Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Concerns about the encrypted? method #316

Closed
mcka1n opened this issue Mar 8, 2021 · 2 comments
Closed

Concerns about the encrypted? method #316

mcka1n opened this issue Mar 8, 2021 · 2 comments

Comments

@mcka1n
Copy link
Contributor

mcka1n commented Mar 8, 2021

Hey contributors,

CC @bastelfreak @kenyon

A few days ago one of my colleagues sent me this link that explains the REGEX "Non-greedy matching" with Ruby.

Basically, it explains why in some cases it's useful to use the *? to avoid as many occurrences as possible with the matches. This brings us to a PR I sent a couple of weeks ago #313

I have a concern about the Pull Request I sent before and I would like to know what you all think?

Questions

  1. I found a case where the non-greedy matching helps. Do you think we could have that case on the string we are evaluating on hiera-eyaml? -- Here is a Rubular link where I have my cases: https://rubular.com/r/wpG9IjlgA4XiVg Remove the ? from the REGEX above and it will match the whole test string.

image

  1. I went to the features/decrypts.feature file, added a new scenario with:
Scenario: decrypt a simple string ignoring extra noise
    When I run `eyaml decrypt -s 'ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQAwDQYJKoZIhvcNAQEBBQAEggEAJsIbL+DE4b5mbT4ozzsGximhweXkJakBXRNqi/TOBV5RnMjlAhik2NQGyZdrg4fmQynyQvI7lKPos5bmqT6Ltk0XxfL0l1x8MIdVLDu7JG72a+5bbU7EK/PlhwaeJ0QpnA0M34koNykSmcvdVUoIDag71lqw4Hmk8JQuXmo95gP0sXHvlahgxR522Z8MTEitfimtZPnHJVMjQEnBHIwXLkEfqUHH3RciED3AkeU+En63Ou7Nq1SqoC4ln0oL1L2gRqsyEKWF/cigcZfAggh9rva6wlthh+Fj7yJy7ALVG/AXwrF1sJfTR31+RMbzPbgOHXES8P4yQvQnx6LNUSKAgDBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCSuNScp5k8F0RKt63fkoPrgCBYbnl44Wdv5mtaJmJcc0WIUcLTpixl1IY2uQ7IiI358w==][PKCS7,aGVsbG8sf&IHdvcmxk==]'`
    Then the output should match /^one flew over the cuckoos nest$/

Note the extra [..] block on the string. According to my tests, it fails with both scenarios (with and without the ? mark in the REGEX: /.*ENC\[.*?\]/).

image

Do you think this is a real concern? Based on my test it seems that if the string is an invalid one (due to format) the decryption process will not work anyways. But could we have these cases in real life?

If there is nothing to worry about, feel free to close this issue :)

Thanks!
@kenyon
Copy link
Member

kenyon commented Mar 8, 2021

Yeah I'm not sure how you would get two [PKCS7,...] strings. Seems like that would be invalid.

@mcka1n
Copy link
Contributor Author

mcka1n commented Mar 11, 2021

@kenyon perfect, thanks for reviewing my concern!

I will proceed to close this question (issue).

@mcka1n mcka1n closed this as completed Mar 11, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kenyon @mcka1n