RubyGems - asherah - Versions diffs - 0.6.0 → 0.8.0 - Mend

asherah 0.6.0 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 548099e0a0802b5a728c9ec359f077fb934e5b9ac72ebedf812aefb971700802
-  data.tar.gz: 412be27d183db81ddd9b9a991d6e10362b3528dcf5754db725fd31d5291f3b1d
+  metadata.gz: 6c099a6a66b5d0f86edfaf4c05b9a3fe53234dae2e592ca6951e9b55a15727ab
+  data.tar.gz: 2a5c95bcc046532ca280ad2f5ac9ac5043462dc5ec877f3042a359c6a0ac9167
 SHA512:
-  metadata.gz: 654b181dd76469ac24ad54b5cad09b78bf5aad400e2e6d6009107b5c3da841d030482aa9d9911f709417dd5aa2be2a9b0631f06d307afaa249a57e3fd44141f2
-  data.tar.gz: ed52444b563ada73381b8cf3e8ddd33f701e534d3c3fe3da602a6d4490d30bb863be6f4c234074cca79dc10a2b2ac03d30c097174a7bd7695e5a26830f0992ba
+  metadata.gz: 990780fe56c076bb75f9827364e0ed9d47062e38528101dc22770000670111421d8c55f4d4748f31aec55b83cb896372b32398a1c0cbeff715237f0d3c9191f0
+  data.tar.gz: c254644b64bfd6d702113e1fa650daa066122969ebb7a33a2f868dbdb99b13d1c589a50545cc1195d57c36b6e39163417cdd54b5e8bf30fc7503f096b339501c

data/.env.secrets.example ADDED Viewed

@@ -0,0 +1,9 @@
+# Example secrets file for KMS integration tests
+# Copy this file to .env.secrets and fill in actual values
+#
+# IMPORTANT: Never commit .env.secrets to version control
+# The .env.secrets file is already in .gitignore
+# AWS KMS Key ARN for integration tests (optional)
+# Only needed if running spec/kms_spec.rb
+# KMS_KEY_ARN=arn:aws:kms:us-west-2:123456789012:key/12345678-1234-1234-1234-123456789012

data/.rubocop.yml CHANGED Viewed

@@ -1,5 +1,5 @@
 AllCops:
-  TargetRubyVersion: 2.5
+  TargetRubyVersion: 2.7
   NewCops: enable
   SuggestExtensions: false
   Exclude:
@@ -9,29 +9,104 @@ AllCops:
 Layout/LineLength:
   Max: 120
+# Metrics cops with reasonable limits
 Metrics/BlockLength:
-  Enabled: false
+  Max: 25
+  Exclude:
+    - 'spec/**/*'
+    - '*.gemspec'
+    - 'Rakefile'
 Metrics/MethodLength:
-  Enabled: false
+  Max: 15
+  Exclude:
+    - 'spec/**/*'
+    - 'tasks/**/*'
+Metrics/AbcSize:
+  Max: 20
+  Exclude:
+    - 'spec/**/*'
+    - 'tasks/**/*'
+Metrics/CyclomaticComplexity:
+  Max: 10
+  Exclude:
+    - 'spec/**/*'
+Metrics/PerceivedComplexity:
+  Max: 10
+  Exclude:
+    - 'spec/**/*'
+Metrics/ClassLength:
+  Max: 150
+  Exclude:
+    - 'spec/**/*'
+Metrics/ModuleLength:
+  Max: 150
+  Exclude:
+    - 'spec/**/*'
+# Style cops that were disabled but should be enabled
 Style/WordArray:
-  Enabled: false
+  MinSize: 3
+  EnforcedStyle: brackets
 Style/SymbolArray:
-  Enabled: false
+  MinSize: 3
+  EnforcedStyle: brackets
 Style/MultilineBlockChain:
-  Enabled: false
+  Enabled: true
+  Exclude:
+    - 'spec/**/*'
 Style/BlockDelimiters:
-  Enabled: false
-Metrics/AbcSize:
-  Enabled: false
+  EnforcedStyle: semantic
+  FunctionalMethods:
+    - let
+    - let!
+    - subject
+    - before
+    - after
+  Exclude:
+    - 'asherah.gemspec'
+    - 'ext/asherah/native_file.rb'
 Style/GuardClause:
-  Enabled: false
+  MinBodyLength: 3
+  Exclude:
+    - 'ext/asherah/native_file.rb'
+# Naming cop adjustment
 Naming/AccessorMethodName:
+  Exclude:
+    - 'lib/asherah.rb' # set_env is intentionally named
+# Documentation cops
+Style/Documentation:
+  Enabled: true
+  Exclude:
+    - 'spec/**/*'
+    - 'features/**/*'
+Style/DocumentationMethod:
+  Enabled: false # YARD comments are optional
+Style/EmptyClassDefinition:
   Enabled: false
+# Additional cops for code quality
+Lint/UnusedMethodArgument:
+  Enabled: true
+Lint/UnusedBlockArgument:
+  Enabled: true
+Security/Eval:
+  Enabled: true
+Security/JSONLoad:
+  Enabled: true

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,19 @@
 ## [Unreleased]
+## [0.8.0] - 2026-03-04
+- Upgrade to use asherah-cobhan v0.5.0
+- Expose disable_zero_copy config option to disable zero-copy FFI input buffers
+## [0.7.0] - 2025-08-15
+- Fix memory leak risks in buffer management
+- Fix inconsistent NotInitialized error handling across all methods
+- Fix overly permissive RuboCop configuration
+- Add Dependabot configuration for automated dependency updates
+- Update dependencies and Github actions
+- Update Go version to 1.24 for cross-language tests
 ## [0.6.0] - 2025-03-19
 - Upgrade to use asherah-cobhan v0.4.35

data/Gemfile CHANGED Viewed

@@ -5,10 +5,10 @@ source 'https://rubygems.org'
 # Specify your gem's dependencies in asherah.gemspec
 gemspec
-gem 'cucumber', '~> 7.1.0'
-gem 'dotenv', '~> 2.7.6'
+gem 'cucumber', '~> 9.2.1'
+gem 'dotenv', '~> 2.8.1'
 gem 'rake', '~> 13.0'
-gem 'rspec', '~> 3.10.0'
+gem 'rspec', '~> 3.13.1'
 gem 'rubocop', '~> 1.7'
-gem 'simplecov', '~> 0.21.2'
+gem 'simplecov', '~> 0.22.0'
 gem 'simplecov-console', '~> 0.9.1'

data/README.md CHANGED Viewed

@@ -67,6 +67,24 @@ puts decrypted_data
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+For tests requiring secrets (AWS KMS, database credentials), copy `.env.secrets.example` to `.env.secrets` and fill in the required values. The `.env.secrets` file is already in `.gitignore` to prevent accidental commits.
+### Cross-Language Tests
+Cross-language tests verify that data encrypted with the Go implementation can be decrypted with the Ruby implementation and vice versa.
+**Prerequisites:**
+- MySQL running locally
+- Go 1.24+ installed
+**Running the tests:**
+```bash
+TEST_DB_PASSWORD=pass bin/cross-language-test.sh
+```
+See `bin/cross-language-test.sh` for available environment variables and their defaults.
 To install this gem onto your local machine, run `rake install`.
 To release a new version, update the version number in `version.rb`, create and push a version tag:

data/Rakefile CHANGED Viewed

@@ -18,7 +18,7 @@ task :download do
   end
 end
-task default: %i[spec rubocop]
+task default: [:spec, :rubocop]
 task spec: :download
 desc 'Print current version'

data/asherah.gemspec CHANGED Viewed

@@ -16,7 +16,7 @@ Gem::Specification.new do |spec|
   spec.homepage = 'https://github.com/godaddy/asherah-ruby'
   spec.license = 'MIT'
-  spec.required_ruby_version = '>= 2.5.0'
+  spec.required_ruby_version = '>= 2.7.0'
   spec.metadata['homepage_uri'] = spec.homepage
   spec.metadata['source_code_uri'] = 'https://github.com/godaddy/asherah-ruby'

data/ext/asherah/checksums.yml CHANGED Viewed

@@ -1,5 +1,5 @@
-version:                v0.4.35
-libasherah-arm64.so:    fad23a38e68e126374075adf197f0f431720aea9852deebe5f62d9240c935a66
-libasherah-x64.so:      8c52fc000df2c02fb2d1430afc3cd68e997f47f04b60d61481f8c4b201958ef8
-libasherah-arm64.dylib: 315bc41c85177a2b0c97f32e0af8e2694f393928678cbe648fdd8c16b8fe062a
-libasherah-x64.dylib:   848d3635713373e0482223087f454ff8464e36e7695e0ed19f830737288adaa9
+version:                v0.5.0
+libasherah-arm64.so:    8271298c357808d7e6daa4ca81ded8f39c1947a55043abe3b32359e0f5840a6c
+libasherah-x64.so:      645c0da7d1330db511c6724f08154cfae3959610bd709d60eded1c1420d2fce8
+libasherah-arm64.dylib: 909097bf62207e6927a0184e41859ccf42a62afd711cdadf69b8c5672939468b
+libasherah-x64.dylib:   e53ee66b7dd16ce587d5062e9eed8835f272653b6a91b4b5c5c1efd2ca97483e

data/lib/asherah/config.rb CHANGED Viewed

@@ -21,6 +21,7 @@ module Asherah
   # @attr [Integer] expire_after, The amount of time in seconds a key is considered valid
   # @attr [Integer] check_interval, The amount of time in seconds before cached keys are considered stale
   # @attr [Boolean] enable_session_caching, Enable shared session caching
+  # @attr [Boolean] disable_zero_copy, Disable zero-copy FFI input buffers to prevent use-after-free from caller runtime
   # @attr [Boolean] verbose, Enable verbose logging output
   class Config
     MAPPING = {
@@ -40,6 +41,7 @@ module Asherah
       session_cache_max_size: :SessionCacheMaxSize,
       session_cache_duration: :SessionCacheDuration,
       enable_session_caching: :EnableSessionCaching,
+      disable_zero_copy: :DisableZeroCopy,
       expire_after: :ExpireAfter,
       check_interval: :CheckInterval,
       verbose: :Verbose
@@ -105,11 +107,10 @@ module Asherah
     end
     def validate_kms_attributes
-      if kms == 'aws'
-        raise Error::ConfigError, 'config.region_map not set' if region_map.nil?
-        raise Error::ConfigError, 'config.region_map must be a Hash' unless region_map.is_a?(Hash)
-        raise Error::ConfigError, 'config.preferred_region not set' if preferred_region.nil?
-      end
+      return unless kms == 'aws'
+      raise Error::ConfigError, 'config.region_map not set' if region_map.nil?
+      raise Error::ConfigError, 'config.region_map must be a Hash' unless region_map.is_a?(Hash)
+      raise Error::ConfigError, 'config.preferred_region not set' if preferred_region.nil?
     end
   end
 end

data/lib/asherah/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Asherah
-  VERSION = '0.6.0'
+  VERSION = '0.8.0'
 end

data/lib/asherah.rb CHANGED Viewed

@@ -37,6 +37,8 @@ module Asherah
       result = SetEnv(env_buffer)
       Error.check_result!(result, 'SetEnv failed')
+    ensure
+      env_buffer&.free
     end
     # Configures Asherah
@@ -56,6 +58,8 @@ module Asherah
       result = SetupJson(config_buffer)
       Error.check_result!(result, 'SetupJson failed')
       @initialized = true
+    ensure
+      config_buffer&.free
     end
     # Encrypts data for a given partition_id and returns DataRowRecord in JSON format.
@@ -74,6 +78,8 @@ module Asherah
     # @param data [String]
     # @return [String], DataRowRecord in JSON format
     def encrypt(partition_id, data)
+      raise Asherah::Error::NotInitialized unless @initialized
       partition_id_buffer = string_to_cbuffer(partition_id)
       data_buffer = string_to_cbuffer(data)
       estimated_buffer_bytesize = estimate_buffer(data.bytesize, partition_id.bytesize)
@@ -84,7 +90,7 @@ module Asherah
       cbuffer_to_string(output_buffer)
     ensure
-      [partition_id_buffer, data_buffer, output_buffer].map(&:free)
+      [partition_id_buffer, data_buffer, output_buffer].compact.each(&:free)
     end
     # Decrypts a DataRowRecord in JSON format for a partition_id and returns decrypted data.
@@ -93,6 +99,8 @@ module Asherah
     # @param json [String], DataRowRecord in JSON format
     # @return [String], Decrypted data
     def decrypt(partition_id, json)
+      raise Asherah::Error::NotInitialized unless @initialized
       partition_id_buffer = string_to_cbuffer(partition_id)
       data_buffer = string_to_cbuffer(json)
       output_buffer = allocate_cbuffer(json.bytesize)
@@ -102,7 +110,7 @@ module Asherah
       cbuffer_to_string(output_buffer)
     ensure
-      [partition_id_buffer, data_buffer, output_buffer].map(&:free)
+      [partition_id_buffer, data_buffer, output_buffer].compact.each(&:free)
     end
     # Stop the Asherah instance

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: asherah
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.8.0
 platform: ruby
 authors:
 - GoDaddy
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-03-19 00:00:00.000000000 Z
+date: 2026-03-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cobhan
@@ -34,6 +34,7 @@ extensions:
 - ext/asherah/extconf.rb
 extra_rdoc_files: []
 files:
+- ".env.secrets.example"
 - ".rspec"
 - ".rubocop.yml"
 - ".ruby-version"
@@ -69,7 +70,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.5.0
+      version: 2.7.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="