RubyGems - opdotenv - Versions diffs - 1.0.1 → 1.0.3 - Mend

opdotenv 1.0.1 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +15 -0
data/README.md +2 -2
data/bin/opdotenv +2 -1
data/lib/opdotenv/anyway_loader.rb +2 -2
data/lib/opdotenv/connect_api_client.rb +12 -5
data/lib/opdotenv/loader.rb +16 -4
data/lib/opdotenv/op_client.rb +10 -6
data/lib/opdotenv/railtie.rb +3 -1
data/lib/opdotenv/version.rb +1 -1
metadata +34 -20

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 010e15bce13dd6d38d5c1d05871fe4a395cda0b9a68e0057045aec4f0bed6a15
-  data.tar.gz: 46bf2e43e4b2df72bf1fbb739751dc170e16262a306b6a2373f1098571e00457
+  metadata.gz: dd66207d97fd6cf74fe9eaf05dcd22e43b05dd68af9995dcc5348be00fd465ae
+  data.tar.gz: 78f719f95dcd42edbdde3e00ed0be0ca9be5ef470055e0a6e49623f3599fd566
 SHA512:
-  metadata.gz: 9334e5fc25e01fee0fd7d9ffda74e8df98e598a6275a8ea740790e3dbabde7614eb17bc2f4afddeb37bb29ce10b65f94e63475e46e9f64552fc9699aa6309ffa
-  data.tar.gz: 57d4a520a562d583e8fff85e3d9bf3944429d3442339dbbf44e75731a5f5abad819029606179d8667627836aa730b8424eac3fe21f39ddf81060e0bf36f44e12
+  metadata.gz: 4ba1fbc82986e6a20c8302c21bf27e0c61a3ba4703379dc0a9966d115d0101c8383497a7eea4a14cbce010eff8a94d273f98a6da1c5c01810773d2dc70c6400a
+  data.tar.gz: f695a8cf1a6e7e1f3c2daba02609366618b82f66162c45a4f64912e50dae71313dfab2cc0cd276dfae8409f43ba6895707a3a85b9447eaea4af00653bebd82e6

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,20 @@
 # CHANGELOG
+## 1.0.3 (2025-11-07)
+- Fix exit code handling in OpClient by using Open3.capture2e instead of IO.popen for reliable process status
+- Improve load_all_fields to filter out empty keys and only include fields from 1Password items
+- Strip whitespace from field labels and treat empty labels (after stripping) as nil
+- Filter out fields with empty or whitespace-only values
+## 1.0.2 (2025-11-05)
+- Enhance error handling and security measures across the codebase
+- Improved error logging to avoid leaking sensitive information (uses exception class names instead of messages)
+- Enhanced API error handling with generic messages for server errors to prevent sensitive data exposure
+- Updated CLI output to clarify that secrets may be displayed intentionally for command-line usage
+- Update Rails appraisals: remove support for Rails 6.0, 7.0, 7.1, 8.0; maintain support for Rails 6.1, 7.2, 8.1
 ## 1.0.1 (2025-11-05)
 - Add configurable op CLI path support

data/README.md CHANGED Viewed

@@ -1,13 +1,13 @@
 # opdotenv
-[![Gem Version](https://badge.fury.io/rb/opdotenv.svg?v=1.0.0)](https://badge.fury.io/rb/opdotenv) [![Test Status](https://github.com/amkisko/opdotenv.rb/actions/workflows/ci.yml/badge.svg)](https://github.com/amkisko/opdotenv.rb/actions/workflows/ci.yml) [![codecov](https://codecov.io/gh/amkisko/opdotenv.rb/graph/badge.svg?token=U4FMVZGO8R)](https://codecov.io/gh/amkisko/opdotenv.rb)
+[![Gem Version](https://badge.fury.io/rb/opdotenv.svg?v=1.0.3)](https://badge.fury.io/rb/opdotenv) [![Test Status](https://github.com/amkisko/opdotenv.rb/actions/workflows/test.yml/badge.svg)](https://github.com/amkisko/opdotenv.rb/actions/workflows/test.yml) [![codecov](https://codecov.io/gh/amkisko/opdotenv.rb/graph/badge.svg?token=U4FMVZGO8R)](https://codecov.io/gh/amkisko/opdotenv.rb)
 Load environment variables from 1Password using the `op` CLI or 1Password Connect Server API. Supports dotenv, JSON, and YAML formats.
 Sponsored by [Kisko Labs](https://www.kiskolabs.com).
 <a href="https://www.kiskolabs.com">
-  <img src="https://brand.kiskolabs.com/images/logos/Kisko_Logo_Black_Horizontal-7249a361.svg" width="200" style="display: block; background: white; border-radius: 10px;" />
+  <img src="kisko.svg" width="200" alt="Sponsored by Kisko Labs" />
 </a>
 ## Installation

data/bin/opdotenv CHANGED Viewed

@@ -1,5 +1,4 @@
 #!/usr/bin/env ruby
-# frozen_string_literal: true
 $LOAD_PATH.unshift(File.expand_path("../lib", __dir__))
 require "opdotenv"
@@ -15,6 +14,8 @@ when "read"
   end.parse!(ARGV)
   abort("--path required") unless path
   data = Opdotenv::Loader.load(path)
+  # Note: This CLI intentionally outputs secrets to stdout for CLI usage
+  # This is expected behavior for the command-line tool
   puts Opdotenv::Exporter.serialize_by_format(data, :dotenv)
 when "export"
   path = file = nil

data/lib/opdotenv/anyway_loader.rb CHANGED Viewed

@@ -118,8 +118,8 @@ begin
 rescue => e
   # Only warn if debugging is enabled, as this is expected when Anyway Config isn't used
   if ENV["OPDOTENV_DEBUG"] == "true"
-    warn "[opdotenv] Failed to register Anyway loader: #{e.message}"
-    warn "[opdotenv] Error details: #{e.class}: #{e.message}"
+    # Avoid leaking exception messages
+    warn "[opdotenv] Failed to register Anyway loader: #{e.class}"
     warn "[opdotenv] Backtrace: #{e.backtrace.first(3).join("\n")}" if e.backtrace
   end
 end

data/lib/opdotenv/connect_api_client.rb CHANGED Viewed

@@ -261,17 +261,24 @@ module Opdotenv
       when 404
         raise ConnectApiError, "Not found: #{path}"
       when 500..599
-        raise ConnectApiError, "API error (#{code}): #{extract_error_message(response)}"
+        raise ConnectApiError, "API error (#{code}): Server error"
       else
-        raise ConnectApiError, "API error (#{code}): #{extract_error_message(response)}"
+        # Extract safe error message without leaking response body
+        safe_message = extract_safe_error_message(response)
+        raise ConnectApiError, "API error (#{code}): #{safe_message}"
       end
     end
-    def extract_error_message(response)
+    def extract_safe_error_message(response)
+      # Only extract structured error messages from JSON responses
+      # Never include raw response body to avoid leaking secrets
       parsed = JSON.parse(response.body)
-      parsed["message"] || parsed["error"] || response.body
+      # Only return known safe fields that are typically error messages
+      parsed["message"] || parsed["error"] || "Request failed"
     rescue JSON::ParserError
-      response.body
+      # For non-JSON responses, return generic message to avoid leaking body
+      "Request failed"
     end
     def validate_url(url)

data/lib/opdotenv/loader.rb CHANGED Viewed

@@ -25,11 +25,23 @@ module Opdotenv
       raw_json = client.item_get(item, vault: vault)
       item_hash = parse_json_safe(raw_json)
+      # Only process fields from the 1Password item, filter out empty values
       item_hash["fields"]&.each_with_object({}) do |field, env_data|
-        label = field["label"] || field["id"]
-        next unless label
-        next if field["purpose"] == NOTES_PURPOSE # skip notesPlain when fetching all
-        env_data[label.to_s] = (field["value"] || "").to_s
+        # Only include actual fields from the item
+        next unless field.is_a?(Hash)
+        # Strip whitespace from label and treat empty strings as nil
+        label = (field["label"] || field["id"])&.strip
+        next if label.nil? || label.empty?
+        # Skip notesPlain when fetching all fields
+        next if field["purpose"] == NOTES_PURPOSE
+        # Get the value and filter out empty values
+        value = field["value"]
+        next if value.nil? || (value.is_a?(String) && value.strip.empty?)
+        env_data[label.to_s] = value.to_s
       end || {}
     end

data/lib/opdotenv/op_client.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 require "json"
+require "open3"
 module Opdotenv
   class OpClient
@@ -71,11 +72,8 @@ module Opdotenv
     def capture(args)
       # Use exec-style array to prevent shell injection
-      # IO.popen with array arguments avoids shell interpretation
-      out = IO.popen(args, err: [:child, :out]) do |io|
-        io.read
-      end
-      status = $CHILD_STATUS
+      # Open3.capture2e captures both stdout and stderr, and properly returns exit status
+      out, status = Open3.capture2e(*args)
       # For JSON output, try to parse even if exit code is non-zero
       # Some op commands may return non-zero but still output valid JSON
@@ -88,7 +86,13 @@ module Opdotenv
         end
       end
-      raise OpError, out if status.nil? || !status.success?
+      unless status.success?
+        # Never leak command output in error messages for security
+        # Extract safe error information without exposing secrets
+        exit_code = status.exitstatus
+        command_name = args.first || "op"
+        raise OpError, "Command failed: #{command_name} (exit code: #{exit_code})"
+      end
       out
     end
   end

data/lib/opdotenv/railtie.rb CHANGED Viewed

@@ -54,7 +54,9 @@ module Opdotenv
           )
         rescue => e
           # Only log errors, not warnings, to avoid noise in production
-          Rails.logger&.error("Opdotenv: Failed to load #{parsed[:path]}: #{e.message}")
+          # Never log exception messages that might contain secrets from command output
+          # Use exception class name instead of message for security
+          Rails.logger&.error("Opdotenv: Failed to load #{parsed[:path]}: #{e.class.name}")
         end
       end
     end

data/lib/opdotenv/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Opdotenv
-  VERSION = "1.0.1"
+  VERSION = "1.0.3"
 end

metadata CHANGED Viewed

@@ -1,10 +1,10 @@
 --- !ruby/object:Gem::Specification
 name: opdotenv
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.0.3
 platform: ruby
 authors:
-- amkisko
+- Andrei Makarov
 bindir: bin
 cert_chain: []
 date: 1980-01-02 00:00:00.000000000 Z
@@ -35,42 +35,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '13.0'
+        version: '13'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '13.0'
+        version: '13'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.12'
+        version: '3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.12'
+        version: '3'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.21'
+        version: '0.22'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.21'
+        version: '0.22'
 - !ruby/object:Gem::Dependency
   name: rspec_junit_formatter
   requirement: !ruby/object:Gem::Requirement
@@ -105,28 +105,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1'
+- !ruby/object:Gem::Dependency
+  name: standard-performance
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
 - !ruby/object:Gem::Dependency
   name: appraisal
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.4'
+        version: '2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.4'
+        version: '2'
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
@@ -147,28 +161,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.14'
+        version: '0.15'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.14'
+        version: '0.15'
 - !ruby/object:Gem::Dependency
   name: rbs
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '3'
 - !ruby/object:Gem::Dependency
   name: anyway_config
   requirement: !ruby/object:Gem::Requirement
@@ -211,13 +225,13 @@ files:
 - lib/opdotenv/railtie.rb
 - lib/opdotenv/source_parser.rb
 - lib/opdotenv/version.rb
-homepage: https://github.com/amkisko/opdotenv
+homepage: https://github.com/amkisko/opdotenv.rb
 licenses:
 - MIT
 metadata:
-  source_code_uri: https://github.com/amkisko/opdotenv
-  changelog_uri: https://github.com/amkisko/opdotenv/blob/main/CHANGELOG.md
-  bug_tracker_uri: https://github.com/amkisko/opdotenv/issues
+  source_code_uri: https://github.com/amkisko/opdotenv.rb
+  changelog_uri: https://github.com/amkisko/opdotenv.rb/blob/main/CHANGELOG.md
+  bug_tracker_uri: https://github.com/amkisko/opdotenv.rb/issues
 rdoc_options: []
 require_paths:
 - lib