Skip to content

Commit

Permalink
Merge pull request #20 from mnbf9rca/patch/bump-cryptography
Browse files Browse the repository at this point in the history
bump cryptography above 41.0.3
  • Loading branch information
nsnguyen authored Nov 13, 2023
2 parents c0189ff + 3775f14 commit 3757ec2
Show file tree
Hide file tree
Showing 5 changed files with 88 additions and 3 deletions.
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file. See [standa

## [Unreleased](https://github.com/dotenv-org/python-dotenv-vault/compare/v0.5.1...master)

## 0.6.4

### Changed

- Bump Cryptography above 41.0.3 to resolve [#19](https://github.com/dotenv-org/python-dotenv-vault/issues/19) (High severity [CVE-2023-38325](https://nvd.nist.gov/vuln/detail/CVE-2023-38325))

## 0.6.3

### Changed
Expand Down
2 changes: 1 addition & 1 deletion requirements.txt
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
python-dotenv~=0.21.0
cryptography<41.0.0,>=3.1.0
cryptography<42.0.0,>41.0.3
2 changes: 1 addition & 1 deletion setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,6 @@ def read_files(files):
],
install_requires=[
'python-dotenv~=0.21.0',
'cryptography<41.0.0,>=3.1.0'
'cryptography<42.0.0,>41.0.3'
],
)
2 changes: 1 addition & 1 deletion src/dotenv_vault/__version__.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
__title__ = "python-dotenv-vault"
__description__ = "Decrypt .env.vault file."
__url__ = "https://github.com/dotenv-org/python-dotenv-vault"
__version__ = "0.6.3"
__version__ = "0.6.4"
__author__ = "dotenv"
__author_email__ = "mot@dotenv.org"
__license__ = "MIT"
79 changes: 79 additions & 0 deletions src/dotenv_vault/test_vault.py
Original file line number Diff line number Diff line change
Expand Up @@ -79,3 +79,82 @@ def test_load_dotenv_vault_not_there(self, find_dotenv):
mocked_listdir.return_value = ['.env', 'some_file']
path = vault.load_dotenv_vault()
self.assertEqual(path, '/some/path/.env')


class TestLoadDotenv:

@mock.patch.dict(os.environ, {"DOTENV_KEY": "secret_key"}, clear=True)
@mock.patch("builtins.open", new_callable=mock.mock_open, read_data="KEY=VALUE")
@mock.patch("dotenv_vault.main.parse_vault")
@mock.patch("dotenv_vault.main.load_dotenv_vault")
@mock.patch("dotenv_vault.main.dotenv.load_dotenv")
def test_load_encrypted_env(
self, mock_load_dotenv,
mock_load_dotenv_vault,
mock_parse_vault,
mock_open
):
mock_parse_vault.return_value = "stream_with_decrypted_data"
mock_load_dotenv_vault.return_value = "this_is_the_valut"
mock_load_dotenv.return_value = True

assert vault.load_dotenv() == True
mock_load_dotenv_vault.assert_called_once()
mock_parse_vault.assert_called_once()
mock_open.assert_called_once_with(mock_load_dotenv_vault.return_value)
mock_load_dotenv.assert_called_once_with(
stream=mock_parse_vault.return_value,
verbose=False,
override=True,
interpolate=True,
encoding="utf-8"
)

@mock.patch.dict(os.environ, {"NOT_DOTENV_KEY": "shouldnt_be_detected"}, clear=True)
@mock.patch("builtins.open", new_callable=mock.mock_open, read_data="KEY=VALUE")
@mock.patch("dotenv_vault.main.dotenv.find_dotenv")
@mock.patch("dotenv_vault.main.dotenv.load_dotenv")
@mock.patch.dict(os.environ, {}, clear=True)
def test_load_unencrypted_env(self,
mock_load_dotenv,
mock_find_dotenv,
mock_open
):
mock_find_dotenv.return_value = "path_to_dotenv_file"
mock_load_dotenv.return_value = True

assert vault.load_dotenv() == True
mock_open.assert_called_once_with(mock_find_dotenv.return_value)
mock_find_dotenv.assert_called_once_with(usecwd=True)
mock_load_dotenv.assert_called_once_with(
stream=mock_open.return_value,
verbose=False,
override=True,
interpolate=True,
encoding="utf-8"
)

@mock.patch.dict(os.environ, {"NOT_DOTENV_KEY": "shouldnt_be_detected"}, clear=True)
@mock.patch("builtins.open", new_callable=mock.mock_open, read_data="KEY=VALUE")
@mock.patch("dotenv_vault.main.dotenv.find_dotenv")
@mock.patch("dotenv_vault.main.dotenv.load_dotenv")
@mock.patch.dict(os.environ, {}, clear=True)
def test_load_with_stream_provided(self,
mock_load_dotenv,
mock_find_dotenv,
mock_open
):
mock_find_dotenv.return_value = "path_to_dotenv_file"
mock_load_dotenv.return_value = True
test_stream_value = "test_stream_value"

assert vault.load_dotenv(stream=test_stream_value) == True
mock_open.assert_not_called()
mock_find_dotenv.assert_called_once_with(usecwd=True)
mock_load_dotenv.assert_called_once_with(
stream=test_stream_value,
verbose=False,
override=True,
interpolate=True,
encoding="utf-8"
)

0 comments on commit 3757ec2

Please sign in to comment.