yaml-crypt - npm Package Compare versions

Comparing version 0.6.4 to 0.7.0

bin/yaml-crypt-cli.js

		@@ -22,3 +22,8 @@ #!/usr/bin/env node
		} = require("../lib/yaml-crypt");
		const { UsageError, safeDumpAll, tryDecrypt } = require("../lib/utils");
		const {
		UsageError,
		safeDumpAll,
		tryDecrypt,
		walkValues
		} = require("../lib/utils");
		const { walk } = require("../lib/yaml-crypt-helper");
		@@ -152,2 +157,7 @@
		});
		parser.addArgument(["--query"], {
		metavar: "<yaml-query>",
		help:
		"Output the value for the given YAML query path. Uses the same syntax as the --path option"
		});
		parser.addArgument(["--raw"], {
		@@ -237,5 +247,11 @@ action: "storeTrue",
		}
		if (args.raw && args.query) {
		throw new UsageError("cannot combine --raw and --query!");
		}
		if (args.edit && args.path) {
		throw new UsageError("cannot combine --edit and --path!");
		}
		if (args.edit && args.query) {
		throw new UsageError("cannot combine --edit and --query!");
		}
		if (args.edit && args.keep) {
		@@ -267,2 +283,8 @@ throw new UsageError("cannot combine --edit and --keep!");
		}
		if (args.query && args.file.length) {
		throw new UsageError("option --query only valid when reading from stdin!");
		}
		if (args.query && !args.decrypt) {
		throw new UsageError("option --query must be combined with --decrypt!");
		}
		if (args.generate_key && args.write_key) {
		@@ -413,3 +435,19 @@ throw new UsageError("cannot combine --generate-key and --write-key!");
		const objs = crypt.decryptAll(str, opts);
		result = safeDumpAll(objs);
		if (args.query) {
		const arr = [];
		for (const obj of objs) {
		walkValues(
		obj,
		args.query,
		() => true,
		v => arr.push(v)
		);
		}
		result =
		arr
		.map(v => (typeof v === "string" ? v : JSON.stringify(v)))
		.join("\n") + "\n";
		} else {
		result = safeDumpAll(objs);
		}
		}
		@@ -725,3 +763,3 @@ output.write(result);

		const tmpFile = tmp.fileSync({ dir: dir, postfix: ".yaml", keep: true });
		const tmpFile = tmp.fileSync({ tmpdir: dir, postfix: ".yaml", keep: true });
		try {
		@@ -728,0 +766,0 @@ const opts = { base64: args.base64, algorithm: algorithm, raw: args.raw };

117

lib/yaml-crypt-helper.js

		const fs = require("fs");
		const path = require("path");

		const yaml = require("js-yaml");

		const yamlcrypt = require("./yaml-crypt");

		function safeDumpAll(objs, opts) {
		let str = "";
		for (let idx = 0; idx < objs.length; idx++) {
		if (idx > 0) {
		str += "---\n";
		}
		str += yaml.safeDump(objs[idx], opts);
		}
		return str;
		}

		function transform(content, keys, encryptionKey, opts, callback) {
		let key = null;
		let objs = [];
		for (const k of keys) {
		const tmp = [];
		try {
		const opts_ = Object.assign({ objects: true }, opts);
		const crypt = yamlcrypt.decrypt(k, opts_);
		crypt.safeLoadAll(content, obj => tmp.push(obj));
		} catch (e) {
		continue;
		}
		key = k;
		objs = tmp;
		break;
		}

		if (!key) {
		throw new Error("no matching key to decrypt the given data!");
		}

		if (!encryptionKey) {
		encryptionKey = key;
		}

		const reencrypt = key !== encryptionKey;

		function processValues() {}

		let index = 0;
		const types = [];
		for (const obj of objs) {
		processValues(
		obj,
		null,
		v => v instanceof yamlcrypt.Plaintext,
		t => {
		const knownText = new _KnownText(t, index++, t.algorithm);
		types.push(_knownTextType(knownText, reencrypt));
		return knownText;
		}
		);
		}

		_newTextTypes().forEach(t => types.push(t));

		const schema = yaml.Schema.create(types);
		const str = safeDumpAll(objs, { schema: schema });

		const transformed = callback(str);

		const result = [];
		yaml.safeLoadAll(transformed, obj => result.push(obj), { schema: schema });

		const crypt = yamlcrypt.encrypt(encryptionKey, opts);
		return crypt.safeDumpAll(result);
		}

		class _KnownText {
		constructor(plaintext, index, algorithm) {
		this.plaintext = plaintext;
		this.index = index;
		this.algorithm = algorithm;
		}
		}

		function _knownTextType(knownText, reencrypt) {
		return new yaml.Type("!yaml-crypt/:" + knownText.index, {
		kind: "scalar",
		instanceOf: _KnownText,
		predicate: data => data.index === knownText.index,
		represent: data => data.plaintext.plaintext,
		construct: data => {
		if (!reencrypt && data === knownText.plaintext.plaintext) {
		return knownText.plaintext;
		} else {
		return new yamlcrypt.Plaintext(data, null, knownText.algorithm);
		}
		}
		});
		}

		function _newTextTypes() {
		const keys = [{ type: "!yaml-crypt", algorithm: yamlcrypt.algorithms[0] }];
		for (const algorithm of yamlcrypt.algorithms) {
		// also allow the usage of just the algorithm name, without version:
		const split = algorithm.split(":", 2);
		keys.push({ type: "!yaml-crypt/" + split[0], algorithm: algorithm });
		keys.push({ type: "!yaml-crypt/" + algorithm, algorithm: algorithm });
		}
		return keys.map(
		key =>
		new yaml.Type(key.type, {
		kind: "scalar",
		represent: data => data,
		construct: data => new yamlcrypt.Plaintext(data, null, key.algorithm)
		})
		);
		}

		function walk(dir, recursive, callback) {
		@@ -134,4 +19,2 @@ const files = fs.readdirSync(dir);

		module.exports.safeDumpAll = safeDumpAll;
		module.exports.transform = transform;
		module.exports.walk = walk;

package.json

		{
		"name": "yaml-crypt",
		"version": "0.6.4",
		"version": "0.7.0",
		"description": "Encrypt and decrypt YAML documents",
		@@ -29,3 +29,3 @@ "license": "MIT",
		"fernet": "^0.3.1",
		"js-yaml": "^3.13.1",
		"js-yaml": "^3.14.0",
		"pkginfo": "^0.4.1",
		@@ -38,5 +38,5 @@ "tmp": "^0.2.1",
		"coveralls": "^3.1.0",
		"eslint": "^6.8.0",
		"mocha": "^7.1.2",
		"nyc": "^15.0.1",
		"eslint": "^7.1.0",
		"mocha": "^7.2.0",
		"nyc": "^15.1.0",
		"prettier": "^2.0.5"
		@@ -43,0 +43,0 @@ },

test/yaml-crypt-cli-test.js

		@@ -58,2 +58,4 @@ const fs = require("fs");
		["--raw", "--path", "."],
		["--raw", "--query", "."],
		["--edit", "--query", "."],
		["--edit", "--encrypt"],
		@@ -82,2 +84,14 @@ ["--edit", "--decrypt"],

		it("should throw an error when passing query without decrypt", () => {
		expect(() => runWithKeyFile(["--query", "."], {}, {})).to.throw(
		/must be combined with/
		);
		});

		it("should throw an error when passing query with files", () => {
		expect(() => runWithKeyFile(["--query", ".", "x"], {}, {})).to.throw(
		/only valid when reading from stdin/
		);
		});

		it("should throw an error when passing invalid algorithm", () => {
		@@ -323,2 +337,22 @@ expect(() => runWithKeyFile(["-d", "-a", "x"], {}, {})).to.throw(

		it("should decrypt the given input and return the query string", () => {
		const config = { keys: [{ key: "aehae5Ui0Eechaeghau9Yoh9jufiep7H" }] };
		const options = {
		stdin: fs.readFileSync("./test/resources/test-2.yaml-crypt"),
		stdout: new Out()
		};
		yamlcryptcli.run(["-d", "--query", "first"], config, options);
		expect(options.stdout.str).to.equal("Hello, world!\n\n");
		});

		it("should decrypt the given input and return the query object", () => {
		const config = { keys: [{ key: "aehae5Ui0Eechaeghau9Yoh9jufiep7H" }] };
		const options = {
		stdin: fs.readFileSync("./test/resources/test-3.yaml-crypt"),
		stdout: new Out()
		};
		yamlcryptcli.run(["-d", "--query", "a"], config, options);
		expect(options.stdout.str).to.equal('{"b":{"c":"secret"}}\n');
		});

		it("should decrypt the given input when using --raw", () => {
		@@ -325,0 +359,0 @@ const config = {

yaml-crypt - npm Package Compare versions

New alerts

Fixed alerts

Worsened metrics

Dependency changes