secure_yaml 2.0.1 → 2.0.2

Sign up to get free protection for your applications and to get access to all the features.
data/README.md CHANGED
@@ -19,7 +19,7 @@ This library attempts to address this concern by allowing sensitive information
19
19
  The gem provides a simple command line utility called ```encrypt_property_for_yaml``` that prints out the encrypted form of a plain text property.
20
20
 
21
21
  ```
22
- USAGE: encrypt_property_for_yaml <SECRET_KEY> <PROPERTY_VALUE_TO_ENCRYPT>
22
+ USAGE: encrypt_property_for_yaml encrypt|decrypt <SECRET_KEY> <PROPERTY_VALUE_TO_ENCRYPT>
23
23
  ```
24
24
 
25
25
  For example:
@@ -74,6 +74,15 @@ decrypted_yaml = SecureYaml::load(File.open('database.yml'), {
74
74
  ```
75
75
 
76
76
  <br />
77
+ <strong>4) Parse and use the decrypted version of a YAML string within your app</strong>
78
+
79
+ ```ruby
80
+ require 'secure_yaml'
81
+
82
+ decrypted_yaml = SecureYaml::parse("some correctly formatted yaml text")
83
+ ```
84
+ <br />
85
+
77
86
  ### Customising decryption
78
87
 
79
88
  The default decryption method applied by this library when loading a YAML file is [AES-256-CFB](http://en.wikipedia.org/wiki/Advanced_Encryption_Standard).
@@ -14,6 +14,10 @@ module SecureYaml
14
14
  yaml_loader(opts[:decryption_algorithm], retrieve_secret_key(opts[:secret_key_property_name])).load(yaml_file)
15
15
  end
16
16
 
17
+ def self.parse(yaml, opts = {})
18
+ load(StringIO.new(yaml), opts)
19
+ end
20
+
17
21
  private
18
22
 
19
23
  def self.retrieve_secret_key(secret_key_prop_name)
@@ -6,12 +6,17 @@ module SecureYaml
6
6
 
7
7
  def execute(command_line_args)
8
8
 
9
- raise "USAGE: encrypt_property_for_yaml <SECRET_KEY> <PROPERTY_VALUE_TO_ENCRYPT>" unless command_line_args.length == 2
9
+ raise "USAGE: encrypt_property_for_yaml encrypt|decrypt <SECRET_KEY> <PROPERTY_VALUE_TO_ENCRYPT>" unless command_line_args.length == 3
10
10
 
11
- secret_key = command_line_args[0]
12
- plain_text = command_line_args[1]
11
+ mode = command_line_args[0]
12
+ secret_key = command_line_args[1]
13
+ plain_text = command_line_args[2]
13
14
 
14
- puts "#{ENCRYPTED_PROPERTY_WRAPPER_ID}(#{Cipher.new.encrypt(secret_key, plain_text)})"
15
+ if mode == 'encrypt'
16
+ puts "#{ENCRYPTED_PROPERTY_WRAPPER_ID}(#{Cipher.new.encrypt(secret_key, plain_text)})"
17
+ else
18
+ puts Cipher.new.decrypt(secret_key, plain_text)
19
+ end
15
20
  end
16
21
 
17
22
  end
@@ -1,5 +1,5 @@
1
1
  module SecureYaml
2
2
 
3
- VERSION = "2.0.1"
3
+ VERSION = "2.0.2"
4
4
 
5
5
  end
@@ -14,7 +14,9 @@ module SecureYaml
14
14
  when Hash
15
15
  yaml.inject({}) {|new_hash, (key, value)| new_hash[key] = decrypt(value); new_hash}
16
16
  when String
17
- yaml.gsub(/^#{ENCRYPTED_PROPERTY_WRAPPER_ID}\((.*)\)$/) {@decryption_algorithm.decrypt(@secret_key, $1)}
17
+ yaml.gsub(/\b#{ENCRYPTED_PROPERTY_WRAPPER_ID}\((.*)\)(?:\b|$)/) {@decryption_algorithm.decrypt(@secret_key, $1)}
18
+ when Array
19
+ yaml.map {|element| decrypt(element)}
18
20
  else
19
21
  yaml
20
22
  end
@@ -8,13 +8,13 @@ describe 'SecureYaml' do
8
8
  @test_yaml_file = File.open('spec/fixtures/test.yml')
9
9
  end
10
10
 
11
- it 'should load decrypted yaml file using default decryption algorithm' do
11
+ it 'should load encrypted yaml file using default decryption algorithm' do
12
12
  yaml = SecureYaml::load(@test_yaml_file)
13
13
 
14
14
  yaml.should == {'plain_prop' => '1234', 'encrypted_prop' => 'secret-text'}
15
15
  end
16
16
 
17
- it 'should load decrypted yaml file using custom decryption algorithm' do
17
+ it 'should decrypt yaml using custom decryption algorithm' do
18
18
  custom_decryption_algorithm = Class.new {
19
19
  def self.decrypt(secret_key, encrypted_data)
20
20
  "decrypted!"
@@ -26,4 +26,12 @@ describe 'SecureYaml' do
26
26
  yaml.should == {'plain_prop' => '1234', 'encrypted_prop' => 'decrypted!'}
27
27
  end
28
28
 
29
+ it 'should parse encrypted yaml string using default decryption algorithm' do
30
+ encrypted_yaml_str = {:plain_prop => '1234', :encrypted_prop => 'ENC(EBnrEqmvC5BbOXw=)'}.to_yaml
31
+
32
+ yaml = SecureYaml::parse(encrypted_yaml_str)
33
+
34
+ yaml.should == {:plain_prop => '1234', :encrypted_prop => 'secret-text'}
35
+ end
36
+
29
37
  end
@@ -16,7 +16,7 @@ describe 'SecureYaml' do
16
16
  @loader.stub(:load).and_return(@yaml)
17
17
  end
18
18
 
19
- it 'should load decrypted yaml file' do
19
+ it 'should load encrypted yaml file' do
20
20
  ENV[SecureYaml::DEFAULT_SECRET_KEY_PROP_NAME] = @secret_key
21
21
  SecureYaml::YamlDecrypter.stub(:new).with(@default_decryption_algorithm, @secret_key).and_return(@yaml_decrypter)
22
22
 
@@ -25,6 +25,15 @@ describe 'SecureYaml' do
25
25
  yaml.should == @yaml
26
26
  end
27
27
 
28
+ it 'should parse encrypted yaml string' do
29
+ ENV[SecureYaml::DEFAULT_SECRET_KEY_PROP_NAME] = @secret_key
30
+ SecureYaml::YamlDecrypter.stub(:new).with(@default_decryption_algorithm, @secret_key).and_return(@yaml_decrypter)
31
+
32
+ yaml = SecureYaml::parse("")
33
+
34
+ yaml.should == @yaml
35
+ end
36
+
28
37
  it 'should raise error on load if secret key env property not set' do
29
38
  ENV[SecureYaml::DEFAULT_SECRET_KEY_PROP_NAME] = nil
30
39
 
@@ -15,7 +15,7 @@ describe 'Property encryption command line interface' do
15
15
 
16
16
  $stdout.should_receive(:puts).with("#{SecureYaml::ENCRYPTED_PROPERTY_WRAPPER_ID}(#{@encrypted_text})")
17
17
 
18
- SecureYaml::PropertyEncryptionApplication.new.execute([@secret_key, @plain_text])
18
+ SecureYaml::PropertyEncryptionApplication.new.execute(["encrypt", @secret_key, @plain_text])
19
19
  end
20
20
 
21
21
  it 'should raise error unless secret key and plain text have been included as command line args' do
@@ -24,7 +24,7 @@ describe 'Property encryption command line interface' do
24
24
  end
25
25
 
26
26
  it 'should raise error if too many comand line args' do
27
- expect {SecureYaml::PropertyEncryptionApplication.new.execute([@secret_key, @plain_text, 'unexpected'])}.to raise_error
27
+ expect {SecureYaml::PropertyEncryptionApplication.new.execute(["encrypt", @secret_key, @plain_text, 'unexpected'])}.to raise_error
28
28
  end
29
29
 
30
- end
30
+ end
@@ -10,6 +10,14 @@ describe 'Yaml decrypter' do
10
10
  @plain_text = 'some plain text'
11
11
  end
12
12
 
13
+ it 'should decrypt encoded values in plain strings' do
14
+ encrypted_data = 'encrypted data'
15
+ @cipher.stub(:decrypt).with(@secret_key, encrypted_data).and_return(@decrypted_result)
16
+ hash = {:encrypted_prop => "ENC(#{encrypted_data})", :plain_prop => @plain_text}
17
+ data = @decrypter.decrypt(hash.to_yaml)
18
+ YAML.load(data).should == {:encrypted_prop => @decrypted_result, :plain_prop => @plain_text}
19
+ end
20
+
13
21
  it 'should decrypt only marked encrypted properties' do
14
22
  encrypted_data = 'encrypted data'
15
23
  @cipher.stub(:decrypt).with(@secret_key, encrypted_data).and_return(@decrypted_result)
@@ -44,6 +52,15 @@ describe 'Yaml decrypter' do
44
52
  data.should == {:parent_prop => {:nested_prop => @decrypted_result, :parent_prop_2 => {:nested_prop_2 => @decrypted_result}}}
45
53
  end
46
54
 
55
+ it 'should decrypt encrypted properties of array elements' do
56
+ encrypted_data = 'encrypted data'
57
+ @cipher.stub(:decrypt).and_return(@decrypted_result)
58
+
59
+ data = @decrypter.decrypt([{:encrypted_prop => "ENC(#{encrypted_data})"}])
60
+
61
+ data.should == [{:encrypted_prop => @decrypted_result}]
62
+ end
63
+
47
64
  it 'should ignore any property of non-string type' do
48
65
  numeric_prop = {:numeric => 1}
49
66
 
@@ -52,4 +69,4 @@ describe 'Yaml decrypter' do
52
69
  data.should == numeric_prop
53
70
  end
54
71
 
55
- end
72
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: secure_yaml
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.1
4
+ version: 2.0.2
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2012-08-30 00:00:00.000000000 Z
12
+ date: 2017-02-09 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rspec