mirror of
https://github.com/n8n-io/n8n.git
synced 2024-12-25 04:34:06 -08:00
fix(core): Upgrade crypto-js to address CVE-2023-46233 (#7519)
[GH Advisory](https://github.com/advisories/GHSA-xwcq-pm8m-c4vf)
This commit is contained in:
parent
df89685e15
commit
65e5593233
|
@ -2,4 +2,5 @@
|
|||
module.exports = {
|
||||
...require('../../jest.config'),
|
||||
globalSetup: '<rootDir>/test/setup.ts',
|
||||
setupFilesAfterEnv: ['<rootDir>/test/setup-mocks.ts'],
|
||||
};
|
||||
|
|
|
@ -54,7 +54,7 @@
|
|||
"axios": "^0.21.1",
|
||||
"concat-stream": "^2.0.0",
|
||||
"cron": "~1.7.2",
|
||||
"crypto-js": "^4.1.1",
|
||||
"crypto-js": "^4.2.0",
|
||||
"fast-glob": "^3.2.5",
|
||||
"file-type": "^16.5.4",
|
||||
"flatted": "^3.2.4",
|
||||
|
|
|
@ -7,13 +7,15 @@ export class Cipher {
|
|||
constructor(private readonly instanceSettings: InstanceSettings) {}
|
||||
|
||||
encrypt(data: string | object) {
|
||||
const { encryptionKey } = this.instanceSettings;
|
||||
return AES.encrypt(
|
||||
typeof data === 'string' ? data : JSON.stringify(data),
|
||||
this.instanceSettings.encryptionKey,
|
||||
encryptionKey,
|
||||
).toString();
|
||||
}
|
||||
|
||||
decrypt(data: string) {
|
||||
return AES.decrypt(data, this.instanceSettings.encryptionKey).toString(enc.Utf8);
|
||||
const { encryptionKey } = this.instanceSettings;
|
||||
return AES.decrypt(data, encryptionKey).toString(enc.Utf8);
|
||||
}
|
||||
}
|
||||
|
|
30
packages/core/test/Cipher.test.ts
Normal file
30
packages/core/test/Cipher.test.ts
Normal file
|
@ -0,0 +1,30 @@
|
|||
import Container from 'typedi';
|
||||
import { InstanceSettings } from '@/InstanceSettings';
|
||||
import { Cipher } from '@/Cipher';
|
||||
import { mockInstance } from './utils';
|
||||
|
||||
describe('Cipher', () => {
|
||||
mockInstance(InstanceSettings, { encryptionKey: 'test_key' });
|
||||
const cipher = Container.get(Cipher);
|
||||
|
||||
describe('encrypt', () => {
|
||||
it('should encrypt strings', () => {
|
||||
const encrypted = cipher.encrypt('random-string');
|
||||
const decrypted = cipher.decrypt(encrypted);
|
||||
expect(decrypted).toEqual('random-string');
|
||||
});
|
||||
|
||||
it('should encrypt objects', () => {
|
||||
const encrypted = cipher.encrypt({ key: 'value' });
|
||||
const decrypted = cipher.decrypt(encrypted);
|
||||
expect(decrypted).toEqual('{"key":"value"}');
|
||||
});
|
||||
});
|
||||
|
||||
describe('decrypt', () => {
|
||||
it('should decrypt string', () => {
|
||||
const decrypted = cipher.decrypt('U2FsdGVkX194VEoX27o3+y5jUd1JTTmVwkOKjVhB6Jg=');
|
||||
expect(decrypted).toEqual('random-string');
|
||||
});
|
||||
});
|
||||
});
|
1
packages/core/test/setup-mocks.ts
Normal file
1
packages/core/test/setup-mocks.ts
Normal file
|
@ -0,0 +1 @@
|
|||
import 'reflect-metadata';
|
|
@ -51,7 +51,7 @@
|
|||
"@n8n/tournament": "^1.0.2",
|
||||
"@n8n_io/riot-tmpl": "^4.0.0",
|
||||
"ast-types": "0.15.2",
|
||||
"crypto-js": "^4.1.1",
|
||||
"crypto-js": "^4.2.0",
|
||||
"deep-equal": "^2.2.0",
|
||||
"esprima-next": "5.8.4",
|
||||
"form-data": "^4.0.0",
|
||||
|
|
|
@ -583,8 +583,8 @@ importers:
|
|||
specifier: ~1.7.2
|
||||
version: 1.7.2
|
||||
crypto-js:
|
||||
specifier: ^4.1.1
|
||||
version: 4.1.1
|
||||
specifier: ^4.2.0
|
||||
version: 4.2.0
|
||||
fast-glob:
|
||||
specifier: ^3.2.5
|
||||
version: 3.2.12
|
||||
|
@ -1311,8 +1311,8 @@ importers:
|
|||
specifier: 0.15.2
|
||||
version: 0.15.2
|
||||
crypto-js:
|
||||
specifier: ^4.1.1
|
||||
version: 4.1.1
|
||||
specifier: ^4.2.0
|
||||
version: 4.2.0
|
||||
deep-equal:
|
||||
specifier: ^2.2.0
|
||||
version: 2.2.0
|
||||
|
@ -6824,7 +6824,7 @@ packages:
|
|||
ts-dedent: 2.2.0
|
||||
type-fest: 3.13.1
|
||||
vue: 3.3.4
|
||||
vue-component-type-helpers: 1.8.19
|
||||
vue-component-type-helpers: 1.8.21
|
||||
transitivePeerDependencies:
|
||||
- encoding
|
||||
- supports-color
|
||||
|
@ -10544,6 +10544,10 @@ packages:
|
|||
resolution: {integrity: sha512-o2JlM7ydqd3Qk9CA0L4NL6mTzU2sdx96a+oOfPu8Mkl/PK51vSyoi8/rQ8NknZtk44vq15lmhAj9CIAGwgeWKw==}
|
||||
dev: false
|
||||
|
||||
/crypto-js@4.2.0:
|
||||
resolution: {integrity: sha512-KALDyEYgpY+Rlob/iriUtjV6d5Eq+Y191A5g4UqLAi8CyGP9N1+FdVbkc1SxKc2r4YAYqG8JzO2KGL+AizD70Q==}
|
||||
dev: false
|
||||
|
||||
/crypto-random-string@2.0.0:
|
||||
resolution: {integrity: sha512-v1plID3y9r/lPhviJ1wrXpLeyUIGAZ2SHNYTEapm7/8A9nLPoyvVp3RK/EPFqn5kEznyWgYZNsRtYYIWbuG8KA==}
|
||||
engines: {node: '>=8'}
|
||||
|
@ -21799,8 +21803,8 @@ packages:
|
|||
vue: 3.3.4
|
||||
dev: false
|
||||
|
||||
/vue-component-type-helpers@1.8.19:
|
||||
resolution: {integrity: sha512-1OANGSZK4pzHF4uc86usWi+o5Y0zgoDtqWkPg6Am6ot+jHSAmpOah59V/4N82So5xRgivgCxGgK09lBy1XNUfQ==}
|
||||
/vue-component-type-helpers@1.8.21:
|
||||
resolution: {integrity: sha512-XL37QbmiqqbKrAFHPxqryMXpNgO0KMKd5bIo7LO9QABPMNEysd8xmYRIjwZhh0t2abveXjAJ//ZcAzwdxp/S3Q==}
|
||||
dev: true
|
||||
|
||||
/vue-component-type-helpers@1.8.4:
|
||||
|
|
Loading…
Reference in a new issue