From f20018fd0b78be422f17efcd465142cbe298fc84 Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Mon, 1 Jul 2024 11:28:54 -0700 Subject: [PATCH 1/4] chore(CI): add security revert flag for CVE-2023-46809 --- .github/workflows/ci.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5d6a20445..bf602a084 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,7 +7,7 @@ jobs: CI: strategy: matrix: - node: [16, 18.3.0, 20.4.0] + node: [16, 18, 20] fail-fast: false runs-on: codebuild-AWS-ESDK-JS-Release-${{ github.run_id }}-${{ github.run_attempt }}-ubuntu-5.0-large permissions: @@ -31,20 +31,20 @@ jobs: role-session-name: JavaScriptTests - name: Test Node ${{matrix.node}} env: - NODE_OPTIONS: "--max-old-space-size=4096" + NODE_OPTIONS: "--max-old-space-size=4096 --security-revert=CVE-2023-46809" run: | npm ci npm run build npm run coverage-node - name: Test compliance env: - NODE_OPTIONS: "--max-old-space-size=4096" + NODE_OPTIONS: "--max-old-space-size=4096 --security-revert=CVE-2023-46809" run: | npm run lint npm run test_conditions - name: Run Test Vectors Node ${{matrix.node}} env: - NODE_OPTIONS: "--max-old-space-size=4096" + NODE_OPTIONS: "--max-old-space-size=4096 --security-revert=CVE-2023-46809" NPM_CONFIG_UNSAFE_PERM: true PUBLISH_LOCAL: true run: | @@ -53,7 +53,7 @@ jobs: npm run verdaccio-node-encrypt - name: Run Test Vectors Browser node ${{matrix.node}} env: - NODE_OPTIONS: "--max-old-space-size=4096" + NODE_OPTIONS: "--max-old-space-size=4096 --security-revert=CVE-2023-46809" NPM_CONFIG_UNSAFE_PERM: true PUBLISH_LOCAL: true run: | From c21d76fd2247daff7c49a264c075d75fa682605d Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Mon, 1 Jul 2024 11:33:38 -0700 Subject: [PATCH 2/4] not allowed in node options --- .github/workflows/ci.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bf602a084..f05e748bb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,32 +31,32 @@ jobs: role-session-name: JavaScriptTests - name: Test Node ${{matrix.node}} env: - NODE_OPTIONS: "--max-old-space-size=4096 --security-revert=CVE-2023-46809" + NODE_OPTIONS: "--max-old-space-size=4096" run: | npm ci npm run build - npm run coverage-node + npm run coverage-node --security-revert=CVE-2023-46809 - name: Test compliance env: - NODE_OPTIONS: "--max-old-space-size=4096 --security-revert=CVE-2023-46809" + NODE_OPTIONS: "--max-old-space-size=4096" run: | npm run lint npm run test_conditions - name: Run Test Vectors Node ${{matrix.node}} env: - NODE_OPTIONS: "--max-old-space-size=4096 --security-revert=CVE-2023-46809" + NODE_OPTIONS: "--max-old-space-size=4096" NPM_CONFIG_UNSAFE_PERM: true PUBLISH_LOCAL: true run: | npm run verdaccio-publish - npm run verdaccio-node-decrypt - npm run verdaccio-node-encrypt + npm run verdaccio-node-decrypt --security-revert=CVE-2023-46809 + npm run verdaccio-node-encrypt --security-revert=CVE-2023-46809 - name: Run Test Vectors Browser node ${{matrix.node}} env: - NODE_OPTIONS: "--max-old-space-size=4096 --security-revert=CVE-2023-46809" + NODE_OPTIONS: "--max-old-space-size=4096" NPM_CONFIG_UNSAFE_PERM: true PUBLISH_LOCAL: true run: | npm run verdaccio-publish - npm run verdaccio-browser-decrypt - npm run verdaccio-browser-encrypt + npm run verdaccio-browser-decrypt --security-revert=CVE-2023-46809 + npm run verdaccio-browser-encrypt --security-revert=CVE-2023-46809 From 6571296d1a880ab7133a9e23ff080de6101674ba Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Mon, 1 Jul 2024 14:29:54 -0700 Subject: [PATCH 3/4] test --- .github/workflows/ci.yml | 1 + package.json | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f05e748bb..0d83a8cad 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -33,6 +33,7 @@ jobs: env: NODE_OPTIONS: "--max-old-space-size=4096" run: | + openssl --version npm ci npm run build npm run coverage-node --security-revert=CVE-2023-46809 diff --git a/package.json b/package.json index d9854a42f..149973d86 100644 --- a/package.json +++ b/package.json @@ -45,7 +45,7 @@ "verdaccio-publish": "./util/local_verdaccio_publish", "verdaccio-browser-decrypt": "./util/npx_verdaccio @aws-crypto/integration-browser decrypt -v $PWD/$npm_package_config_localTestVectors --karma -c cpu", "verdaccio-browser-encrypt": "./util/npx_verdaccio @aws-crypto/integration-browser encrypt -m $npm_package_config_encryptManifestList -k $npm_package_config_encryptKeyManifest -o $npm_package_config_decryptOracle --karma -c cpu", - "verdaccio-node-decrypt": "./util/npx_verdaccio @aws-crypto/integration-node decrypt -v $PWD/$npm_package_config_localTestVectors -c cpu", + "verdaccio-node-decrypt": "./util/npx_verdaccio @aws-crypto/integration-node decrypt -v $PWD/$npm_package_config_localTestVectors -c cpu --security-revert=CVE-2023-46809", "verdaccio-node-encrypt": "./util/npx_verdaccio @aws-crypto/integration-node encrypt -m $npm_package_config_encryptManifestList -k $npm_package_config_encryptKeyManifest -o $npm_package_config_decryptOracle -c cpu", "test_conditions": "./aws-encryption-sdk-specification/util/test_conditions -s 'modules/**/src/*.ts' -t 'modules/**/test/*.ts' -s 'compliance_exceptions/*.ts'", "duvet-report": "aws-encryption-sdk-specification/util/report.js modules/**/src/**/*.ts modules/**/test/**/*.ts compliance_exceptions/*.ts" From 9e8fcc34200fca59b9d04da9e2ce56d3fb7b4588 Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Mon, 1 Jul 2024 14:38:13 -0700 Subject: [PATCH 4/4] update --- .github/workflows/ci.yml | 11 +++++------ package.json | 2 +- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0d83a8cad..4b199d41f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -33,10 +33,9 @@ jobs: env: NODE_OPTIONS: "--max-old-space-size=4096" run: | - openssl --version npm ci npm run build - npm run coverage-node --security-revert=CVE-2023-46809 + npm run coverage-node - name: Test compliance env: NODE_OPTIONS: "--max-old-space-size=4096" @@ -50,8 +49,8 @@ jobs: PUBLISH_LOCAL: true run: | npm run verdaccio-publish - npm run verdaccio-node-decrypt --security-revert=CVE-2023-46809 - npm run verdaccio-node-encrypt --security-revert=CVE-2023-46809 + npm run verdaccio-node-decrypt + npm run verdaccio-node-encrypt - name: Run Test Vectors Browser node ${{matrix.node}} env: NODE_OPTIONS: "--max-old-space-size=4096" @@ -59,5 +58,5 @@ jobs: PUBLISH_LOCAL: true run: | npm run verdaccio-publish - npm run verdaccio-browser-decrypt --security-revert=CVE-2023-46809 - npm run verdaccio-browser-encrypt --security-revert=CVE-2023-46809 + npm run verdaccio-browser-decrypt + npm run verdaccio-browser-encrypt diff --git a/package.json b/package.json index 149973d86..528dbb30e 100644 --- a/package.json +++ b/package.json @@ -43,7 +43,7 @@ "integration": "run-s integration-*", "verdaccio": "run-s verdaccio-*", "verdaccio-publish": "./util/local_verdaccio_publish", - "verdaccio-browser-decrypt": "./util/npx_verdaccio @aws-crypto/integration-browser decrypt -v $PWD/$npm_package_config_localTestVectors --karma -c cpu", + "verdaccio-browser-decrypt": "./util/npx_verdaccio @aws-crypto/integration-browser decrypt -v $PWD/$npm_package_config_localTestVectors --karma -c cpu --security-revert=CVE-2023-46809", "verdaccio-browser-encrypt": "./util/npx_verdaccio @aws-crypto/integration-browser encrypt -m $npm_package_config_encryptManifestList -k $npm_package_config_encryptKeyManifest -o $npm_package_config_decryptOracle --karma -c cpu", "verdaccio-node-decrypt": "./util/npx_verdaccio @aws-crypto/integration-node decrypt -v $PWD/$npm_package_config_localTestVectors -c cpu --security-revert=CVE-2023-46809", "verdaccio-node-encrypt": "./util/npx_verdaccio @aws-crypto/integration-node encrypt -m $npm_package_config_encryptManifestList -k $npm_package_config_encryptKeyManifest -o $npm_package_config_decryptOracle -c cpu",