yaml-crypt
Advanced tools
Comparing version 0.6.4 to 0.7.0
@@ -22,3 +22,8 @@ #!/usr/bin/env node | ||
} = require("../lib/yaml-crypt"); | ||
const { UsageError, safeDumpAll, tryDecrypt } = require("../lib/utils"); | ||
const { | ||
UsageError, | ||
safeDumpAll, | ||
tryDecrypt, | ||
walkValues | ||
} = require("../lib/utils"); | ||
const { walk } = require("../lib/yaml-crypt-helper"); | ||
@@ -152,2 +157,7 @@ | ||
}); | ||
parser.addArgument(["--query"], { | ||
metavar: "<yaml-query>", | ||
help: | ||
"Output the value for the given YAML query path. Uses the same syntax as the --path option" | ||
}); | ||
parser.addArgument(["--raw"], { | ||
@@ -237,5 +247,11 @@ action: "storeTrue", | ||
} | ||
if (args.raw && args.query) { | ||
throw new UsageError("cannot combine --raw and --query!"); | ||
} | ||
if (args.edit && args.path) { | ||
throw new UsageError("cannot combine --edit and --path!"); | ||
} | ||
if (args.edit && args.query) { | ||
throw new UsageError("cannot combine --edit and --query!"); | ||
} | ||
if (args.edit && args.keep) { | ||
@@ -267,2 +283,8 @@ throw new UsageError("cannot combine --edit and --keep!"); | ||
} | ||
if (args.query && args.file.length) { | ||
throw new UsageError("option --query only valid when reading from stdin!"); | ||
} | ||
if (args.query && !args.decrypt) { | ||
throw new UsageError("option --query must be combined with --decrypt!"); | ||
} | ||
if (args.generate_key && args.write_key) { | ||
@@ -413,3 +435,19 @@ throw new UsageError("cannot combine --generate-key and --write-key!"); | ||
const objs = crypt.decryptAll(str, opts); | ||
result = safeDumpAll(objs); | ||
if (args.query) { | ||
const arr = []; | ||
for (const obj of objs) { | ||
walkValues( | ||
obj, | ||
args.query, | ||
() => true, | ||
v => arr.push(v) | ||
); | ||
} | ||
result = | ||
arr | ||
.map(v => (typeof v === "string" ? v : JSON.stringify(v))) | ||
.join("\n") + "\n"; | ||
} else { | ||
result = safeDumpAll(objs); | ||
} | ||
} | ||
@@ -725,3 +763,3 @@ output.write(result); | ||
const tmpFile = tmp.fileSync({ dir: dir, postfix: ".yaml", keep: true }); | ||
const tmpFile = tmp.fileSync({ tmpdir: dir, postfix: ".yaml", keep: true }); | ||
try { | ||
@@ -728,0 +766,0 @@ const opts = { base64: args.base64, algorithm: algorithm, raw: args.raw }; |
const fs = require("fs"); | ||
const path = require("path"); | ||
const yaml = require("js-yaml"); | ||
const yamlcrypt = require("./yaml-crypt"); | ||
function safeDumpAll(objs, opts) { | ||
let str = ""; | ||
for (let idx = 0; idx < objs.length; idx++) { | ||
if (idx > 0) { | ||
str += "---\n"; | ||
} | ||
str += yaml.safeDump(objs[idx], opts); | ||
} | ||
return str; | ||
} | ||
function transform(content, keys, encryptionKey, opts, callback) { | ||
let key = null; | ||
let objs = []; | ||
for (const k of keys) { | ||
const tmp = []; | ||
try { | ||
const opts_ = Object.assign({ objects: true }, opts); | ||
const crypt = yamlcrypt.decrypt(k, opts_); | ||
crypt.safeLoadAll(content, obj => tmp.push(obj)); | ||
} catch (e) { | ||
continue; | ||
} | ||
key = k; | ||
objs = tmp; | ||
break; | ||
} | ||
if (!key) { | ||
throw new Error("no matching key to decrypt the given data!"); | ||
} | ||
if (!encryptionKey) { | ||
encryptionKey = key; | ||
} | ||
const reencrypt = key !== encryptionKey; | ||
function processValues() {} | ||
let index = 0; | ||
const types = []; | ||
for (const obj of objs) { | ||
processValues( | ||
obj, | ||
null, | ||
v => v instanceof yamlcrypt.Plaintext, | ||
t => { | ||
const knownText = new _KnownText(t, index++, t.algorithm); | ||
types.push(_knownTextType(knownText, reencrypt)); | ||
return knownText; | ||
} | ||
); | ||
} | ||
_newTextTypes().forEach(t => types.push(t)); | ||
const schema = yaml.Schema.create(types); | ||
const str = safeDumpAll(objs, { schema: schema }); | ||
const transformed = callback(str); | ||
const result = []; | ||
yaml.safeLoadAll(transformed, obj => result.push(obj), { schema: schema }); | ||
const crypt = yamlcrypt.encrypt(encryptionKey, opts); | ||
return crypt.safeDumpAll(result); | ||
} | ||
class _KnownText { | ||
constructor(plaintext, index, algorithm) { | ||
this.plaintext = plaintext; | ||
this.index = index; | ||
this.algorithm = algorithm; | ||
} | ||
} | ||
function _knownTextType(knownText, reencrypt) { | ||
return new yaml.Type("!yaml-crypt/:" + knownText.index, { | ||
kind: "scalar", | ||
instanceOf: _KnownText, | ||
predicate: data => data.index === knownText.index, | ||
represent: data => data.plaintext.plaintext, | ||
construct: data => { | ||
if (!reencrypt && data === knownText.plaintext.plaintext) { | ||
return knownText.plaintext; | ||
} else { | ||
return new yamlcrypt.Plaintext(data, null, knownText.algorithm); | ||
} | ||
} | ||
}); | ||
} | ||
function _newTextTypes() { | ||
const keys = [{ type: "!yaml-crypt", algorithm: yamlcrypt.algorithms[0] }]; | ||
for (const algorithm of yamlcrypt.algorithms) { | ||
// also allow the usage of just the algorithm name, without version: | ||
const split = algorithm.split(":", 2); | ||
keys.push({ type: "!yaml-crypt/" + split[0], algorithm: algorithm }); | ||
keys.push({ type: "!yaml-crypt/" + algorithm, algorithm: algorithm }); | ||
} | ||
return keys.map( | ||
key => | ||
new yaml.Type(key.type, { | ||
kind: "scalar", | ||
represent: data => data, | ||
construct: data => new yamlcrypt.Plaintext(data, null, key.algorithm) | ||
}) | ||
); | ||
} | ||
function walk(dir, recursive, callback) { | ||
@@ -134,4 +19,2 @@ const files = fs.readdirSync(dir); | ||
module.exports.safeDumpAll = safeDumpAll; | ||
module.exports.transform = transform; | ||
module.exports.walk = walk; |
{ | ||
"name": "yaml-crypt", | ||
"version": "0.6.4", | ||
"version": "0.7.0", | ||
"description": "Encrypt and decrypt YAML documents", | ||
@@ -29,3 +29,3 @@ "license": "MIT", | ||
"fernet": "^0.3.1", | ||
"js-yaml": "^3.13.1", | ||
"js-yaml": "^3.14.0", | ||
"pkginfo": "^0.4.1", | ||
@@ -38,5 +38,5 @@ "tmp": "^0.2.1", | ||
"coveralls": "^3.1.0", | ||
"eslint": "^6.8.0", | ||
"mocha": "^7.1.2", | ||
"nyc": "^15.0.1", | ||
"eslint": "^7.1.0", | ||
"mocha": "^7.2.0", | ||
"nyc": "^15.1.0", | ||
"prettier": "^2.0.5" | ||
@@ -43,0 +43,0 @@ }, |
@@ -58,2 +58,4 @@ const fs = require("fs"); | ||
["--raw", "--path", "."], | ||
["--raw", "--query", "."], | ||
["--edit", "--query", "."], | ||
["--edit", "--encrypt"], | ||
@@ -82,2 +84,14 @@ ["--edit", "--decrypt"], | ||
it("should throw an error when passing query without decrypt", () => { | ||
expect(() => runWithKeyFile(["--query", "."], {}, {})).to.throw( | ||
/must be combined with/ | ||
); | ||
}); | ||
it("should throw an error when passing query with files", () => { | ||
expect(() => runWithKeyFile(["--query", ".", "x"], {}, {})).to.throw( | ||
/only valid when reading from stdin/ | ||
); | ||
}); | ||
it("should throw an error when passing invalid algorithm", () => { | ||
@@ -323,2 +337,22 @@ expect(() => runWithKeyFile(["-d", "-a", "x"], {}, {})).to.throw( | ||
it("should decrypt the given input and return the query string", () => { | ||
const config = { keys: [{ key: "aehae5Ui0Eechaeghau9Yoh9jufiep7H" }] }; | ||
const options = { | ||
stdin: fs.readFileSync("./test/resources/test-2.yaml-crypt"), | ||
stdout: new Out() | ||
}; | ||
yamlcryptcli.run(["-d", "--query", "first"], config, options); | ||
expect(options.stdout.str).to.equal("Hello, world!\n\n"); | ||
}); | ||
it("should decrypt the given input and return the query object", () => { | ||
const config = { keys: [{ key: "aehae5Ui0Eechaeghau9Yoh9jufiep7H" }] }; | ||
const options = { | ||
stdin: fs.readFileSync("./test/resources/test-3.yaml-crypt"), | ||
stdout: new Out() | ||
}; | ||
yamlcryptcli.run(["-d", "--query", "a"], config, options); | ||
expect(options.stdout.str).to.equal('{"b":{"c":"secret"}}\n'); | ||
}); | ||
it("should decrypt the given input when using --raw", () => { | ||
@@ -325,0 +359,0 @@ const config = { |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
77359
2155
Updatedjs-yaml@^3.14.0