getsops/sops
1
0
Fork 0
mirror of https://github.com/getsops/sops.git synced 2026-02-05 12:45:21 +01:00
Code Issues Activity

Fix empty comments not being decrypted correctly (#344)

Browse Source 
SOPS failed to decrypt empty comments before after they were encrypted because they
would look like:

`#ENC[AES256_GCM,data:,iv:NVQvG25goSE7xi6U/QjRNtJBwr/VfChezSptI8GFsQk=,tag:yyYIW/hiIZ1qK1GEo8vHpA==,type:comment]`

Note the empty "data" value.

SOPS would fail to decrypt those and show them to the user "encrypted" when
decrypting the file.
This commit is contained in:
Adrian Utrilla
2018-05-08 14:09:11 -04:00
committed by GitHub
parent 9143db1e28
commit 97ce8a62c9
2 changed files with 32 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
aes/cipher.go
View File

@@ -77,7 +77,7 @@ func parse(value string) (*encryptedValue, error) {
// Decrypt takes a sops-format value string and a key and returns the decrypted value and a stash value
func (c Cipher) Decrypt(ciphertext string, key []byte, additionalData string) (plaintext interface{}, err error) {
if ciphertext == "" {
if isEmpty(ciphertext) {
return "", nil
}
encryptedValue, err := parse(ciphertext)
@@ -119,9 +119,22 @@ func (c Cipher) Decrypt(ciphertext string, key []byte, additionalData string) (p
return plaintext, err
}
func isEmpty(value interface{}) bool {
switch value := value.(type) {
case string:
return value == ""
case []byte:
return len(value) == 0
case sops.Comment:
return isEmpty(value.Value)
default:
return false
}
}
// Encrypt takes one of (string, int, float, bool) and encrypts it with the provided key and additional auth data, returning a sops-format encrypted string.
func (c Cipher) Encrypt(plaintext interface{}, key []byte, additionalData string) (ciphertext string, err error) {
if plaintext == "" {
if isEmpty(plaintext) {
return "", nil
}
aescipher, err := cryptoaes.NewCipher(key)

17
aes/cipher_test.go
View File

@@ -5,6 +5,9 @@ import (
"strings"
"testing"
"testing/quick"
"github.com/stretchr/testify/assert"
"go.mozilla.org/sops"
)
func TestDecrypt(t *testing.T) {
@@ -104,3 +107,17 @@ func TestRoundtripBool(t *testing.T) {
t.Error(err)
}
}
func TestEncryptEmptyComment(t *testing.T) {
key := []byte(strings.Repeat("f", 32))
s, err := NewCipher().Encrypt(sops.Comment{}, key, "")
assert.Nil(t, err)
assert.Equal(t, "", s)
}
func TestDecryptEmptyValue(t *testing.T) {
key := []byte(strings.Repeat("f", 32))
s, err := NewCipher().Decrypt("", key, "")
assert.Nil(t, err)
assert.Equal(t, "", s)
}