couch2pg
Advanced tools
Comparing version 0.7.0 to 0.7.1
@@ -27,2 +27,11 @@ var _ = require('underscore'), | ||
const removeSecurityDetails = function(doc) { | ||
const isUserDoc = doc && doc.type === 'user' && doc._id.startsWith('org.couchdb.user:'); | ||
if (isUserDoc) { | ||
delete doc.password_scheme; | ||
delete doc.derived_key; | ||
delete doc.salt; | ||
} | ||
}; | ||
var deleteDocuments = function(db, postgresTable, docIdsToDelete) { | ||
@@ -99,12 +108,9 @@ if (docIdsToDelete && docIdsToDelete.length) { | ||
var insertSql = format( | ||
INSERT_DOC_STMT, | ||
postgresTable, | ||
couchDbResult.rows.map(function(row) { | ||
return [row.doc]; | ||
}) | ||
); | ||
const docsToInsert = couchDbResult.rows.map(function(row) { | ||
removeSecurityDetails(row.doc); | ||
return [row.doc]; | ||
}); | ||
let insertSql = format(INSERT_DOC_STMT, postgresTable, docsToInsert); | ||
insertSql = sanitise(insertSql); | ||
return db.query(insertSql); | ||
@@ -111,0 +117,0 @@ }).then(function() { |
{ | ||
"name": "couch2pg", | ||
"version": "0.7.0", | ||
"version": "0.7.1", | ||
"bin": { | ||
@@ -5,0 +5,0 @@ "couch2pg": "./cli.js" |
@@ -22,3 +22,3 @@ # couch2pg | ||
``` | ||
npm install -g couch2pg` | ||
npm install -g couch2pg | ||
couch2pg --help | ||
@@ -25,0 +25,0 @@ ``` |
@@ -74,2 +74,46 @@ require('es6-promise').polyfill(); | ||
}); | ||
it('removes security information from user docs', function () { | ||
const userDocId = 'org.couchdb.user:test_user'; | ||
sinon.stub(db, 'one').resolves(STORED_SEQ); | ||
sinon.stub(couchdb, 'changes') | ||
.onCall(0).resolves({ | ||
results: [ | ||
{ id: userDocId, seq: 1 }, | ||
], | ||
last_seq: 2 | ||
}) | ||
.onCall(1).resolves({ | ||
results: [], | ||
last_seq: 2 | ||
}); | ||
const query = sinon.stub(db, 'query').resolves(); | ||
const allDocs = sinon.stub(couchdb, 'allDocs'); | ||
allDocs.resolves({ | ||
rows: [{ | ||
id: userDocId, | ||
doc: { | ||
_id: userDocId, | ||
_rev: '3-37b63ea82ca461bfa6b3d4cfda7dbf88', | ||
name: 'test_user', | ||
type: 'user', | ||
roles: ['chw'], | ||
facility_id: 'c0ca5e2b-508a-4ba7-b934-f6e4751223bf', | ||
password_scheme: 'pbkdf2', | ||
iterations: 10, | ||
derived_key: '5ccbfab2b06a67450c3fbcda9fc0f4e27e5ba957', | ||
salt: '713733ce185df96773d6bd4a860749ee' | ||
} | ||
}], | ||
}); | ||
return importer(db, couchdb).importBatch().then(function() { | ||
allDocs.args[0][0].keys.should.deep.equal([userDocId]); | ||
query.args[1][0].should.include(`INSERT INTO couchdb (doc) VALUES ('{"_id":"${userDocId}"`); | ||
query.args[1][0].should.include(`"roles":["chw"],`); | ||
query.args[1][0].should.not.include('derived_key'); | ||
query.args[1][0].should.not.include('salt'); | ||
query.args[1][0].should.not.include('password_scheme'); | ||
}); | ||
}) | ||
}); | ||
@@ -76,0 +120,0 @@ |
Sorry, the diff of this file is not supported yet
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 6 instances in 1 package
50299
22
886
12
2