symmetric-encryption 4.0.0 → 4.0.1

data/lib/symmetric_encryption/encoder.rb

@@ -76,4 +76,3 @@ module SymmetricEncryption
     end
   end
 end
-

data/lib/symmetric_encryption/exception.rb

@@ -1,5 +1,4 @@
 module SymmetricEncryption
-
   # Exceptions created by SymmetricEncryption
   class Error < StandardError
   end
@@ -11,5 +10,4 @@ module SymmetricEncryption
   # Exceptions when trying to use the keys before they have been configured
   class ConfigError < Error
   end
-
 end

data/lib/symmetric_encryption/extensions/active_record/base.rb

@@ -36,7 +36,11 @@ module ActiveRecord #:nodoc:
     def self.attr_encrypted(*params)
       # Ensure ActiveRecord has created all its methods first
       # Ignore failures since the table may not yet actually exist
-      define_attribute_methods rescue nil
+      begin
+        define_attribute_methods
+      rescue StandardError
+        nil
+      end
 
       options = params.last.is_a?(Hash) ? params.pop.dup : {}
 
@@ -102,6 +106,5 @@ module ActiveRecord #:nodoc:
     def self.encrypted_column?(attribute)
       encrypted_columns.include?(attribute)
     end
-
   end
 end

data/lib/symmetric_encryption/extensions/mongo_mapper/plugins/encrypted_key.rb

@@ -16,15 +16,15 @@ module MongoMapper
         Date       => :date,
         Boolean    => :boolean,
         Hash       => :json
-      }
+      }.freeze
 
       module ClassMethods
-        def encrypted_key(key_name, type, full_options={})
+        def encrypted_key(key_name, type, full_options = {})
           full_options = full_options.is_a?(Hash) ? full_options.dup : {}
           options      = full_options.delete(:encrypted) || {}
           # Support overriding the name of the decrypted attribute
           encrypted_key_name = options.delete(:encrypt_as) || "encrypted_#{key_name}"
-          options[:type]     = COERCION_MAP[type] unless [:yaml, :json].include?(options[:type])
+          options[:type]     = COERCION_MAP[type] unless %i[yaml json].include?(options[:type])
 
           raise(ArgumentError, "Invalid type: #{type.inspect}. Valid types: #{COERCION_MAP.keys.join(',')}") unless options[:type]
 
@@ -32,9 +32,7 @@ module MongoMapper
 
           key(encrypted_key_name, String, full_options)
         end
-
       end
-
     end
   end
 end

data/lib/symmetric_encryption/extensions/mongoid/encrypted.rb

@@ -105,5 +105,3 @@ Mongoid::Fields.option :encrypted do |model, field, options|
     SymmetricEncryption::Generator.generate_decrypted_accessors(model, decrypted_field_name, encrypted_field_name, options)
   end
 end
-
-

data/lib/symmetric_encryption/generator.rb

@@ -8,7 +8,7 @@ module SymmetricEncryption
       compress  = options.delete(:compress) || false
       type      = options.delete(:type) || :string
 
-      raise(ArgumentError, "SymmetricEncryption Invalid options #{options.inspect} when encrypting '#{decrypted_name}'") if options.size > 0
+      raise(ArgumentError, "SymmetricEncryption Invalid options #{options.inspect} when encrypting '#{decrypted_name}'") unless options.empty?
       raise(ArgumentError, "Invalid type: #{type.inspect}. Valid types: #{SymmetricEncryption::COERCION_TYPES.inspect}") unless SymmetricEncryption::COERCION_TYPES.include?(type)
 
       if model.const_defined?(:EncryptedAttributes, _search_ancestors = false)
@@ -19,7 +19,7 @@ module SymmetricEncryption
       end
 
       # Generate getter and setter methods
-      mod.module_eval(<<-EOS, __FILE__, __LINE__ + 1)
+      mod.module_eval(<<~ACCESSORS, __FILE__, __LINE__ + 1)
         # Set the un-encrypted field
         # Also updates the encrypted field with the encrypted value
         # Freeze the decrypted field value so that it is not modified directly
@@ -45,7 +45,7 @@ module SymmetricEncryption
         def #{decrypted_name}_changed?
           #{encrypted_name}_changed?
         end
-      EOS
+      ACCESSORS
     end
   end
 end

data/lib/symmetric_encryption/header.rb

@@ -78,7 +78,7 @@ module SymmetricEncryption
                    auth_tag: nil)
 
       @version     = version
-      @compress  = compress
+      @compress    = compress
       @iv          = iv
       @key         = key
       @cipher_name = cipher_name
@@ -111,7 +111,7 @@ module SymmetricEncryption
     #     String to extract the header from
     def parse!(buffer)
       offset = parse(buffer)
-      return if offset == 0
+      return if offset.zero?
       buffer.slice!(0..offset - 1)
       buffer
     end
@@ -153,7 +153,13 @@ module SymmetricEncryption
       self.version = buffer.getbyte(offset)
       offset       += 1
 
-      raise(SymmetricEncryption::CipherError, "Cipher with version:#{version.inspect} not found in any of the configured SymmetricEncryption ciphers") unless cipher
+      unless cipher
+        raise(
+          SymmetricEncryption::CipherError,
+          "Cipher with version:#{version.inspect} not found in any of the configured SymmetricEncryption ciphers"
+        )
+      end
+
       flags  = buffer.getbyte(offset)
       offset += 1
 
@@ -255,6 +261,5 @@ module SymmetricEncryption
       out    = buffer.byteslice(offset, len)
       [out, offset + len]
     end
-
   end
 end

data/lib/symmetric_encryption/key.rb

@@ -12,7 +12,7 @@ module SymmetricEncryption
     # * encrypted_key
     # * key_filename
     def self.from_config(key: nil, key_filename: nil, encrypted_key: nil, key_env_var: nil,
-      iv:, key_encrypting_key: nil, cipher_name: 'aes-256-cbc')
+                         iv:, key_encrypting_key: nil, cipher_name: 'aes-256-cbc')
 
       if key_encrypting_key.is_a?(Hash)
         # Recurse up the chain returning the parent key_encrypting_key
@@ -21,12 +21,12 @@ module SymmetricEncryption
 
       key ||=
         if encrypted_key
-          raise(ArgumentError, "Missing mandatory :key_encrypting_key when config includes :encrypted_key") unless key_encrypting_key
+          raise(ArgumentError, 'Missing mandatory :key_encrypting_key when config includes :encrypted_key') unless key_encrypting_key
           Keystore::Memory.new(encrypted_key: encrypted_key, key_encrypting_key: key_encrypting_key).read
         elsif key_filename
           Keystore::File.new(file_name: key_filename, key_encrypting_key: key_encrypting_key).read
         elsif key_env_var
-          raise(ArgumentError, "Missing mandatory :key_encrypting_key when config includes :key_env_var") unless key_encrypting_key
+          raise(ArgumentError, 'Missing mandatory :key_encrypting_key when config includes :key_env_var') unless key_encrypting_key
           Keystore::Environment.new(key_env_var: key_env_var, key_encrypting_key: key_encrypting_key).read
         end
 
@@ -101,6 +101,5 @@ module SymmetricEncryption
       result = openssl_cipher.update(encrypted_string)
       result << openssl_cipher.final
     end
-
   end
 end

data/lib/symmetric_encryption/keystore.rb

@@ -1,10 +1,11 @@
 module SymmetricEncryption
+  # Encryption keys are secured in Keystores
   module Keystore
-    #@formatter:off
+    # @formatter:off
     autoload :Environment, 'symmetric_encryption/keystore/environment'
     autoload :File,        'symmetric_encryption/keystore/file'
     autoload :Memory,      'symmetric_encryption/keystore/memory'
-    #@formatter:on
+    # @formatter:on
 
     # Returns [Hash] a new configuration file after performing key rotation.
     #
@@ -44,12 +45,12 @@ module SymmetricEncryption
 
         cipher_name    = config[:cipher_name] || 'aes-256-cbc'
         new_key_config =
-          if config.has_key?(:key_filename)
+          if config.key?(:key_filename)
             key_path = ::File.dirname(config[:key_filename])
             Keystore::File.new_key_config(key_path: key_path, cipher_name: cipher_name, app_name: app_name, version: version, environment: environment)
-          elsif config.has_key?(:key_env_var)
+          elsif config.key?(:key_env_var)
             Keystore::Environment.new_key_config(cipher_name: cipher_name, app_name: app_name, version: version, environment: environment)
-          elsif config.has_key?(:encrypted_key)
+          elsif config.key?(:encrypted_key)
             Keystore::Memory.new_key_config(cipher_name: cipher_name, app_name: app_name, version: version, environment: environment)
           end
 
@@ -88,12 +89,12 @@ module SymmetricEncryption
         key            = Key.from_config(config)
         cipher_name    = key.cipher_name
         new_key_config =
-          if config.has_key?(:key_filename)
+          if config.key?(:key_filename)
             key_path = ::File.dirname(config[:key_filename])
             Keystore::File.new_key_config(key_path: key_path, cipher_name: cipher_name, app_name: app_name, version: version, environment: environment, dek: key)
-          elsif config.has_key?(:key_env_var)
+          elsif config.key?(:key_env_var)
             Keystore::Environment.new_key_config(cipher_name: cipher_name, app_name: app_name, version: version, environment: environment, dek: key)
-          elsif config.has_key?(:encrypted_key)
+          elsif config.key?(:encrypted_key)
             Keystore::Memory.new_key_config(cipher_name: cipher_name, app_name: app_name, version: version, environment: environment, dek: key)
           end
 
@@ -121,6 +122,5 @@ module SymmetricEncryption
           ]
       }
     end
-
   end
 end

data/lib/symmetric_encryption/keystore/environment.rb

@@ -7,14 +7,14 @@ module SymmetricEncryption
       # Returns [Hash] initial configuration for heroku.
       # Displays the keys that need to be added to the heroku environment.
       def self.new_config(app_name: 'symmetric-encryption',
-        environments: %i(development test release production),
-        cipher_name: 'aes-256-cbc')
+                          environments: %i[development test release production],
+                          cipher_name: 'aes-256-cbc')
 
         configs = {}
         environments.each do |environment|
           environment          = environment.to_sym
           configs[environment] =
-            if %i(development test).include?(environment)
+            if %i[development test].include?(environment)
               Keystore.dev_config
             else
               cfg = new_key_config(cipher_name: cipher_name, app_name: app_name, environment: environment)
@@ -35,7 +35,7 @@ module SymmetricEncryption
         kek = SymmetricEncryption::Key.new(cipher_name: cipher_name)
         dek ||= SymmetricEncryption::Key.new(cipher_name: cipher_name)
 
-        key_env_var = "#{app_name}_#{environment}_v#{version}".upcase.gsub('-', '_')
+        key_env_var = "#{app_name}_#{environment}_v#{version}".upcase.tr('-', '_')
         new(key_env_var: key_env_var, key_encrypting_key: kek).write(dek.key)
 
         {
@@ -45,7 +45,7 @@ module SymmetricEncryption
           iv:                 dek.iv,
           key_encrypting_key: {
             key: kek.key,
-            iv:  kek.iv,
+            iv:  kek.iv
           }
         }
       end
@@ -75,7 +75,7 @@ module SymmetricEncryption
         puts
         puts "Or, if using environment variables on another system set the environment variable as follows:\n\n"
         puts "  export #{key_env_var}=\"#{encoder.encode(encrypted_key)}\"\n\n"
-        puts "********************************************************************************"
+        puts '********************************************************************************'
       end
 
       private
@@ -84,7 +84,6 @@ module SymmetricEncryption
       def encoder
         @encoder ||= SymmetricEncryption::Encoder[encoding]
       end
-
     end
   end
 end

data/lib/symmetric_encryption/keystore/file.rb

@@ -6,15 +6,15 @@ module SymmetricEncryption
       # Returns [Hash] initial configuration.
       # Generates the encrypted key file for every environment except development and test.
       def self.new_config(key_path: '/etc/symmetric-encryption',
-        app_name: 'symmetric-encryption',
-        environments: %i(development test release production),
-        cipher_name: 'aes-256-cbc')
+                          app_name: 'symmetric-encryption',
+                          environments: %i[development test release production],
+                          cipher_name: 'aes-256-cbc')
 
         configs = {}
         environments.each do |environment|
           environment          = environment.to_sym
           configs[environment] =
-            if %i(development test).include?(environment)
+            if %i[development test].include?(environment)
               Keystore.dev_config
             else
               cfg = new_key_config(key_path: key_path, cipher_name: cipher_name, app_name: app_name, environment: environment)
@@ -84,7 +84,7 @@ module SymmetricEncryption
 
       # Read from the file, raising an exception if it is not found
       def read_from_file
-        ::File.open(file_name, 'rb') { |f| f.read }
+        ::File.open(file_name, 'rb', &:read)
       rescue Errno::ENOENT
         raise(SymmetricEncryption::ConfigError, "Symmetric Encryption key file: '#{file_name}' not found or readable")
       end
@@ -96,7 +96,6 @@ module SymmetricEncryption
         ::File.rename(file_name, "#{file_name}.#{Time.now.to_i}") if ::File.exist?(file_name)
         ::File.open(file_name, 'wb') { |file| file.write(data) }
       end
-
     end
   end
 end

data/lib/symmetric_encryption/keystore/memory.rb

@@ -1,5 +1,6 @@
 module SymmetricEncryption
   module Keystore
+    # In Memory Keystore usually used for testing purposes
     class Memory
       attr_accessor :key_encrypting_key
       attr_reader :encrypted_key
@@ -26,7 +27,7 @@ module SymmetricEncryption
           iv:                 iv,
           key_encrypting_key: {
             key: kek.key,
-            iv:  kek.iv,
+            iv:  kek.iv
           }
         }
       end
@@ -47,7 +48,6 @@ module SymmetricEncryption
       def write(key)
         self.encrypted_key = key_encrypting_key.encrypt(key)
       end
-
     end
   end
 end

data/lib/symmetric_encryption/railtie.rb

@@ -1,7 +1,5 @@
-# encoding: utf-8
 module SymmetricEncryption #:nodoc:
   class Railtie < Rails::Railtie #:nodoc:
-
     # Exposes Symmetric Encryption's configuration to the Rails application configuration.
     #
     # @example Set up configuration in the Rails app.
@@ -31,23 +29,22 @@ module SymmetricEncryption #:nodoc:
     config.before_configuration do
       # Check if already configured
       unless ::SymmetricEncryption.cipher?
-        app_name = Rails::Application.subclasses.first.parent.to_s.underscore
+        app_name    = Rails::Application.subclasses.first.parent.to_s.underscore
         config_file = Rails.root.join('config', 'symmetric-encryption.yml')
         if config_file.file?
           begin
-            ::SymmetricEncryption::Config.load!(file_name: config_file, env: Rails.env)
+            ::SymmetricEncryption::Config.load!(file_name: config_file, env: ENV['SYMMETRIC_ENCRYPTION_ENV'] || Rails.env)
           rescue ArgumentError => exc
             puts "\nSymmetric Encryption not able to read keys."
             puts "#{exc.class.name} #{exc.message}"
-            puts "To generate a new config file and key files: symmetric-encryption --generate --key-path /etc/#{app_name} --app_name #{app_name}\n\n"
+            puts "To generate a new config file and key files: symmetric-encryption --generate --key-path /etc/#{app_name} --app-name #{app_name}\n\n"
             raise(exc)
           end
         else
           puts "\nSymmetric Encryption config not found."
-          puts "To generate a new config file and key files: symmetric-encryption --generate --key-path /etc/#{app_name} --app_name #{app_name}\n\n"
+          puts "To generate a new config file and key files: symmetric-encryption --generate --key-path /etc/#{app_name} --app-name #{app_name}\n\n"
         end
       end
     end
-
   end
 end

data/lib/symmetric_encryption/railties/symmetric_encryption_validator.rb

@@ -13,6 +13,7 @@
 #  #  => true
 class SymmetricEncryptionValidator < ActiveModel::EachValidator
   def validate_each(record, attribute, value)
-    record.errors.add(attribute, 'must be a value encrypted using SymmetricEncryption.encrypt') unless SymmetricEncryption.encrypted?(value)
+    return if value.blank? || SymmetricEncryption.encrypted?(value)
+    record.errors.add(attribute, 'must be a value encrypted using SymmetricEncryption.encrypt')
   end
 end

data/lib/symmetric_encryption/reader.rb

@@ -59,11 +59,11 @@ module SymmetricEncryption
     # ensure
     #   csv.close if csv
     # end
-    def self.open(file_name_or_stream, buffer_size: 16384, **args, &block)
+    def self.open(file_name_or_stream, buffer_size: 16_384, **args, &block)
       ios = file_name_or_stream.is_a?(String) ? ::File.open(file_name_or_stream, 'rb') : file_name_or_stream
 
       begin
-        file = self.new(ios, buffer_size: buffer_size, **args)
+        file = new(ios, buffer_size: buffer_size, **args)
         file = Zlib::GzipReader.new(file) if !file.eof? && file.compressed?
         block ? block.call(file) : file
       ensure
@@ -76,7 +76,7 @@ module SymmetricEncryption
     # Notes:
     # * Do not use this method for reading large files.
     def self.read(file_name_or_stream, **args)
-      open(file_name_or_stream, **args) { |f| f.read }
+      self.open(file_name_or_stream, **args, &:read)
     end
 
     # Decrypt an entire file.
@@ -97,23 +97,21 @@ module SymmetricEncryption
     #
     # Notes:
     # * The file contents are streamed so that the entire file is _not_ loaded into memory.
-    def self.decrypt(source:, target:, block_size: 65535, **args)
+    def self.decrypt(source:, target:, block_size: 65_535, **args)
       target_ios    = target.is_a?(String) ? ::File.open(target, 'wb') : target
       bytes_written = 0
-      open(source, **args) do |input_ios|
-        while !input_ios.eof?
-          bytes_written += target_ios.write(input_ios.read(block_size))
-        end
+      self.open(source, **args) do |input_ios|
+        bytes_written += target_ios.write(input_ios.read(block_size)) until input_ios.eof?
       end
       bytes_written
     ensure
-      target_ios.close if target_ios && target_ios.respond_to?(:closed?) && !target_ios.closed?
+      target_ios.close if target_ios&.respond_to?(:closed?) && !target_ios.closed?
     end
 
     # Returns [true|false] whether the file or stream contains any data
     # excluding the header should it have one
     def self.empty?(file_name_or_stream)
-      open(file_name_or_stream) { |file| file.eof? }
+      open(file_name_or_stream, &:eof?)
     end
 
     # Returns [true|false] whether the file contains the encryption header
@@ -161,9 +159,7 @@ module SymmetricEncryption
     #
     # Note: When no header is present, the version is set to the one supplied
     #       in the options
-    def version
-      @version
-    end
+    attr_reader :version
 
     # Close the IO Stream
     #
@@ -198,19 +194,17 @@ module SymmetricEncryption
     #
     # At end of file, it returns nil if no more data is available, or the last
     # remaining bytes
-    def read(length=nil)
+    def read(length = nil)
       data = nil
       if length
-        return '' if length == 0
+        return '' if length.zero?
         return nil if eof?
         # Read length bytes
-        while (@read_buffer.length < length) && !@ios.eof?
-          read_block
-        end
-        if @read_buffer.length == 0
+        read_block while (@read_buffer.length < length) && !@ios.eof?
+        if @read_buffer.empty?
           data = nil
         elsif @read_buffer.length > length
-          data = @read_buffer.slice!(0..length-1)
+          data = @read_buffer.slice!(0..length - 1)
         else
           data         = @read_buffer
           @read_buffer = ''
@@ -220,10 +214,10 @@ module SymmetricEncryption
         data         = @read_buffer
         @read_buffer = ''
 
-        if !@ios.eof?
+        unless @ios.eof?
           # Read entire file
           buf = @ios.read || ''
-          data << @stream_cipher.update(buf) if buf && buf.length > 0
+          data << @stream_cipher.update(buf) if buf && !buf.empty?
           data << @stream_cipher.final
         end
       end
@@ -235,14 +229,14 @@ module SymmetricEncryption
     # Raises EOFError on eof
     # The stream must be opened for reading or an IOError will be raised.
     def readline(sep_string = "\n")
-      gets(sep_string) || raise(EOFError.new('End of file reached when trying to read a line'))
+      gets(sep_string) || raise(EOFError, 'End of file reached when trying to read a line')
     end
 
     # Reads a single decrypted line from the file up to and including the optional sep_string.
     # A sep_string of nil reads the entire contents of the file
     # Returns nil on eof
     # The stream must be opened for reading or an IOError will be raised.
-    def gets(sep_string, length=nil)
+    def gets(sep_string, length = nil)
       return read(length) if sep_string.nil?
 
       # Read more data until we get the sep_string
@@ -253,7 +247,7 @@ module SymmetricEncryption
       index ||= -1
       data  = @read_buffer.slice!(0..index)
       @pos  += data.length
-      return nil if data.length == 0 && eof?
+      return nil if data.empty? && eof?
       data
     end
 
@@ -262,23 +256,19 @@ module SymmetricEncryption
     # Executes the block for every line in ios, where lines are separated by sep_string.
     # ios must be opened for reading or an IOError will be raised.
     def each_line(sep_string = "\n")
-      while !eof?
-        yield gets(sep_string)
-      end
+      yield gets(sep_string) until eof?
       self
     end
 
-    alias_method :each, :each_line
+    alias each each_line
 
     # Returns whether the end of file has been reached for this stream
     def eof?
-      (@read_buffer.size == 0) && @ios.eof?
+      @read_buffer.empty? && @ios.eof?
     end
 
     # Return the number of bytes read so far from the input stream
-    def pos
-      @pos
-    end
+    attr_reader :pos
 
     # Rewind back to the beginning of the file
     def rewind
@@ -299,7 +289,7 @@ module SymmetricEncryption
     #          then re-read upto the point specified
     # WARNING: IO::SEEK_END will read the entire file and then again
     #          upto the point specified
-    def seek(amount, whence=IO::SEEK_SET)
+    def seek(amount, whence = IO::SEEK_SET)
       offset = 0
       case whence
       when IO::SEEK_SET
@@ -317,7 +307,7 @@ module SymmetricEncryption
         # Read and decrypt entire file a block at a time to get its total
         # unencrypted size
         size = 0
-        while !eof
+        until eof
           read_block
           size         += @read_buffer.size
           @read_buffer = ''
@@ -327,7 +317,7 @@ module SymmetricEncryption
       else
         raise(ArgumentError, "unknown whence:#{whence} supplied to seek()")
       end
-      read(offset) if offset > 0
+      read(offset) if offset.positive?
       0
     end
 
@@ -364,7 +354,7 @@ module SymmetricEncryption
       @stream_cipher.iv  = iv || cipher.iv
 
       # First call to #update should return an empty string anyway
-      if buf && buf.length > 0
+      if buf && !buf.empty?
         @read_buffer = @stream_cipher.update(buf)
         @read_buffer << @stream_cipher.final if @ios.eof?
       else
@@ -375,13 +365,12 @@ module SymmetricEncryption
     # Read a block of data and append the decrypted data in the read buffer
     def read_block
       buf = @ios.read(@buffer_size)
-      @read_buffer << @stream_cipher.update(buf) if buf && buf.length > 0
+      @read_buffer << @stream_cipher.update(buf) if buf && !buf.empty?
       @read_buffer << @stream_cipher.final if @ios.eof?
     end
 
     def closed?
       @closed || @ios.respond_to?(:closed?) && @ios.closed?
     end
-
   end
 end