chef-vault 4.0.12 → 4.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 55bee9a29cb4298de63af8a2496433e264e4b57e5c61d8d408155521bf469a5c
-  data.tar.gz: fa587117182e9ea852ffc1a35c337f5428ba947243b40546fcc7cf5d14ce2bf8
+  metadata.gz: b28e3385a21760fde5fee6cc54c23ec5831773b38ed3c2f80fbfc2bc0e0225b6
+  data.tar.gz: bd9dced0c27555ccb831720d52af9a40283a36ed2defa2cfd94ecd18c1b32295
 SHA512:
-  metadata.gz: bde9574f9af2fa1c98ab317b7044f2fb75f695e3331a055446d046f2be1462ca0ad3808d4abf328192f194981d90bc1727c7c42e964ccf4c6dfd86c2e00f1c2a
-  data.tar.gz: 2621597e75cce12c1e06fab73743ce021d644f1067292f41737ba60aa3417ffbb7526fc5ece999f2f35966ddee78e1e34cfab235b6cc20428239929cee3c148d
+  metadata.gz: 0c91e1ba8ac02e5030d14e8431dba69ee9fe543b7cbdfb047944ad1291bd08f6b4f62d899fb4cef4dd46439c16b55590136345c45e519c46b00449e09ca8399b
+  data.tar.gz: b5e0b84008e69692e14bb4a2924ab35c8217640c15d7308642d58458290afb1d1755b86271bc24dd23332fea8fad871986d4909aaa6a6045a8a5aeaf7241f606

data/bin/chef-vault

@@ -79,7 +79,7 @@ options_config.each do |option, config|
 end
 
 options_config.each do |option, config|
-  options[option] = options[option] ? options[option] : config[:default]
+  options[option] = options[option] || config[:default]
 end
 
 require "rubygems" unless defined?(Gem)

data/chef-vault.gemspec

@@ -14,7 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-$:.push File.expand_path("../lib", __FILE__)
+$:.push File.expand_path("lib", __dir__)
 require "chef-vault/version"
 
 Gem::Specification.new do |s|

data/lib/chef-vault/exceptions.rb

@@ -51,5 +51,8 @@ class ChefVault
 
     class V1Format < Exceptions
     end
+
+    class InvalidValue < Exceptions
+    end
   end
 end

data/lib/chef-vault/version.rb

@@ -15,6 +15,6 @@
 # limitations under the License.
 
 class ChefVault
-  VERSION = "4.0.12"
+  VERSION = "4.1.0"
   MAJOR, MINOR, TINY = VERSION.split(".")
 end

data/lib/chef/knife/mixin/helper.rb

@@ -39,10 +39,38 @@ class ChefVault
       end
 
       def values_from_json(json)
+        validate_json(json)
         JSON.parse(json)
       rescue JSON::ParserError
         raise JSON::ParserError, "#{json} is not valid JSON!"
       end
+
+      # I/P: json string
+      # Raises `InvalidValue` if any of the json's values contain non-printable characters.
+      def validate_json(json)
+        begin
+          evaled_json = eval(json) # rubocop: disable Security/Eval
+        rescue SyntaxError
+          raise ChefVault::Exceptions::InvalidValue, "#{json} is not valid JSON!"
+        end
+
+        if evaled_json.is_a?(Hash)
+          evaled_json.each do |key, value|
+            next unless printable?(value.to_s)
+
+            msg = "Value '#{value}' of key '#{key}' contains non-printable characters. Check that backslashes are escaped with another backslash (e.g. C:\\\\Windows) in double-quoted strings."
+            raise ChefVault::Exceptions::InvalidValue, msg
+          end
+        end
+      end
+
+      # I/P: String
+      # O/P: true/false
+      # returns true if string is free of non-printable characters (escape sequences)
+      # this returns false for whitespace escape sequences as well, e.g. \n\t
+      def printable?(string)
+        /[^[:print:]]/.match(string)
+      end
     end
   end
 end

data/lib/chef/knife/vault_admins.rb

@@ -26,7 +26,7 @@ class Chef
         vault_admins = Chef::Config[:knife][:vault_admins]
         admin_array = [Chef::Config[:node_name]]
 
-        if !vault_admins.kind_of?(Array)
+        unless vault_admins.is_a?(Array)
           ui.warn("Vault admin must be an array")
         end
 

data/lib/chef/knife/vault_base.rb

@@ -13,6 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+require "set" unless defined?(::Set)
 require "chef/knife"
 require_relative "../../chef-vault"
 
@@ -23,7 +24,7 @@ class Chef
         includer.class_eval do
           deps do
             require "chef/search/query"
-            require File.expand_path("../mixin/helper", __FILE__)
+            require File.expand_path("mixin/helper", __dir__)
             include ChefVault::Mixin::Helper
           end
 
@@ -70,13 +71,19 @@ class Chef
       end
 
       def split_vault_keys(bag)
-        # get all item keys
-        keys = bag.keys.select { |k| k =~ /_keys$/ }
-        # get all sparse keys
-        r = Regexp.union(keys.map { |k| Regexp.new("^#{k.chomp("_keys")}_key_.*") })
-        sparse = bag.keys.select { |k| k =~ r }
-        # the rest
-        items = bag.keys - keys - sparse
+        items = []
+        keys = ::Set.new
+        possible_sparses = ::Set.new
+
+        # spread bag keys into 3 categories: items, keys or possible sparse items
+        bag.each_key do |key|
+          next keys << key if key.end_with?("_keys")
+          next possible_sparses << key if key.include?("_key_")
+
+          items << key
+        end
+        # 2nd pass "sparse" items to avoid false positive when items have "_key" in their name
+        possible_sparses.each { |key| items << key if keys.include?("#{key}_keys") }
         # return item keys and items
         [keys, items]
       end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef-vault
 version: !ruby/object:Gem::Version
-  version: 4.0.12
+  version: 4.1.0
 platform: ruby
 authors:
 - Thom May
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-09-28 00:00:00.000000000 Z
+date: 2020-11-13 00:00:00.000000000 Z
 dependencies: []
 description: Data encryption support for Chef Infra using data bags
 email: