Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

yaml-crypt

Package Overview
Dependencies
Maintainers
1
Versions
37
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

yaml-crypt - npm Package Compare versions

Comparing version 0.6.4 to 0.7.0

44

bin/yaml-crypt-cli.js

@@ -22,3 +22,8 @@ #!/usr/bin/env node

} = require("../lib/yaml-crypt");
const { UsageError, safeDumpAll, tryDecrypt } = require("../lib/utils");
const {
UsageError,
safeDumpAll,
tryDecrypt,
walkValues
} = require("../lib/utils");
const { walk } = require("../lib/yaml-crypt-helper");

@@ -152,2 +157,7 @@

});
parser.addArgument(["--query"], {
metavar: "<yaml-query>",
help:
"Output the value for the given YAML query path. Uses the same syntax as the --path option"
});
parser.addArgument(["--raw"], {

@@ -237,5 +247,11 @@ action: "storeTrue",

}
if (args.raw && args.query) {
throw new UsageError("cannot combine --raw and --query!");
}
if (args.edit && args.path) {
throw new UsageError("cannot combine --edit and --path!");
}
if (args.edit && args.query) {
throw new UsageError("cannot combine --edit and --query!");
}
if (args.edit && args.keep) {

@@ -267,2 +283,8 @@ throw new UsageError("cannot combine --edit and --keep!");

}
if (args.query && args.file.length) {
throw new UsageError("option --query only valid when reading from stdin!");
}
if (args.query && !args.decrypt) {
throw new UsageError("option --query must be combined with --decrypt!");
}
if (args.generate_key && args.write_key) {

@@ -413,3 +435,19 @@ throw new UsageError("cannot combine --generate-key and --write-key!");

const objs = crypt.decryptAll(str, opts);
result = safeDumpAll(objs);
if (args.query) {
const arr = [];
for (const obj of objs) {
walkValues(
obj,
args.query,
() => true,
v => arr.push(v)
);
}
result =
arr
.map(v => (typeof v === "string" ? v : JSON.stringify(v)))
.join("\n") + "\n";
} else {
result = safeDumpAll(objs);
}
}

@@ -725,3 +763,3 @@ output.write(result);

const tmpFile = tmp.fileSync({ dir: dir, postfix: ".yaml", keep: true });
const tmpFile = tmp.fileSync({ tmpdir: dir, postfix: ".yaml", keep: true });
try {

@@ -728,0 +766,0 @@ const opts = { base64: args.base64, algorithm: algorithm, raw: args.raw };

117

lib/yaml-crypt-helper.js
const fs = require("fs");
const path = require("path");
const yaml = require("js-yaml");
const yamlcrypt = require("./yaml-crypt");
function safeDumpAll(objs, opts) {
let str = "";
for (let idx = 0; idx < objs.length; idx++) {
if (idx > 0) {
str += "---\n";
}
str += yaml.safeDump(objs[idx], opts);
}
return str;
}
function transform(content, keys, encryptionKey, opts, callback) {
let key = null;
let objs = [];
for (const k of keys) {
const tmp = [];
try {
const opts_ = Object.assign({ objects: true }, opts);
const crypt = yamlcrypt.decrypt(k, opts_);
crypt.safeLoadAll(content, obj => tmp.push(obj));
} catch (e) {
continue;
}
key = k;
objs = tmp;
break;
}
if (!key) {
throw new Error("no matching key to decrypt the given data!");
}
if (!encryptionKey) {
encryptionKey = key;
}
const reencrypt = key !== encryptionKey;
function processValues() {}
let index = 0;
const types = [];
for (const obj of objs) {
processValues(
obj,
null,
v => v instanceof yamlcrypt.Plaintext,
t => {
const knownText = new _KnownText(t, index++, t.algorithm);
types.push(_knownTextType(knownText, reencrypt));
return knownText;
}
);
}
_newTextTypes().forEach(t => types.push(t));
const schema = yaml.Schema.create(types);
const str = safeDumpAll(objs, { schema: schema });
const transformed = callback(str);
const result = [];
yaml.safeLoadAll(transformed, obj => result.push(obj), { schema: schema });
const crypt = yamlcrypt.encrypt(encryptionKey, opts);
return crypt.safeDumpAll(result);
}
class _KnownText {
constructor(plaintext, index, algorithm) {
this.plaintext = plaintext;
this.index = index;
this.algorithm = algorithm;
}
}
function _knownTextType(knownText, reencrypt) {
return new yaml.Type("!yaml-crypt/:" + knownText.index, {
kind: "scalar",
instanceOf: _KnownText,
predicate: data => data.index === knownText.index,
represent: data => data.plaintext.plaintext,
construct: data => {
if (!reencrypt && data === knownText.plaintext.plaintext) {
return knownText.plaintext;
} else {
return new yamlcrypt.Plaintext(data, null, knownText.algorithm);
}
}
});
}
function _newTextTypes() {
const keys = [{ type: "!yaml-crypt", algorithm: yamlcrypt.algorithms[0] }];
for (const algorithm of yamlcrypt.algorithms) {
// also allow the usage of just the algorithm name, without version:
const split = algorithm.split(":", 2);
keys.push({ type: "!yaml-crypt/" + split[0], algorithm: algorithm });
keys.push({ type: "!yaml-crypt/" + algorithm, algorithm: algorithm });
}
return keys.map(
key =>
new yaml.Type(key.type, {
kind: "scalar",
represent: data => data,
construct: data => new yamlcrypt.Plaintext(data, null, key.algorithm)
})
);
}
function walk(dir, recursive, callback) {

@@ -134,4 +19,2 @@ const files = fs.readdirSync(dir);

module.exports.safeDumpAll = safeDumpAll;
module.exports.transform = transform;
module.exports.walk = walk;
{
"name": "yaml-crypt",
"version": "0.6.4",
"version": "0.7.0",
"description": "Encrypt and decrypt YAML documents",

@@ -29,3 +29,3 @@ "license": "MIT",

"fernet": "^0.3.1",
"js-yaml": "^3.13.1",
"js-yaml": "^3.14.0",
"pkginfo": "^0.4.1",

@@ -38,5 +38,5 @@ "tmp": "^0.2.1",

"coveralls": "^3.1.0",
"eslint": "^6.8.0",
"mocha": "^7.1.2",
"nyc": "^15.0.1",
"eslint": "^7.1.0",
"mocha": "^7.2.0",
"nyc": "^15.1.0",
"prettier": "^2.0.5"

@@ -43,0 +43,0 @@ },

@@ -58,2 +58,4 @@ const fs = require("fs");

["--raw", "--path", "."],
["--raw", "--query", "."],
["--edit", "--query", "."],
["--edit", "--encrypt"],

@@ -82,2 +84,14 @@ ["--edit", "--decrypt"],

it("should throw an error when passing query without decrypt", () => {
expect(() => runWithKeyFile(["--query", "."], {}, {})).to.throw(
/must be combined with/
);
});
it("should throw an error when passing query with files", () => {
expect(() => runWithKeyFile(["--query", ".", "x"], {}, {})).to.throw(
/only valid when reading from stdin/
);
});
it("should throw an error when passing invalid algorithm", () => {

@@ -323,2 +337,22 @@ expect(() => runWithKeyFile(["-d", "-a", "x"], {}, {})).to.throw(

it("should decrypt the given input and return the query string", () => {
const config = { keys: [{ key: "aehae5Ui0Eechaeghau9Yoh9jufiep7H" }] };
const options = {
stdin: fs.readFileSync("./test/resources/test-2.yaml-crypt"),
stdout: new Out()
};
yamlcryptcli.run(["-d", "--query", "first"], config, options);
expect(options.stdout.str).to.equal("Hello, world!\n\n");
});
it("should decrypt the given input and return the query object", () => {
const config = { keys: [{ key: "aehae5Ui0Eechaeghau9Yoh9jufiep7H" }] };
const options = {
stdin: fs.readFileSync("./test/resources/test-3.yaml-crypt"),
stdout: new Out()
};
yamlcryptcli.run(["-d", "--query", "a"], config, options);
expect(options.stdout.str).to.equal('{"b":{"c":"secret"}}\n');
});
it("should decrypt the given input when using --raw", () => {

@@ -325,0 +359,0 @@ const config = {

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc