sidekiq-field-encryptor 0.1.1 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: d7b580f10f55bd99cc1b08a0d41157746562b155
-  data.tar.gz: d93bb7059b52325809a24f161c98ec4b705f9323
+SHA256:
+  metadata.gz: 17ebe672dfa0a9ce9941c411ae902205222c07606a74cb4515fcd69bea950a00
+  data.tar.gz: 6e5a0a1942a16b0a59a04ff8b6f31d4a60637bf7036634286ed7892c726ec705
 SHA512:
-  metadata.gz: 73208766812240af540b2fac93f98f4d585ffb0065dda731dbd47be7b01ee4d4b8eab048925c2254c465ce46ecaf0a775ffb6a6e010c1b52d429f04119992f02
-  data.tar.gz: 04f77a80f08b85d429c804a38b2244a4f5f564cd6a4a5e7704fb9727796261d7280a0fc47f80a4d3f593d9a6940be13f9b397c6d4f930a38eb294440012aa048
+  metadata.gz: 223e413322218a774fad26818770f62a3604e2461e8a3941f52f4670a211c1a0ccacdb57642a7abd8d79d34a25a0d49dd44d6dacd044808f6ff3b69580ced6b2
+  data.tar.gz: 0bccf7635de692edb8c21bf39dc86f15c7fb96015df2df2623f3636922b72ab7a7c822f99f2357eaae9245ffd6f525229594029cf8053eeb193779f3187a7a8e

data/.github/CODEOWNERS

@@ -0,0 +1,2 @@
+*   @aguilinger
+*   @mdelaossa

data/.github/workflows/test.yml

@@ -0,0 +1,49 @@
+name: Tests
+
+on:
+  pull_request:
+    branches:
+      - main
+      - master
+  push:
+    branches:
+      - main
+      - master
+
+jobs:
+  test:
+    name: Test Ruby ${{ matrix.RUBY_VERSION }}
+    runs-on: ubuntu-24.04
+    strategy:
+      fail-fast: false
+      matrix:
+        RUBY_VERSION: ["2.6", "3.3"]
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Install Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.RUBY_VERSION }}
+          bundler-cache: true
+
+      - name: Run Lint
+        run: bundle exec rubocop
+
+      - name: Run Tests
+        run: bundle exec rspec
+
+  results:
+    if: ${{ always() }}
+    runs-on: ubuntu-latest
+    name: Final Results
+    needs: [test]
+    steps:
+      - run: exit 1
+        # see https://stackoverflow.com/a/67532120/4907315
+        if: >-
+          ${{
+               contains(needs.*.result, 'failure')
+            || contains(needs.*.result, 'cancelled')
+          }}

data/.rspec

@@ -1,2 +1,3 @@
 --color
---format documentation
+--format documentation
+--require spec_helper

data/.rubocop-https---raw-githubusercontent-com-aptible-dryer-lint-main--rubocop-base-yml

@@ -0,0 +1,353 @@
+require:
+  - rubocop-rspec
+
+Gemspec/DeprecatedAttributeAssignment:
+  Enabled: true
+
+Gemspec/RequireMFA:
+  Enabled: true
+
+Layout/LineContinuationLeadingSpace:
+  Enabled: true
+
+Layout/LineContinuationSpacing:
+  Enabled: true
+
+Layout/LineEndStringConcatenationIndentation:
+  Enabled: true
+
+Layout/SpaceBeforeBrackets:
+  Enabled: true
+
+Lint/AmbiguousAssignment:
+  Enabled: true
+
+Lint/AmbiguousOperatorPrecedence:
+  Enabled: true
+
+Lint/AmbiguousRange:
+  Enabled: true
+
+Lint/ConstantOverwrittenInRescue:
+  Enabled: true
+
+Lint/DeprecatedConstants:
+  Enabled: true
+
+Lint/DuplicateBranch:
+  Enabled: true
+
+Lint/DuplicateMagicComment:
+  Enabled: true
+
+Lint/DuplicateRegexpCharacterClassElement:
+  Enabled: true
+
+Lint/EmptyBlock:
+  Enabled: false
+
+Lint/EmptyClass:
+  Enabled: true
+
+Lint/EmptyInPattern:
+  Enabled: true
+
+Lint/IncompatibleIoSelectWithFiberScheduler:
+  Enabled: true
+
+Lint/LambdaWithoutLiteralBlock:
+  Enabled: true
+
+Lint/NoReturnInBeginEndBlocks:
+  Enabled: true
+
+Lint/NonAtomicFileOperation:
+  Enabled: true
+
+Lint/NumberedParameterAssignment:
+  Enabled: true
+
+Lint/OrAssignmentToConstant:
+  Enabled: true
+
+Lint/RedundantDirGlobSort:
+  Enabled: true
+
+Lint/RefinementImportMethods:
+  Enabled: true
+
+Lint/RequireRangeParentheses:
+  Enabled: true
+
+Lint/RequireRelativeSelfPath:
+  Enabled: true
+
+Lint/SymbolConversion:
+  Enabled: true
+
+Lint/ToEnumArguments:
+  Enabled: true
+
+Lint/TripleQuotes:
+  Enabled: true
+
+Lint/UnexpectedBlockArity:
+  Enabled: true
+
+Lint/UnmodifiedReduceAccumulator:
+  Enabled: true
+
+Lint/UselessRuby2Keywords:
+  Enabled: true
+
+Security/CompoundHash:
+  Enabled: true
+
+Security/IoMethods:
+  Enabled: true
+
+Style/ArgumentsForwarding:
+  Enabled: true
+
+Style/CollectionCompact:
+  Enabled: true
+
+Style/DocumentDynamicEvalDefinition:
+  Enabled: true
+
+Style/EmptyHeredoc:
+  Enabled: true
+
+Style/EndlessMethod:
+  Enabled: true
+
+Style/EnvHome:
+  Enabled: true
+
+Style/FetchEnvVar:
+  Enabled: true
+
+Style/FileRead:
+  Enabled: true
+
+Style/FileWrite:
+  Enabled: true
+
+# TODO - remove this when this has been released on rubocop
+Style/GuardClause:
+  Enabled: false
+
+Style/HashConversion:
+  Enabled: true
+
+Style/HashExcept:
+  Enabled: true
+
+Style/IfWithBooleanLiteralBranches:
+  Enabled: true
+
+Style/InPatternThen:
+  Enabled: true
+
+Style/MagicCommentFormat:
+  Enabled: true
+
+Style/MapCompactWithConditionalBlock:
+  Enabled: true
+
+Style/MapToHash:
+  Enabled: true
+
+Style/MultilineInPatternThen:
+  Enabled: true
+
+Style/NegatedIfElseCondition:
+  Enabled: true
+
+Style/NestedFileDirname:
+  Enabled: true
+
+Style/NilLambda:
+  Enabled: true
+
+Style/NumberedParameters:
+  Enabled: true
+
+Style/NumberedParametersLimit:
+  Enabled: true
+
+Style/NumericLiterals:
+  Enabled: false
+
+Style/ObjectThen:
+  Enabled: true
+
+Style/OpenStructUse:
+  Enabled: true
+
+Style/OperatorMethodCall:
+  Enabled: true
+
+Style/QuotedSymbols:
+  Enabled: true
+
+Style/RedundantArgument:
+  Enabled: true
+
+Style/RedundantEach:
+  Enabled: true
+
+Style/RedundantInitialize:
+  Enabled: true
+
+Style/RedundantSelfAssignmentBranch:
+  Enabled: true
+
+Style/RedundantStringEscape:
+  Enabled: true
+
+Style/SelectByRegexp:
+  Enabled: true
+
+Style/StringChars:
+  Enabled: true
+
+Style/SwapValues:
+  Enabled: true
+
+RSpec/BeEq:
+  Enabled: true
+
+RSpec/BeNil:
+  Enabled: true
+
+RSpec/ChangeByZero:
+  Enabled: true
+
+RSpec/ClassCheck:
+  Enabled: true
+
+RSpec/ExcessiveDocstringSpacing:
+  Enabled: true
+
+RSpec/IdenticalEqualityAssertion:
+  Enabled: true
+
+RSpec/SortMetadata:
+  Enabled: true
+
+RSpec/SubjectDeclaration:
+  Enabled: true
+
+RSpec/StubbedMock:
+  Enabled: false
+
+RSpec/VerifiedDoubleReference:
+  Enabled: true
+
+###############################################################################
+##                           Customizations                                  ##
+###############################################################################
+
+# Try to keep a balance between the fact that some people are
+# working from laptops and the fact that unnecessarily short
+# lines make code hard to read.
+Layout/LineLength:
+  Enabled: true
+  Max: 120
+
+# TODO: We have enough places where this isn't used that it would
+#       be hard to switch, but maybe we should enable in the future?
+RSpec/NamedSubject:
+  Enabled: false
+
+# Sometimes our tests are only confirming that
+# an exception isn't raised.
+RSpec/NoExpectationExample:
+  Enabled: false
+
+# These sometimes make tests look nicer.
+RSpec/NestedGroups:
+  Enabled: false
+
+RSpec/RepeatedExampleGroupBody:
+  Enabled: false
+
+RSpec/MultipleMemoizedHelpers:
+  Max: 20
+
+RSpec/SubjectStub:
+  Enabled: false
+
+RSpec/MessageSpies:
+  Enabled: false
+
+RSpec/ExpectInHook:
+  Enabled: false
+
+RSpec/MultipleExpectations:
+  Enabled: false
+
+RSpec/ExampleLength:
+  Enabled: false
+
+# These aren't effective enough at calculating the right
+# kinds of complexity.
+Metrics/CyclomaticComplexity:
+  Enabled: false
+
+Metrics/AbcSize:
+  Enabled: false
+
+Metrics/PerceivedComplexity:
+  Enabled: false
+
+# Favor explicit over implicit.
+Metrics/ParameterLists:
+  Max: 20
+
+Style/HashSyntax:
+  Enabled: false
+
+Naming/BlockForwarding:
+  Enabled: true
+  EnforcedStyle: explicit
+
+# This probably isn't right to disable, but at the same time, there
+# are places where we're using (valid) boilerplate code that adds up.
+Metrics/MethodLength:
+  Enabled: false
+
+# This probably isn't best to change either, but some modules and corresponding
+# helpers will have a fair number of lines and this seems arbitrarily limiting
+Metrics/ModuleLength:
+  Enabled: false
+
+# We may want to re-enable this in the future with a reasonable value,
+# but right now this is overly prescriptive, especially in scenarios
+# where we have a lot of boilerplate code.
+Metrics/ClassLength:
+  Enabled: false
+
+# This is fine being a judgement call.
+Metrics/BlockLength:
+  Enabled: false
+
+# This is overly prescriptive with minimal gain.
+RSpec/ContextWording:
+  Enabled: false
+
+# This is allowing something implicit, which isn't ideal,
+# but it's also something we heavily leverage.
+RSpec/LetSetup:
+  Enabled: false
+
+# This doesn't feel great to add, but unfortunately it's making
+# incorrect assumptions about some of our function names
+# which causes a lot of false positives.
+RSpec/PredicateMatcher:
+  Enabled: false
+
+# There are valid reasons to do this.
+RSpec/InstanceVariable:
+  Enabled: false

data/.rubocop.yml

@@ -0,0 +1,16 @@
+inherit_from:
+  - https://raw.githubusercontent.com/aptible/dryer-lint/main/.rubocop.base.yml
+  - .rubocop_ignore.yml
+
+Style/GuardClause:
+  Enabled: false
+
+AllCops:
+  TargetRubyVersion: 3.1
+  NewCops: disable
+  Include:
+    - !ruby/regexp /\.rb$/
+    - !ruby/regexp /Gemfile$/
+    - !ruby/regexp /\.gemspec$/
+    - !ruby/regexp /\.rake$/
+    - !ruby/regexp /Rakefile$/

data/.rubocop_ignore.yml

@@ -0,0 +1,11 @@
+Naming/FileName:
+  Exclude:
+    - 'lib/sidekiq-field-encryptor.rb'
+
+RSpec/MultipleDescribes:
+  Exclude:
+    - 'spec/sidekiq-field-encryptor/encryptor_spec.rb'
+
+Gemspec/RequiredRubyVersion:
+  Exclude:
+    - 'sidekiq-field-encryptor.gemspec'

data/Gemfile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 
 # Specify your gem's dependencies in sidekiq-field-encryptor.gemspec

data/README.md

@@ -1,7 +1,6 @@
 # ![](https://raw.github.com/aptible/straptible/master/lib/straptible/rails/templates/public.api/icon-60px.png) Sidekiq::Field::Encryptor
 
 [![Gem Version](https://badge.fury.io/rb/sidekiq-field-encryptor.png)](https://rubygems.org/gems/sidekiq-field-encryptor)
-[![Build Status](https://travis-ci.org/aptible/sidekiq-field-encryptor.png?branch=master)](https://travis-ci.org/aptible/sidekiq-field-encryptor)
 [![Dependency Status](https://gemnasium.com/aptible/sidekiq-field-encryptor.png)](https://gemnasium.com/aptible/sidekiq-field-encryptor)
 
 This is a utility which is intended to be used for encrypting sensitive data in Sidekiq jobs. The data is encrypted before sending it to Redis, and decrypted right before the Sidekiq job is executed.
@@ -39,11 +38,11 @@ decrypt the values inside the client before the job is executed.
 
 1. Fork the project.
 1. Commit your changes, with specs.
-1. Ensure that your code passes specs (`rake spec`) and meets Aptible's Ruby style guide (`rake rubocop`).
+1. Ensure that your code passes specs (`bundle exec rspec`) and meets Aptible's Ruby style guide (`bundle exec rubocop`).
 1. Create a new pull request on GitHub.
 
 ## Copyright and License
 
 MIT License, see [LICENSE](LICENSE.md) for details.
 
-Copyright (c) 2015 [Aptible](https://www.aptible.com), Blake Pettersson, and contributors.
+Copyright (c) 2024 [Aptible](https://www.aptible.com), Blake Pettersson, and contributors.

data/Rakefile

@@ -1,4 +1,3 @@
-require 'bundler/gem_tasks'
+# frozen_string_literal: true
 
-require 'aptible/tasks'
-Aptible::Tasks.load_tasks
+require 'bundler/gem_tasks'

data/SECURITY.md

@@ -0,0 +1,23 @@
+# Aptible Open Source Security Policies and Procedures
+
+This document outlines security procedures and general policies for the Aptible open source projects as found on https://github.com/aptible.
+
+  * [Reporting a Vulnerability](#reporting-a-vulnerability)
+  * [Responsible Disclosure Policy](#responsible-disclosure-policy)
+
+## Reporting a Vulnerability 
+
+The Aptible team and community take all security vulnerabilities
+seriously. Thank you for improving the security of our open source software. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.
+
+Report security vulnerabilities by emailing the Aptible security team at:
+    
+    security@aptible.com
+
+Security researchers can also privately report security vulnerabilities to repository maintainers using the GitHub "Report a Vulnerability" feature. [See how-to here](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability).
+
+The Aptible team will acknowledge your email within 24 business hours and send a detailed response within 48 business hours indicating the next steps in handling your report. The Aptible security team will keep you informed of the progress and may ask for additional information or guidance.
+
+## Responsible Disclosure Policy
+
+Please see Aptible's Responsible Disclosure Policy here: https://www.aptible.com/legal/responsible-disclosure/

data/lib/sidekiq-field-encryptor/encryptor.rb

@@ -1,5 +1,8 @@
+# frozen_string_literal: true
+
 require 'base64'
 require 'encryptor'
+require 'json'
 require 'sidekiq-field-encryptor/version'
 
 # This middleware configures encryption of any fields that can contain sensitive
@@ -21,52 +24,95 @@ require 'sidekiq-field-encryptor/version'
 # Will encrypt the values {'x' => 1} and 'b' when storing the job in Redis and
 # decrypt the values inside the client before the job is executed.
 module SidekiqFieldEncryptor
+  SERIALIZE_JSON = 'json'
+  SERIALIZE_MARHSALL = 'marshal'
+
+  # Shared methods between client and base
   class Base
     def initialize(options = {})
       @encryption_key = options[:encryption_key]
       @encrypted_fields = options[:encrypted_fields] || {}
       @encryption_algorithm = options[:encryption_algorithm] || 'aes-256-gcm'
+
+      @serialization_method = options[:serialization_method] || SERIALIZE_JSON
+      @serialization_compat = options[:serialization_compat]
     end
 
     def assert_key_configured
       raise 'Encryption key not configured' if @encryption_key.nil?
     end
 
+    def serialize(value)
+      case @serialization_method
+      when SERIALIZE_JSON
+        JSON.generate(value, quirks_mode: true)
+      when SERIALIZE_MARHSALL
+        Marshal.dump(value)
+      else
+        raise "Invalid serialization_method: #{@serialization_method}"
+      end
+    end
+
+    def deserialize(method, value)
+      if !@serialization_compat && method != @serialization_method
+        raise "Invalid serialization_method received: #{method}"
+      end
+
+      case method
+      when SERIALIZE_JSON
+        JSON.parse(value, quirks_mode: true)
+      when SERIALIZE_MARHSALL, nil
+        # No method used to be Marshall, so we respect this here
+        Marshal.load(value) # rubocop:disable Security/MarshalLoad
+      else
+        raise "Invalid serialization_method: #{@serialization_method}"
+      end
+    end
+
     def encrypt(value)
-      plaintext = Marshal.dump(value)
-      iv = OpenSSL::Cipher::Cipher.new(@encryption_algorithm).random_iv
+      plaintext = serialize(value)
+      iv = OpenSSL::Cipher.new(@encryption_algorithm).random_iv
       args = { key: @encryption_key, iv: iv, algorithm: @encryption_algorithm }
       ciphertext = ::Encryptor.encrypt(plaintext, **args)
-      [::Base64.encode64(ciphertext), ::Base64.encode64(iv)]
+      [
+        ::Base64.encode64(ciphertext),
+        ::Base64.encode64(iv),
+        @serialization_method
+      ]
     end
 
     def decrypt(encrypted)
-      ciphertext, iv = encrypted.map { |value| ::Base64.decode64(value) }
+      base64_ciphertext, base64_iv, serialization_method = encrypted
+      ciphertext = ::Base64.decode64(base64_ciphertext)
+      iv = ::Base64.decode64(base64_iv)
       args = { key: @encryption_key, iv: iv, algorithm: @encryption_algorithm }
       plaintext = ::Encryptor.decrypt(ciphertext, **args)
-      Marshal.load(plaintext)
+      deserialize(serialization_method, plaintext)
     end
 
     def process_message(message)
       fields = @encrypted_fields[message['class']]
       return unless fields
+
       assert_key_configured
       message['args'].size.times.each do |arg_index|
         to_encrypt = fields[arg_index]
         next unless to_encrypt
+
         raw_value = message['args'][arg_index]
         if to_encrypt == true
           message['args'][arg_index] = yield(raw_value)
         elsif to_encrypt.is_a?(Array) && raw_value.is_a?(Hash)
-          message['args'][arg_index] = Hash[raw_value.map do |key, value|
+          message['args'][arg_index] = raw_value.to_h do |key, value|
             value = yield(value) if to_encrypt.member?(key.to_s)
             [key, value]
-          end]
+          end
         end
       end
     end
   end
 
+  # Used when encrypting fields
   class Client < Base
     def call(_, message, _, _)
       process_message(message) { |value| encrypt(value) }
@@ -74,6 +120,7 @@ module SidekiqFieldEncryptor
     end
   end
 
+  # Used when decrypting fields
   class Server < Base
     def call(_, message, _)
       process_message(message) { |value| decrypt(value) }

data/lib/sidekiq-field-encryptor/version.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module SidekiqFieldEncryptor
-  VERSION = '0.1.1'.freeze
+  VERSION = '0.3.0'
 end

data/lib/sidekiq-field-encryptor.rb

@@ -1,2 +1,4 @@
+# frozen_string_literal: true
+
 require 'sidekiq-field-encryptor/version'
 require 'sidekiq-field-encryptor/encryptor'

data/sidekiq-field-encryptor.gemspec

@@ -1,5 +1,6 @@
-# encoding: utf-8
-lib = File.expand_path('../lib', __FILE__)
+# frozen_string_literal: true
+
+lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 require 'English'
@@ -16,13 +17,13 @@ Gem::Specification.new do |spec|
   spec.license       = 'MIT'
 
   spec.files         = `git ls-files`.split($RS)
-  spec.test_files    = spec.files.grep(%r{^spec/})
   spec.require_paths = ['lib']
 
   spec.add_dependency 'encryptor'
 
   spec.add_development_dependency 'bundler'
-  spec.add_development_dependency 'aptible-tasks'
   spec.add_development_dependency 'rake'
-  spec.add_development_dependency 'rspec'
+  spec.add_development_dependency 'rspec', '~> 3.12'
+  spec.add_development_dependency 'rubocop-rspec'
+  spec.metadata['rubygems_mfa_required'] = 'true'
 end

data/spec/sidekiq-field-encryptor/encryptor_spec.rb

@@ -1,7 +1,9 @@
+# frozen_string_literal: true
+
 require 'spec_helper'
 
 describe SidekiqFieldEncryptor::Client do
-  let(:key) { OpenSSL::Cipher::Cipher.new('aes-256-cbc').random_key }
+  let(:key) { OpenSSL::Cipher.new('aes-256-cbc').random_key }
   let(:message) do
     { 'class' => 'FooJob', 'args' => [1, 2, { 'a' => 'A', 'b' => 'B' }] }
   end
@@ -10,8 +12,9 @@ describe SidekiqFieldEncryptor::Client do
     it "doesn't fail when encryption isn't attempted" do
       subject.call('FooJob', message, nil, nil) {}
     end
+
     it 'fails when encryption is attempted' do
-      client = SidekiqFieldEncryptor::Client.new(
+      client = described_class.new(
         encrypted_fields: { 'FooJob' => { 1 => true } }
       )
       expect { client.call('FooJob', message, nil, nil) {} }
@@ -21,9 +24,9 @@ describe SidekiqFieldEncryptor::Client do
 
   describe 'with an encryption key' do
     subject do
-      SidekiqFieldEncryptor::Client.new(
+      described_class.new(
         encryption_key: key,
-        encrypted_fields: { 'FooJob' => { 1 => true, 2 => %w(b d) } }
+        encrypted_fields: { 'FooJob' => { 1 => true, 2 => %w[b d] } }
       )
     end
 
@@ -37,16 +40,16 @@ describe SidekiqFieldEncryptor::Client do
   end
 
   it 'supports setting the encryption algorithm' do
-    key = OpenSSL::Cipher::Cipher.new('aes-128-cbc').random_key
-    fields = { 'FooJob' => { 1 => true, 2 => %w(b d) } }
+    key = OpenSSL::Cipher.new('aes-128-cbc').random_key
+    fields = { 'FooJob' => { 1 => true, 2 => %w[b d] } }
 
-    ko = SidekiqFieldEncryptor::Client.new(
+    ko = described_class.new(
       encryption_key: key,
       encryption_algorithm: 'aes-256-cbc',
       encrypted_fields: fields
     )
 
-    ok = SidekiqFieldEncryptor::Client.new(
+    ok = described_class.new(
       encryption_key: key,
       encryption_algorithm: 'aes-128-cbc',
       encrypted_fields: fields
@@ -60,7 +63,7 @@ describe SidekiqFieldEncryptor::Client do
 end
 
 describe SidekiqFieldEncryptor::Server do
-  let(:key) { OpenSSL::Cipher::Cipher.new('aes-256-cbc').random_key }
+  let(:key) { OpenSSL::Cipher.new('aes-256-cbc').random_key }
   let(:message) do
     { 'class' => 'FooJob', 'args' => [1, 2, { 'a' => 'A', 'b' => 'B' }] }
   end
@@ -69,8 +72,9 @@ describe SidekiqFieldEncryptor::Server do
     it "doesn't fail when decryption isn't attempted" do
       subject.call('FooJob', message, nil) {}
     end
+
     it 'fails when decryption is attempted' do
-      server = SidekiqFieldEncryptor::Server.new(
+      server = described_class.new(
         encrypted_fields: { 'FooJob' => { 1 => true } }
       )
       expect { server.call('FooJob', message, nil) {} }
@@ -80,9 +84,9 @@ describe SidekiqFieldEncryptor::Server do
 
   describe 'with an encryption key' do
     subject do
-      SidekiqFieldEncryptor::Server.new(
+      described_class.new(
         encryption_key: key,
-        encrypted_fields: { 'FooJob' => { 1 => true, 2 => %w(b d) } }
+        encrypted_fields: { 'FooJob' => { 1 => true, 2 => %w[b d] } }
       )
     end
 
@@ -95,16 +99,16 @@ describe SidekiqFieldEncryptor::Server do
     end
 
     it 'supports setting the encryption algorithm' do
-      key = OpenSSL::Cipher::Cipher.new('aes-128-cbc').random_key
+      key = OpenSSL::Cipher.new('aes-128-cbc').random_key
       fields = { 'FooJob' => { 1 => true } }
 
-      ko = SidekiqFieldEncryptor::Server.new(
+      ko = described_class.new(
         encryption_key: key,
         encryption_algorithm: 'aes-256-cbc',
         encrypted_fields: fields
       )
 
-      ok = SidekiqFieldEncryptor::Server.new(
+      ok = described_class.new(
         encryption_key: key,
         encryption_algorithm: 'aes-128-cbc',
         encrypted_fields: fields
@@ -117,5 +121,41 @@ describe SidekiqFieldEncryptor::Server do
 
       ok.call('FooJob', message, nil) {}
     end
+
+    it 'fails if the serialization methods are different' do
+      r = described_class.new(
+        encryption_key: key,
+        encrypted_fields: { 'FooJob' => { 1 => true } },
+        serialization_method: SidekiqFieldEncryptor::SERIALIZE_JSON
+      )
+
+      e = SidekiqFieldEncryptor::Client.new(
+        encryption_key: key,
+        encrypted_fields: { 'FooJob' => { 1 => true } },
+        serialization_method: SidekiqFieldEncryptor::SERIALIZE_MARHSALL
+      )
+
+      message['args'][1] = e.encrypt(message['args'][1])
+      expect { r.call('FooJob', message, nil) {} }
+        .to raise_error(/invalid serialization_method/i)
+    end
+
+    it 'allows compat serialization' do
+      r = described_class.new(
+        encryption_key: key,
+        encrypted_fields: { 'FooJob' => { 1 => true } },
+        serialization_method: SidekiqFieldEncryptor::SERIALIZE_JSON,
+        serialization_compat: true
+      )
+
+      e = SidekiqFieldEncryptor::Client.new(
+        encryption_key: key,
+        encrypted_fields: { 'FooJob' => { 1 => true } },
+        serialization_method: SidekiqFieldEncryptor::SERIALIZE_MARHSALL
+      )
+
+      message['args'][1] = e.encrypt(message['args'][1])
+      r.call('FooJob', message, nil) {}
+    end
   end
 end

data/spec/spec_helper.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
 $LOAD_PATH.unshift(File.dirname(__FILE__))
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sidekiq-field-encryptor
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.3.0
 platform: ruby
 authors:
 - Blake Pettersson
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-12-02 00:00:00.000000000 Z
+date: 2024-10-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: encryptor
@@ -39,7 +39,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: aptible-tasks
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -53,21 +53,21 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3.12'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3.12'
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: rubocop-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -87,13 +87,18 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/CODEOWNERS"
+- ".github/workflows/test.yml"
 - ".gitignore"
 - ".rspec"
-- ".travis.yml"
+- ".rubocop-https---raw-githubusercontent-com-aptible-dryer-lint-main--rubocop-base-yml"
+- ".rubocop.yml"
+- ".rubocop_ignore.yml"
 - Gemfile
 - LICENSE.md
 - README.md
 - Rakefile
+- SECURITY.md
 - lib/sidekiq-field-encryptor.rb
 - lib/sidekiq-field-encryptor/encryptor.rb
 - lib/sidekiq-field-encryptor/version.rb
@@ -103,8 +108,9 @@ files:
 homepage: https://github.com/aptible/sidekiq-field-encryptor
 licenses:
 - MIT
-metadata: {}
-post_install_message: 
+metadata:
+  rubygems_mfa_required: 'true'
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -119,11 +125,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.4.5.1
-signing_key: 
+rubygems_version: 3.5.3
+signing_key:
 specification_version: 4
 summary: Selectively encrypt fields sent into Sidekiq
-test_files:
-- spec/sidekiq-field-encryptor/encryptor_spec.rb
-- spec/spec_helper.rb
+test_files: []

data/.travis.yml

@@ -1,3 +0,0 @@
-rvm:
-  - "2.1"
-  - 2.0.0