diff options
author | Connor Shea <connor.james.shea@gmail.com> | 2016-05-19 13:55:25 -0500 |
---|---|---|
committer | Connor Shea <connor.james.shea@gmail.com> | 2016-05-30 13:51:21 -0600 |
commit | d287315dbf1a1493e3f2c2511e559204cc914ff8 (patch) | |
tree | e8ad832255adec67b700a73e4cf853392e27bbb8 /spec/models/ci/variable_spec.rb | |
parent | d47b2b92c9b5e80eb3430e2b4950e17646b8efd8 (diff) | |
download | gitlab-ce-d287315dbf1a1493e3f2c2511e559204cc914ff8.tar.gz |
Upgrade attr_encrypted and encryptor
attr_encrypted (1.3.4 => 3.0.1) Changelog:
https://github.com/attr-encrypted/attr_encrypted/blob/master/CHANGELOG.m
d
attr_encrypted 2.x included a vulnerability, so that major version is
skipped. 3.x requires that the algorithm and mode used by each
encrypted attribute is specified explicitly.
`nil` is no longer a valid value for the encrypted_value_iv field, so
it’s changed to a randomly generated string.
Diffstat (limited to 'spec/models/ci/variable_spec.rb')
-rw-r--r-- | spec/models/ci/variable_spec.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/spec/models/ci/variable_spec.rb b/spec/models/ci/variable_spec.rb index c712d211b0f..98f60087cf5 100644 --- a/spec/models/ci/variable_spec.rb +++ b/spec/models/ci/variable_spec.rb @@ -23,7 +23,7 @@ describe Ci::Variable, models: true do end it 'fails to decrypt if iv is incorrect' do - subject.encrypted_value_iv = nil + subject.encrypted_value_iv = SecureRandom.hex subject.instance_variable_set(:@value, nil) expect { subject.value }. to raise_error(OpenSSL::Cipher::CipherError, 'bad decrypt') |