Fix arrays (#4)

swiknaba · MatjazKavcic · web-flow · commit 39c4ca2d8c99 · 2024-10-11T21:32:26.000+02:00
* Fix encryption/decryption of arrays

* Add subitems to specs

* Remove pp

* Diff arrays correctly

* PR comments

* Fix test versions

---------

Co-authored-by: Matjaz Kavcic &lt;matjaz@kavcic.eu&gt;
diff --git a/lib/diffcrypt/encryptor.rb b/lib/diffcrypt/encryptor.rb
@@ -34,16 +34,21 @@ def decrypt(contents)
 
     # @param [Hash] data
     # @return [Hash]
+    # rubocop:disable Metrics/MethodLength
     def decrypt_hash(data)
       data.each do |key, value|
-        data[key] = if value.is_a?(Hash) || value.is_a?(Array)
+        data[key] = case value
+                    when Hash
                       decrypt_hash(value)
+                    when Array
+                      value.map { |v| decrypt_hash(v) }
                     else
                       decrypt_string value
                     end
       end
       data
     end
+    # rubocop:enable Metrics/MethodLength
 
     # @param [String] contents The raw YAML string to be encrypted
     # @param [String, nil] original_encrypted_contents The original (encrypted) content to determine which keys have changed
@@ -73,14 +78,18 @@ def encrypt_string(value)
     end
 
     # TODO: Fix the complexity of this method
-    # rubocop:disable Metrics/PerceivedComplexity, Metrics/MethodLength, Metrics/CyclomaticComplexity
+    # rubocop:disable Metrics/MethodLength, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/AbcSize
     # @param [Hash] keys
     # @return [Hash]
     def encrypt_values(data, original_data = nil)
       data.each do |key, value|
-        original_encrypted_value = original_data ? original_data[key] : nil
-        data[key] = if value.is_a?(Hash) || value.is_a?(Array)
+        original_encrypted_value = original_data&.dig(key)
+
+        data[key] = case value
+                    when Hash
                       encrypt_values(value, original_encrypted_value)
+                    when Array
+                      value.map.with_index { |v, i| encrypt_values(v, original_encrypted_value&.dig(i)) }
                     else
                       original_decrypted_value = original_encrypted_value ? decrypt_string(original_encrypted_value) : nil
                       key_changed = original_decrypted_value.nil? || original_decrypted_value != value
@@ -89,7 +98,7 @@ def encrypt_values(data, original_data = nil)
       end
       data.sort.to_h
     end
-    # rubocop:enable Metrics/PerceivedComplexity, Metrics/MethodLength, Metrics/CyclomaticComplexity
+    # rubocop:enable Metrics/MethodLength, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/AbcSize
 
     # @param [String] value The encrypted value that needs decrypting
     # @return [String]
diff --git a/test/diffcrypt/encryptor_test.rb b/test/diffcrypt/encryptor_test.rb
@@ -46,12 +46,21 @@ def test_it_encrypts_root_values
   def test_it_decrypts_nested_structures
     encrypted_content = <<~CONTENT
       data:
+        array:
+        - item1: 7HJjrwQ6KqH+jvu1pOZGqQ==--E2ipnCNCszD6oixM--QZapG/8wrPtwbUVDe9evsw==
+          subitem: oNNLBGwL45VvOv7elkRTHZTcNQ==--iFBc53R3F26zsvTK--6iEtqH7TR7TSS6fJOHwfPg==
+        - item2: IvwdxcAV+38MvNsKYdNCEg==--6y7Aj4nmFLOTGrx3--rRH8ni3yks2eid91jde2hg==
         secret_key_base: 88Ry6HESUoXBr6QUFXmni9zzfCIYt9qGNFvIWFcN--4xoecI5mqbNRBibI--62qPJbkzzh5h8lhFEFOSaQ==
         aws:
           access_key_id: Ot/uCTEL+8kp61EPctnxNlg=--Be6sg7OdvjZlfxgR--7qRbbf0lA4VgjnUGUrrFwg==
+
     CONTENT
     expected = <<~CONTENT
       ---
+      array:
+      - item1: value1
+        subitem: value sub
+      - item2: value2
       secret_key_base: secret_key_base_test
       aws:
         access_key_id: AKIAXXX
@@ -66,8 +75,12 @@ def test_it_encrypts_nested_structures
       secret_key_base: secret_key_base_test
       aws:
         access_key_id: AKIAXXX
+      array:
+      - item1: value1
+        subitem: value sub
+      - item2: value2
     CONTENT
-    expected_pattern = /---\naws:\n  access_key_id: #{ENCRYPTED_VALUE_PATTERN}\nsecret_key_base: #{ENCRYPTED_VALUE_PATTERN}\n/
+    expected_pattern = /---\narray:\n- item1: #{ENCRYPTED_VALUE_PATTERN}\n  subitem: #{ENCRYPTED_VALUE_PATTERN}\n- item2: #{ENCRYPTED_VALUE_PATTERN}\naws:\n  access_key_id: #{ENCRYPTED_VALUE_PATTERN}\nsecret_key_base: #{ENCRYPTED_VALUE_PATTERN}/
 
     assert_match expected_pattern, Diffcrypt::Encryptor.new(TEST_KEY_128, cipher: 'aes-128-gcm').encrypt_data(content).to_yaml
   end
@@ -82,6 +95,14 @@ def test_it_only_updates_changed_values
     assert_match expected_pattern, Diffcrypt::Encryptor.new(TEST_KEY_128, cipher: 'aes-128-gcm').encrypt_data(updated_content, original_encrypted_content).to_yaml
   end
 
+  def test_it_only_updates_changed_values_for_arrays
+    original_encrypted_content = "---\ndata:\n  array:\n  - item1: 7HJjrwQ6KqH+jvu1pOZGqQ==--E2ipnCNCszD6oixM--QZapG/8wrPtwbUVDe9evsw==\n  - item2: IvwdxcAV+38MvNsKYdNCEg==--6y7Aj4nmFLOTGrx3--rRH8ni3yks2eid91jde2hg==\n"
+    updated_content = "---\narray:\n  - item1: value1\n  - item2: value2"
+    expected_pattern = %r{---\narray:\n- item1: 7HJjrwQ6KqH\+jvu1pOZGqQ==--E2ipnCNCszD6oixM--QZapG/8wrPtwbUVDe9evsw==\n- item2: IvwdxcAV\+38MvNsKYdNCEg==--6y7Aj4nmFLOTGrx3--rRH8ni3yks2eid91jde2hg==\n}
+
+    assert_match expected_pattern, Diffcrypt::Encryptor.new(TEST_KEY_128, cipher: 'aes-128-gcm').encrypt_data(updated_content, original_encrypted_content).to_yaml
+  end
+
   def test_it_assumes_changed_when_no_original_value
     original_encrypted_content = "---\ndata:\n  secret_key_base_1: 88Ry6HESUoXBr6QUFXmni9zzfCIYt9qGNFvIWFcN--4xoecI5mqbNRBibI--62qPJbkzzh5h8lhFEFOSaQ==\n"
     updated_content = "---\nsecret_key_base_1: secret_key_base_test\naws:\n  access_key_id: new_value\n"
