-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Biscuit does not export yaml, so don't yaml-parse it #4
Conversation
sometimes people have spaces in their paths
backwards compatible. I think it's reasonable to assert that nobody could be depending on the biscuit gem to re-interpret their encrypted strings by YAML-parsing and to_s-ing them
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good - what a great find! I could see this causing all manner of chaos.
|
||
context "when the values look like arrays" do | ||
let(:exported_data) { "foo: 1,2,3,4,5" } | ||
let(:expected_hash) { Hash["foo" => "1,2,3,4,5"] } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💯
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
Motivation
I discovered in an Uploader PR (to move stuff from CF to biscuit) that
LEGACY_INITIALIZATION_VECTOR
had some kind of problem after I moved it. Investigation showed that, when Ibiscuit put -f FILE LEGACY_INITIALIZATION_VECTOR 1,2,3,4,5
, the actual envar being supplied back by biscuit in staging was"12345"
.When I dug into the details, this turned out to be because
biscuit export
is printing out its data in a rawKEY: VALUE
format, which is not actually YAML, but resembles it strongly. We YAML-parse the output of that file, which results in getting an Array value for that key, and then cast it to a string in the library.While my initial reaction was to just switch to using some other separator that YAML doesn't care about, I think this is a gotcha that will catch others, especially since biscuit doesn't actually get used locally.
Changes
YAML.load
(use raw string-splitting instead)