@salesforce/core - npm Package Compare versions

Comparing version 0.16.15 to 0.16.16

dist/lib/authInfo.js

@@ -161,3 +161,3 @@ "use strict";
     static async create() {
-        return await new AuthInfoCrypto().init();
+        return await new AuthInfoCrypto().init(undefined, undefined, true);
     }
@@ -164,0 +164,0 @@ decryptFields(fields) {

dist/lib/crypto.d.ts

@@ -5,2 +5,4 @@ export declare class Crypto {
     private messages;
+    private noResetOnClose;
+    private _key;
     constructor(keyChain?: any);
@@ -13,3 +15,3 @@ /**
      */
-    init(retryStatus?: string, platform?: string): Promise<Crypto>;
+    init(retryStatus?: string, platform?: string, noResetOnClose?: boolean): Promise<Crypto>;
     /**
@@ -16,0 +18,0 @@ * Encrypts text.

dist/lib/crypto.js

@@ -16,6 +16,6 @@ "use strict";
 const keyChain_1 = require("./keyChain");
+const secureBuffer_1 = require("./secureBuffer");
 const TAG_DELIMITER = ':';
 const BYTE_COUNT_FOR_IV = 6;
 const _algo = 'aes-256-gcm';
-let _key = null;
 const KEY_NAME = 'sfdx';
@@ -59,2 +59,3 @@ const ACCOUNT = 'local';
         this.keyChain = keyChain;
+        this._key = new secureBuffer_1.SecureBuffer();
     }
@@ -70,3 +71,3 @@ static async create() {
      */
-    async init(retryStatus, platform) {
+    async init(retryStatus, platform, noResetOnClose = false) {
         const logger = await logger_1.Logger.child('crypto');
@@ -78,6 +79,5 @@ if (!platform) {
         this.messages = messages_1.Messages.loadMessages('@salesforce/core', 'encryption');
+        this.noResetOnClose = noResetOnClose;
         try {
-            let savedKey = await keychainPromises.getPassword(await this.getKeyChain(platform), KEY_NAME, ACCOUNT);
-            _key = savedKey['password'];
-            savedKey = null;
+            this._key.consume(Buffer.from((await keychainPromises.getPassword(await this.getKeyChain(platform), KEY_NAME, ACCOUNT)).password, 'utf8'));
             return this;
@@ -116,3 +116,3 @@ }
         }
-        if (lodash_1.isNil(_key)) {
+        if (lodash_1.isNil(this._key)) {
             const errMsg = this.messages.getMessage('KeychainPasswordCreationError');
@@ -122,7 +122,9 @@ throw new sfdxError_1.SfdxError(errMsg, 'KeychainPasswordCreationError');
         const iv = crypto.randomBytes(BYTE_COUNT_FOR_IV).toString('hex');
-        const cipher = crypto.createCipheriv(_algo, _key, iv);
-        let encrypted = cipher.update(text, 'utf8', 'hex');
-        encrypted += cipher.final('hex');
-        const tag = cipher.getAuthTag().toString('hex');
-        return `${iv}${encrypted}${TAG_DELIMITER}${tag}`;
+        return this._key.value((buffer) => {
+            const cipher = crypto.createCipheriv(_algo, buffer.toString('utf8'), iv);
+            let encrypted = cipher.update(text, 'utf8', 'hex');
+            encrypted += cipher.final('hex');
+            const tag = cipher.getAuthTag().toString('hex');
+            return `${iv}${encrypted}${TAG_DELIMITER}${tag}`;
+        });
     }
@@ -148,17 +150,21 @@ /**
         const secret = tokens[0].substring((BYTE_COUNT_FOR_IV * 2), tokens[0].length);
-        const decipher = crypto.createDecipheriv(_algo, _key, iv);
-        let dec;
-        try {
-            decipher.setAuthTag(Buffer.from(tag, 'hex'));
-            dec = decipher.update(secret, 'hex', 'utf8');
-            dec += decipher.final('utf8');
-        }
-        catch (e) {
-            const errMsg = this.messages.getMessage('AuthDecryptError', [e.message]);
-            throw new sfdxError_1.SfdxError(errMsg, 'AuthDecryptError');
-        }
-        return dec;
+        return this._key.value((buffer) => {
+            const decipher = crypto.createDecipheriv(_algo, buffer.toString('utf8'), iv);
+            let dec;
+            try {
+                decipher.setAuthTag(Buffer.from(tag, 'hex'));
+                dec = decipher.update(secret, 'hex', 'utf8');
+                dec += decipher.final('utf8');
+            }
+            catch (e) {
+                const errMsg = this.messages.getMessage('AuthDecryptError', [e.message]);
+                throw new sfdxError_1.SfdxError(errMsg, 'AuthDecryptError');
+            }
+            return dec;
+        });
     }
     close() {
-        _key = null;
+        if (!this.noResetOnClose) {
+            this._key.clear();
+        }
     }
@@ -165,0 +171,0 @@ async getKeyChain(platform) {

package.json

 {
   "name": "@salesforce/core",
-  "version": "0.16.15",
+  "version": "0.16.16",
   "description": "Core libraries to interact with SFDX projects, orgs, and APIs.",
@@ -5,0 +5,0 @@ "main": "dist/exported",

New alerts

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

1870224

2.78%

Number of package files

118

3.51%

Lines of code

9013

1.49%

No dependency changes