MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Adding a check to make sure that encryption does not execute upon directories, as well as adding copy to warn that attachments are not encrypted.

This commit is contained in:
mike12345567 2023-12-06 16:38:03 +00:00
parent a6d59e9ea0
commit 3dcb3062f5
2 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
packages/backend-core/src/security/encryption.ts
View File

@ -73,6 +73,9 @@ export async function encryptFile(
const outputFileName = `${filename}.enc` const outputFileName = `${filename}.enc`
const filePath = join(dir, filename) const filePath = join(dir, filename)
if (fs.lstatSync(filePath).isDirectory()) {
throw new Error("Unable to encrypt directory")
}
const inputFile = fs.createReadStream(filePath) const inputFile = fs.createReadStream(filePath)
const outputFile = fs.createWriteStream(join(dir, outputFileName)) const outputFile = fs.createWriteStream(join(dir, outputFileName))
@ -110,6 +113,9 @@ export async function decryptFile(
outputPath: string, outputPath: string,
secret: string secret: string
) { ) {
if (fs.lstatSync(inputPath).isDirectory()) {
throw new Error("Unable to encrypt directory")
}
const { salt, iv } = await getSaltAndIV(inputPath) const { salt, iv } = await getSaltAndIV(inputPath)
const inputFile = fs.createReadStream(inputPath, { const inputFile = fs.createReadStream(inputPath, {
start: SALT_LENGTH + IV_LENGTH, start: SALT_LENGTH + IV_LENGTH,

18
packages/builder/src/components/start/ExportAppModal.svelte
View File

@ -13,7 +13,7 @@
export let app export let app
export let published export let published
let includeInternalTablesRows = true let includeInternalTablesRows = true
let encypt = true let encrypt = true
let password = null let password = null
const validation = createValidationStore() const validation = createValidationStore()
@ -27,9 +27,9 @@
$: stepConfig = { $: stepConfig = {
[Step.CONFIG]: { [Step.CONFIG]: {
title: published ? "Export published app" : "Export latest app", title: published ? "Export published app" : "Export latest app",
confirmText: encypt ? "Continue" : exportButtonText, confirmText: encrypt ? "Continue" : exportButtonText,
onConfirm: () => { onConfirm: () => {
if (!encypt) { if (!encrypt) {
exportApp() exportApp()
} else { } else {
currentStep = Step.SET_PASSWORD currentStep = Step.SET_PASSWORD
@ -109,13 +109,13 @@
text="Export rows from internal tables" text="Export rows from internal tables"
bind:value={includeInternalTablesRows} bind:value={includeInternalTablesRows}
/> />
<Toggle text="Encrypt my export" bind:value={encypt} /> <Toggle text="Encrypt my export" bind:value={encrypt} />
</Body> </Body>
{#if !encypt} <InlineAlert
<InlineAlert header={encrypt
header="Do not share your budibase application exports publicly as they may contain sensitive information such as database credentials or secret keys." ? "Please note Budibase does not encrypt the files during the export process to ensure efficient export of large attachments."
/> : "Do not share your Budibase application exports publicly as they may contain sensitive information such as database credentials or secret keys."}
{/if} />
{/if} {/if}
{#if currentStep === Step.SET_PASSWORD} {#if currentStep === Step.SET_PASSWORD}
<Input <Input