secure_yaml 2.0.1 → 2.0.2

data/README.md

@@ -19,7 +19,7 @@ This library attempts to address this concern by allowing sensitive information
 The gem provides a simple command line utility called ```encrypt_property_for_yaml``` that prints out the encrypted form of a plain text property.
 
 ```
-USAGE: encrypt_property_for_yaml <SECRET_KEY> <PROPERTY_VALUE_TO_ENCRYPT>
+USAGE: encrypt_property_for_yaml encrypt|decrypt <SECRET_KEY> <PROPERTY_VALUE_TO_ENCRYPT>
 ```
 
 For example:
@@ -74,6 +74,15 @@ decrypted_yaml = SecureYaml::load(File.open('database.yml'), {
 ```
 
 <br />
+<strong>4) Parse and use the decrypted version of a YAML string within your app</strong>
+
+```ruby
+require 'secure_yaml'
+
+decrypted_yaml = SecureYaml::parse("some correctly formatted yaml text")
+```
+<br />
+
 ### Customising decryption
 
 The default decryption method applied by this library when loading a YAML file is [AES-256-CFB](http://en.wikipedia.org/wiki/Advanced_Encryption_Standard).

data/lib/secure_yaml.rb

@@ -14,6 +14,10 @@ module SecureYaml
     yaml_loader(opts[:decryption_algorithm], retrieve_secret_key(opts[:secret_key_property_name])).load(yaml_file)
   end
 
+  def self.parse(yaml, opts = {})
+    load(StringIO.new(yaml), opts)
+  end
+
   private
 
   def self.retrieve_secret_key(secret_key_prop_name)

data/lib/secure_yaml/cli/property_encryption_application.rb

@@ -6,12 +6,17 @@ module SecureYaml
 
     def execute(command_line_args)
 
-      raise "USAGE: encrypt_property_for_yaml <SECRET_KEY> <PROPERTY_VALUE_TO_ENCRYPT>" unless command_line_args.length == 2
+      raise "USAGE: encrypt_property_for_yaml encrypt|decrypt <SECRET_KEY> <PROPERTY_VALUE_TO_ENCRYPT>" unless command_line_args.length == 3
 
-      secret_key = command_line_args[0]
-      plain_text = command_line_args[1]
+      mode = command_line_args[0]
+      secret_key = command_line_args[1]
+      plain_text = command_line_args[2]
 
-      puts "#{ENCRYPTED_PROPERTY_WRAPPER_ID}(#{Cipher.new.encrypt(secret_key, plain_text)})"
+      if mode == 'encrypt'
+            puts "#{ENCRYPTED_PROPERTY_WRAPPER_ID}(#{Cipher.new.encrypt(secret_key, plain_text)})"
+      else
+            puts Cipher.new.decrypt(secret_key, plain_text)
+      end
     end
 
   end

data/lib/secure_yaml/version.rb

@@ -1,5 +1,5 @@
 module SecureYaml
 
-  VERSION = "2.0.1"
+  VERSION = "2.0.2"
 
 end

data/lib/secure_yaml/yaml_decrypter.rb

@@ -14,7 +14,9 @@ module SecureYaml
         when Hash
           yaml.inject({}) {|new_hash, (key, value)| new_hash[key] = decrypt(value); new_hash}
         when String
-          yaml.gsub(/^#{ENCRYPTED_PROPERTY_WRAPPER_ID}\((.*)\)$/) {@decryption_algorithm.decrypt(@secret_key, $1)}
+          yaml.gsub(/\b#{ENCRYPTED_PROPERTY_WRAPPER_ID}\((.*)\)(?:\b|$)/) {@decryption_algorithm.decrypt(@secret_key, $1)}
+        when Array
+          yaml.map {|element| decrypt(element)}
         else
           yaml
       end

data/spec/integration/secure_yaml_spec.rb

@@ -8,13 +8,13 @@ describe 'SecureYaml' do
     @test_yaml_file = File.open('spec/fixtures/test.yml')
   end
 
-  it 'should load decrypted yaml file using default decryption algorithm' do
+  it 'should load encrypted yaml file using default decryption algorithm' do
     yaml = SecureYaml::load(@test_yaml_file)
 
     yaml.should == {'plain_prop' => '1234', 'encrypted_prop' => 'secret-text'}
   end
 
-  it 'should load decrypted yaml file using custom decryption algorithm' do
+  it 'should decrypt yaml using custom decryption algorithm' do
     custom_decryption_algorithm = Class.new {
       def self.decrypt(secret_key, encrypted_data)
         "decrypted!"
@@ -26,4 +26,12 @@ describe 'SecureYaml' do
     yaml.should == {'plain_prop' => '1234', 'encrypted_prop' => 'decrypted!'}
   end
 
+  it 'should parse encrypted yaml string using default decryption algorithm' do
+    encrypted_yaml_str = {:plain_prop => '1234', :encrypted_prop => 'ENC(EBnrEqmvC5BbOXw=)'}.to_yaml
+
+    yaml = SecureYaml::parse(encrypted_yaml_str)
+
+    yaml.should == {:plain_prop => '1234', :encrypted_prop => 'secret-text'}
+  end
+
 end

data/spec/secure_yaml_spec.rb

@@ -16,7 +16,7 @@ describe 'SecureYaml' do
     @loader.stub(:load).and_return(@yaml)
   end
 
-  it 'should load decrypted yaml file' do
+  it 'should load encrypted yaml file' do
     ENV[SecureYaml::DEFAULT_SECRET_KEY_PROP_NAME] = @secret_key
     SecureYaml::YamlDecrypter.stub(:new).with(@default_decryption_algorithm, @secret_key).and_return(@yaml_decrypter)
 
@@ -25,6 +25,15 @@ describe 'SecureYaml' do
     yaml.should == @yaml
   end
 
+  it 'should parse encrypted yaml string' do
+    ENV[SecureYaml::DEFAULT_SECRET_KEY_PROP_NAME] = @secret_key
+    SecureYaml::YamlDecrypter.stub(:new).with(@default_decryption_algorithm, @secret_key).and_return(@yaml_decrypter)
+
+    yaml = SecureYaml::parse("")
+
+    yaml.should == @yaml
+  end
+
   it 'should raise error on load if secret key env property not set' do
     ENV[SecureYaml::DEFAULT_SECRET_KEY_PROP_NAME] = nil
 

data/spec/unit/secure_yaml/cli/property_encryption_application_spec.rb

@@ -15,7 +15,7 @@ describe 'Property encryption command line interface' do
 
     $stdout.should_receive(:puts).with("#{SecureYaml::ENCRYPTED_PROPERTY_WRAPPER_ID}(#{@encrypted_text})")
 
-    SecureYaml::PropertyEncryptionApplication.new.execute([@secret_key, @plain_text])
+    SecureYaml::PropertyEncryptionApplication.new.execute(["encrypt", @secret_key, @plain_text])
   end
 
   it 'should raise error unless secret key and plain text have been included as command line args' do
@@ -24,7 +24,7 @@ describe 'Property encryption command line interface' do
   end
 
   it 'should raise error if too many comand line args' do
-    expect {SecureYaml::PropertyEncryptionApplication.new.execute([@secret_key, @plain_text, 'unexpected'])}.to raise_error
+    expect {SecureYaml::PropertyEncryptionApplication.new.execute(["encrypt", @secret_key, @plain_text, 'unexpected'])}.to raise_error
   end
 
-end
+end

data/spec/unit/secure_yaml/yaml_decrypter_spec.rb

@@ -10,6 +10,14 @@ describe 'Yaml decrypter' do
     @plain_text = 'some plain text'
   end
 
+  it 'should decrypt encoded values in plain strings' do
+    encrypted_data = 'encrypted data'
+    @cipher.stub(:decrypt).with(@secret_key, encrypted_data).and_return(@decrypted_result)
+    hash = {:encrypted_prop => "ENC(#{encrypted_data})", :plain_prop => @plain_text}
+    data = @decrypter.decrypt(hash.to_yaml)
+    YAML.load(data).should == {:encrypted_prop => @decrypted_result, :plain_prop => @plain_text}
+  end
+
   it 'should decrypt only marked encrypted properties' do
     encrypted_data = 'encrypted data'
     @cipher.stub(:decrypt).with(@secret_key, encrypted_data).and_return(@decrypted_result)
@@ -44,6 +52,15 @@ describe 'Yaml decrypter' do
     data.should == {:parent_prop => {:nested_prop => @decrypted_result, :parent_prop_2 => {:nested_prop_2 => @decrypted_result}}}
   end
 
+  it 'should decrypt encrypted properties of array elements' do
+    encrypted_data = 'encrypted data'
+    @cipher.stub(:decrypt).and_return(@decrypted_result)
+
+    data = @decrypter.decrypt([{:encrypted_prop => "ENC(#{encrypted_data})"}])
+
+    data.should == [{:encrypted_prop => @decrypted_result}]
+  end
+
   it 'should ignore any property of non-string type' do
     numeric_prop = {:numeric => 1}
 
@@ -52,4 +69,4 @@ describe 'Yaml decrypter' do
     data.should == numeric_prop
   end
 
-end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: secure_yaml
 version: !ruby/object:Gem::Version
-  version: 2.0.1
+  version: 2.0.2
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-08-30 00:00:00.000000000 Z
+date: 2017-02-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec