5v52fkvurpgszf4gco78t5h
+- test/dummy/storage/9u/to/9utokgxyu6xyovandu7pjhogoaqp
+- test/dummy/storage/9w/a4/9wa4c20p4dvm1cd5thnv9f7ei13w
+- test/dummy/storage/at/kg/atkgs5gwz2xdv9lvqftsg6p7gcpu
+- test/dummy/storage/at/qo/atqomgf3rpb2f6e1tq1yn2xqzojv
+- test/dummy/storage/ba/lq/balqtije6kf82ht4lr70ajaae9kc
+- test/dummy/storage/bf/i1/bfi1ij9rygr6lkx1r0lhgi8o5smx
+- test/dummy/storage/bg/ye/bgyenotrv3aj6lk88edwv0c41pfj
+- test/dummy/storage/bu/xe/buxed4b1l78kcax53fa37awm9ywk
+- test/dummy/storage/d2/c1/d2c11nhikb474oq3q7so0xbhukvj
+- test/dummy/storage/development.sqlite3
+- test/dummy/storage/dk/hy/dkhybxn2o27a8xgvfhsxpgqxa1zf
+- test/dummy/storage/e7/2n/e72nz5cz3wf6qvh4dw4qfnw6ucog
+- test/dummy/storage/eo/4q/eo4qn68m7al0ehhe0s23ycuzkjto
+- test/dummy/storage/ew/8s/ew8sejdsx8ddmrzkvfa37ebz1ts1
+- test/dummy/storage/f8/q1/f8q1kpg2tou8ru0afj8d2gy6ym5p
+- test/dummy/storage/fr/55/fr558uhp1k93jzhb4butyi2ry51t
+- test/dummy/storage/g4/nh/g4nhx1zxbeiegqpgn8ppsl1yhm0t
+- test/dummy/storage/gg/r5/ggr51egxhqfh4w5eluzs47qceb76
+- test/dummy/storage/gh/ua/ghuaagralqmjy8rkbwmuv3010lvs
+- test/dummy/storage/gx/uh/gxuhmf52ufli3m7ng8irp8ghxa1v
+- test/dummy/storage/h0/m1/h0m1emy251xus1d9qh6u25dzy18o
+- test/dummy/storage/hh/kc/hhkc2q8paptyvhw2m5hlwylhtfo5
+- test/dummy/storage/hq/0q/hq0q04kr6qzrp0qaee8rehcp2tzx
+- test/dummy/storage/ii/g1/iig1ge3fsjitai4g2fkq4qt369wh
+- test/dummy/storage/io/f0/iof0mv7w8qjd6m826g52pzyxedet
+- test/dummy/storage/jk/2i/jk2ifmx6ac35ubk3esufnm6bn1m1
+- test/dummy/storage/jw/4t/jw4trdeyfkw3j8z70xcnr9a7gqe5
+- test/dummy/storage/ke/k2/kek24leksglm1rs2a78mfmot0p3s
+- test/dummy/storage/kh/6d/kh6doaxxwxiyes0yqz2dmmpajkzv
+- test/dummy/storage/kj/7n/kj7nookjhisagd80z8hlv3wn50am
+- test/dummy/storage/kq/lf/kqlf5udtrgrk4v55qodxyt6i68p8
+- test/dummy/storage/ky/33/ky334jbo8eb08pj9qbe919iz91mh
+- test/dummy/storage/lt/zw/ltzw4lur2bheit1273ogpfzhv7j1
+- test/dummy/storage/m2/ve/m2vejmyttn1ium81dopppom6vum6
+- test/dummy/storage/m8/d4/m8d4r9iauedq8wlpvnx1f3ou0jwg
+- test/dummy/storage/m9/ee/m9eetioklzatyff94gq0vn1cga1n
+- test/dummy/storage/ma/v0/mav084zvmyoh1a8i7dcwqy2aaoi9
+- test/dummy/storage/mg/pa/mgpauiu02i28j3poef65k3q0gfpw
+- test/dummy/storage/mm/8g/mm8gp5evncb1ol1lj2jlmra2ixij
+- test/dummy/storage/mm/d2/mmd21x8c1amgnidzw0wowiwug4g3
+- test/dummy/storage/n2/qr/n2qro0y9heko9cwxlf10wiqiipsw
+- test/dummy/storage/n8/b7/n8b7b7qgu6jtw577dnn10jrrmszs
+- test/dummy/storage/n8/p2/n8p2ine0qqhphn09kqtxco4y7g0a
+- test/dummy/storage/nk/vh/nkvhgk7snpdy2ak6k02htxx9swp7
+- test/dummy/storage/nn/s0/nns0nggo0x645ytco52adnsi4myp
+- test/dummy/storage/nu/kz/nukzl7cckkzh68i7kyjkm9mzw7c0
+- test/dummy/storage/nv/8v/nv8vyoghcde1yr1bjpsw4327qt7s
+- test/dummy/storage/of/on/ofonhf1gs26k3dpj6o7b0ktzfowh
+- test/dummy/storage/pl/pf/plpfs59hvdoogj9gdweqta36csqn
+- test/dummy/storage/q5/g5/q5g55ekmscu10pzfw6q4syigt81g
+- test/dummy/storage/q5/kc/q5kcr9twyb9v4mh31pay0t7nkuwu
+- test/dummy/storage/qa/xd/qaxdngi74r52ahqg1pz8hjddeajc
+- test/dummy/storage/r7/5v/r75vadn34ak53vinylgnfdl1s8rt
+- test/dummy/storage/rj/rg/rjrghnyzyvxpkjw1a57mrloz72x1
+- test/dummy/storage/se/h7/seh7eorfoanpp6de62pubv7kyu1a
+- test/dummy/storage/sj/i1/sji1oj12soz2fcjcoz0gejvzo8to
+- test/dummy/storage/sn/2r/sn2rku9thay4hbcbt926an69maku
+- test/dummy/storage/sw/jm/swjmbmxou3tnarcirxc6gdycxh91
+- test/dummy/storage/sz/mq/szmqlydvpgqaw7p3v0wh444wtcif
 - test/dummy/storage/test.sqlite3
-- test/dummy/storage/x6/pl/x6plznfuhrsyjn9pox2a6xgmcs3x
-- test/dummy/storage/yq/sv/yqsvw5a72b3fv719zq8a6yb7lv0j
+- test/dummy/storage/tg/by/tgbyrdvg94ivhhy2z59e8l9fod10
+- test/dummy/storage/u5/vm/u5vmz08tuayqggd436et8fiaeml1
+- test/dummy/storage/u6/pf/u6pf4yky0vbmvid3fa3lm4lre68g
+- test/dummy/storage/ub/ql/ubqlmlilt8ujgdpngcm1zae41kgy
+- test/dummy/storage/un/29/un29e9khqism72ag27ojccmn5sds
+- test/dummy/storage/ux/ns/uxnsvuk4rr1p67n1oq6tmraz0gaw
+- test/dummy/storage/v1/qo/v1qor0zxg3lctk9mbwyos3oag9gj
+- test/dummy/storage/v8/ok/v8okmd7374w1obna13a7anllx2vu
+- test/dummy/storage/vd/tf/vdtfmz2ctis3dr1r35do9bow2xj5
+- test/dummy/storage/vo/dg/vodgq1inccnujjt3auber7tt8w8o
+- test/dummy/storage/vp/oe/vpoeiq00tf9pk0jcjlccomkju1zc
+- test/dummy/storage/vu/kg/vukgoj6qf96bhealui2yaeyn4n72
+- test/dummy/storage/w7/2z/w72zoqu7v6v6jp0tpy671dcbvpow
+- test/dummy/storage/wa/3f/wa3fncsnozc6n4xfu32gw34geqcd
+- test/dummy/storage/wy/ix/wyixbqx3f6a4agb8bjhrtpblpaua
+- test/dummy/storage/xd/st/xdsttma3tqt7mex0vhp1vsm3dq16
+- test/dummy/storage/xv/ej/xvejm2e064bnpunx3nmktaqs0x90
+- test/dummy/storage/xx/py/xxpyyodssq2xmp57qrtvuw0wchwk
+- test/dummy/storage/xz/ik/xzikejc5sohi3zexa93s9xmg4jst
+- test/dummy/storage/y4/g8/y4g8teo86blcv0zysa2d2jawvk6i
+- test/dummy/storage/y9/58/y958xli6aoktx1ehuyjc1k8dcbzv
+- test/dummy/storage/yj/lw/yjlw8bf70iujb16deja8ae43rqbc
+- test/dummy/storage/z3/qy/z3qyb9avbucwhxa8909rpfued0y5
+- test/dummy/storage/zr/wu/zrwudcg4kgo7r0jemszuzok8grqp
+- test/dummy/tmp/local_secret.txt
+- test/integration/encrypted_blob_proxy_controller_test.rb
 - test/integration/encrypted_blobs_controller_test.rb
 - test/lib/encrypted_disk_service_test.rb
 - test/lib/encrypted_mirror_service_test.rb

data/test/dummy/storage/x6/pl/x6plznfuhrsyjn9pox2a6xgmcs3x DELETED Viewed

Binary file

data/test/dummy/storage/yq/sv/yqsvw5a72b3fv719zq8a6yb7lv0j DELETED Viewed

Binary file