feat: Improvements to the message decryption process (#22)

See GHSA-x5h4-9gqw-942j

Co-authored-by: Alex Chew <[email protected]>
Co-authored-by: Benjamin Farley <[email protected]>

Author: 3 people

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "test_vector_handlers/test/aws-crypto-tools-test-vector-framework"]
+	path = test_vector_handlers/test/aws-crypto-tools-test-vector-framework
+	url = https://github.com/awslabs/private-aws-crypto-tools-test-vector-framework-staging.git

buildspec.yml

@@ -7,67 +7,36 @@ batch:
       buildspec: codebuild/py27/integ.yml
     - identifier: py27_examples
       buildspec: codebuild/py27/examples.yml
-    - identifier: py27_awses_1_7_1
-      buildspec: codebuild/py27/awses_1.7.1.yml
-    - identifier: py27_awses_2_0_0
-      buildspec: codebuild/py27/awses_2.0.0.yml
-    - identifier: py27_awses_latest
-      buildspec: codebuild/py27/awses_latest.yml
+    - identifier: py27_awses_local
+      buildspec: codebuild/py27/awses_local.yml
 
     - identifier: py35_integ
       buildspec: codebuild/py35/integ.yml
     - identifier: py35_examples
       buildspec: codebuild/py35/examples.yml
-    - identifier: py35_awses_1_7_1
-      buildspec: codebuild/py35/awses_1.7.1.yml
-    - identifier: py35_awses_2_0_0
-      buildspec: codebuild/py35/awses_2.0.0.yml
-    - identifier: py35_awses_latest
-      buildspec: codebuild/py35/awses_latest.yml
+    - identifier: py35_awses_local
+      buildspec: codebuild/py35/awses_local.yml
 
     - identifier: py36_integ
       buildspec: codebuild/py36/integ.yml
     - identifier: py36_examples
       buildspec: codebuild/py36/examples.yml
-    - identifier: py36_awses_1_7_1
-      buildspec: codebuild/py36/awses_1.7.1.yml
-    - identifier: py36_awses_2_0_0
-      buildspec: codebuild/py36/awses_2.0.0.yml
-    - identifier: py36_awses_latest
-      buildspec: codebuild/py36/awses_latest.yml
+    - identifier: py36_awses_local
+      buildspec: codebuild/py36/awses_local.yml
 
     - identifier: py37_integ
       buildspec: codebuild/py37/integ.yml
     - identifier: py37_examples
       buildspec: codebuild/py37/examples.yml
-    - identifier: py37_awses_1_7_1
-      buildspec: codebuild/py37/awses_1.7.1.yml
-    - identifier: py37_awses_2_0_0
-      buildspec: codebuild/py37/awses_2.0.0.yml
-    - identifier: py37_awses_latest
-      buildspec: codebuild/py37/awses_latest.yml
+    - identifier: py37_awses_local
+      buildspec: codebuild/py37/awses_local.yml
 
     - identifier: py38_integ
       buildspec: codebuild/py38/integ.yml
     - identifier: py38_examples
       buildspec: codebuild/py38/examples.yml
-    - identifier: py38_awses_1_7_1
-      buildspec: codebuild/py38/awses_1.7.1.yml
-    - identifier: py38_awses_2_0_0
-      buildspec: codebuild/py38/awses_2.0.0.yml
-    - identifier: py38_awses_latest
-      buildspec: codebuild/py38/awses_latest.yml
-
-    - identifier: py39_integ
-      buildspec: codebuild/py39/integ.yml
-    - identifier: py39_examples
-      buildspec: codebuild/py39/examples.yml
-    - identifier: py39_awses_1_7_1
-      buildspec: codebuild/py39/awses_1.7.1.yml
-    - identifier: py39_awses_2_0_0
-      buildspec: codebuild/py39/awses_2.0.0.yml
-    - identifier: py39_awses_latest
-      buildspec: codebuild/py39/awses_latest.yml
+    - identifier: py38_awses_local
+      buildspec: codebuild/py38/awses_local.yml
 
     - identifier: code_coverage
       buildspec: codebuild/coverage/coverage.yml

codebuild/py27/awses_latest.yml

@@ -2,7 +2,7 @@ version: 0.2
 
 env:
   variables:
-    TOXENV: "py27-awses_1.7.1"
+    TOXENV: "py27-awses_local"
     AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >-
       arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f
     AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >-

codebuild/py27/awses_1.7.1.yml renamed to codebuild/py27/awses_local.yml

@@ -2,7 +2,7 @@ version: 0.2
 
 env:
   variables:
-    TOXENV: "py35-awses_2.0.0"
+    TOXENV: "py35-awses_local"
     AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >-
       arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f
     AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >-

codebuild/py35/awses_1.7.1.yml

@@ -2,7 +2,7 @@ version: 0.2
 
 env:
   variables:
-    TOXENV: "py27-awses_2.0.0"
+    TOXENV: "py36-awses_local"
     AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >-
       arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f
     AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >-

codebuild/py35/awses_latest.yml

@@ -2,7 +2,7 @@ version: 0.2
 
 env:
   variables:
-    TOXENV: "py37-awses_2.0.0"
+    TOXENV: "py37-awses_local"
     AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >-
       arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f
     AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >-

codebuild/py35/awses_2.0.0.yml renamed to codebuild/py35/awses_local.yml

@@ -2,7 +2,7 @@ version: 0.2
 
 env:
   variables:
-    TOXENV: "py36-awses_2.0.0"
+    TOXENV: "py38-awses_local"
     AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >-
       arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f
     AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >-

codebuild/py36/awses_1.7.1.yml

@@ -9,33 +9,21 @@ env:
 
 phases:
   install:
-    commands:
-      - pip install tox
-      - pip install --upgrade pip
     runtime-versions:
       python: latest
-  pre_build:
-    commands:
-      - git checkout $COMMIT_ID
-      - FOUND_VERSION=$(sed -n 's/__version__ = "\(.*\)"/\1/p' src/aws_encryption_sdk/identifiers.py)
-      - |
-        if expr ${FOUND_VERSION} != ${VERSION}; then
-          echo "identifiers.py version (${FOUND_VERSION}) does not match expected version (${VERSION}), stopping"
-          exit 1;
-        fi
   build:
     commands:
+      - pip install tox
+      - git checkout $BRANCH
       - tox -e park
       - tox -e release
+      - git clone https://github.com/aws-samples/busy-engineers-document-bucket.git
+      - cd busy-engineers-document-bucket/exercises/python/encryption-context-complete
+      - sed -i "s/aws_encryption_sdk/aws_encryption_sdk==$VERSION/" requirements-dev.txt
+      - tox -e test
+
 
 batch:
-  fast-fail: true 
-  build-graph:
-    - identifier: release_to_prod
-    - identifier: validate_prod_release
-      depend-on:
-        - release_to_prod
-      buildspec: codebuild/release/validate.yml
-      env:
-        variables:
-          PIP_INDEX_URL: https://pypi.python.org/simple/
+  fast-fail: false
+  build-list:
+    - identifier: prod_release