From 21f9b38d31e2cee9f75eb2c286b547f19cdf43ca Mon Sep 17 00:00:00 2001
From: Rob Aleck <mnbf9rca@users.noreply.github.com>
Date: Mon, 6 Nov 2023 10:24:21 +0000
Subject: [PATCH 1/5] Add additional tests

---
 src/dotenv_vault/test_vault.py | 79 ++++++++++++++++++++++++++++++++++
 1 file changed, 79 insertions(+)

diff --git a/src/dotenv_vault/test_vault.py b/src/dotenv_vault/test_vault.py
index 196022d..94648c1 100644
--- a/src/dotenv_vault/test_vault.py
+++ b/src/dotenv_vault/test_vault.py
@@ -79,3 +79,82 @@ def test_load_dotenv_vault_not_there(self, find_dotenv):
             mocked_listdir.return_value = ['.env', 'some_file']
             path = vault.load_dotenv_vault()
             self.assertEqual(path, '/some/path/.env')
+
+
+class TestLoadDotenv:
+
+    @mock.patch.dict(os.environ, {"DOTENV_KEY": "secret_key"}, clear=True)
+    @mock.patch("builtins.open", new_callable=mock.mock_open, read_data="KEY=VALUE")
+    @mock.patch("dotenv_vault.main.parse_vault")
+    @mock.patch("dotenv_vault.main.load_dotenv_vault")
+    @mock.patch("dotenv_vault.main.dotenv.load_dotenv")
+    def test_load_encrypted_env(
+        self, mock_load_dotenv,
+        mock_load_dotenv_vault,
+        mock_parse_vault,
+        mock_open
+    ):
+            mock_parse_vault.return_value = "stream_with_decrypted_data"
+            mock_load_dotenv_vault.return_value = "this_is_the_valut"
+            mock_load_dotenv.return_value = True
+
+            assert vault.load_dotenv() == True
+            mock_load_dotenv_vault.assert_called_once()
+            mock_parse_vault.assert_called_once()
+            mock_open.assert_called_once_with(mock_load_dotenv_vault.return_value)
+            mock_load_dotenv.assert_called_once_with(
+                stream=mock_parse_vault.return_value, 
+                verbose=False, 
+                override=True, 
+                interpolate=True, 
+                encoding="utf-8"
+            )
+
+    @mock.patch.dict(os.environ, {"NOT_DOTENV_KEY": "shouldnt_be_detected"}, clear=True)
+    @mock.patch("builtins.open", new_callable=mock.mock_open, read_data="KEY=VALUE")
+    @mock.patch("dotenv_vault.main.dotenv.find_dotenv")
+    @mock.patch("dotenv_vault.main.dotenv.load_dotenv")
+    @mock.patch.dict(os.environ, {}, clear=True)
+    def test_load_unencrypted_env(self, 
+            mock_load_dotenv,
+            mock_find_dotenv,
+            mock_open
+        ):
+        mock_find_dotenv.return_value = "path_to_dotenv_file"
+        mock_load_dotenv.return_value = True
+
+        assert vault.load_dotenv() == True
+        mock_open.assert_called_once_with(mock_find_dotenv.return_value)
+        mock_find_dotenv.assert_called_once_with(usecwd=True)
+        mock_load_dotenv.assert_called_once_with(
+                stream=mock_open.return_value, 
+                verbose=False, 
+                override=True, 
+                interpolate=True, 
+                encoding="utf-8"
+        )
+
+    @mock.patch.dict(os.environ, {"NOT_DOTENV_KEY": "shouldnt_be_detected"}, clear=True)
+    @mock.patch("builtins.open", new_callable=mock.mock_open, read_data="KEY=VALUE")
+    @mock.patch("dotenv_vault.main.dotenv.find_dotenv")
+    @mock.patch("dotenv_vault.main.dotenv.load_dotenv")
+    @mock.patch.dict(os.environ, {}, clear=True)
+    def test_load_with_stream_provided(self, 
+            mock_load_dotenv,
+            mock_find_dotenv,
+            mock_open
+        ):
+        mock_find_dotenv.return_value = "path_to_dotenv_file"
+        mock_load_dotenv.return_value = True
+        test_stream_value = "test_stream_value"
+
+        assert vault.load_dotenv(stream=test_stream_value) == True
+        mock_open.assert_not_called()
+        mock_find_dotenv.assert_called_once_with(usecwd=True)
+        mock_load_dotenv.assert_called_once_with(
+                stream=test_stream_value, 
+                verbose=False, 
+                override=True, 
+                interpolate=True, 
+                encoding="utf-8"
+        )
\ No newline at end of file

From 36a339dab9b80e78d83ddefb378bb6bb1c121031 Mon Sep 17 00:00:00 2001
From: Rob Aleck <mnbf9rca@users.noreply.github.com>
Date: Mon, 6 Nov 2023 10:24:33 +0000
Subject: [PATCH 2/5] bump cryptography >41.0.3

---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index b0124ee..3599d8f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,2 +1,2 @@
 python-dotenv~=0.21.0
-cryptography<41.0.0,>=3.1.0
+cryptography<42.0.0,>41.0.3

From 9acc8c5a2ed3cd1ad2ac3f459504c6690d6d9fe9 Mon Sep 17 00:00:00 2001
From: Rob Aleck <mnbf9rca@users.noreply.github.com>
Date: Mon, 6 Nov 2023 10:24:49 +0000
Subject: [PATCH 3/5] bump package version to 0.6.4

---
 CHANGELOG.md                    | 6 ++++++
 src/dotenv_vault/__version__.py | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4f94985..bea94ad 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file. See [standa
 
 ## [Unreleased](https://github.com/dotenv-org/python-dotenv-vault/compare/v0.5.1...master)
 
+## 0.6.4
+
+### Changed
+
+- Bump Cryptography above 41.0.3 to resolve [#19](https://github.com/dotenv-org/python-dotenv-vault/issues/19) ([Vulnerable OpenSSL included in cryptography wheels](https://github.com/advisories/GHSA-5cpq-8wj7-hf2v) and [pyca/cryptography's wheels include vulnerable OpenSSL](https://github.com/advisories/GHSA-jm77-qphf-c4w8))
+
 ## 0.6.3
 
 ### Changed
diff --git a/src/dotenv_vault/__version__.py b/src/dotenv_vault/__version__.py
index feac8a8..a05f633 100644
--- a/src/dotenv_vault/__version__.py
+++ b/src/dotenv_vault/__version__.py
@@ -1,7 +1,7 @@
 __title__ = "python-dotenv-vault"
 __description__ = "Decrypt .env.vault file."
 __url__ = "https://github.com/dotenv-org/python-dotenv-vault"
-__version__ = "0.6.3"
+__version__ = "0.6.4"
 __author__ = "dotenv"
 __author_email__ = "mot@dotenv.org"
 __license__ = "MIT"

From 55003b7c5428b72da5fcb06f9981ccc4e76c9ca7 Mon Sep 17 00:00:00 2001
From: Rob Aleck <mnbf9rca@users.noreply.github.com>
Date: Mon, 6 Nov 2023 23:19:57 +0000
Subject: [PATCH 4/5] update cryptography in setup.py

---
 setup.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup.py b/setup.py
index c836439..35c0429 100644
--- a/setup.py
+++ b/setup.py
@@ -40,6 +40,6 @@ def read_files(files):
     ],
     install_requires=[
         'python-dotenv~=0.21.0',
-        'cryptography<41.0.0,>=3.1.0'
+        'cryptography<42.0.0,>41.0.3'
     ],
 )
\ No newline at end of file

From 3775f1465da4628c3946b4bddc623d43cb2fcefc Mon Sep 17 00:00:00 2001
From: Rob Aleck <mnbf9rca@users.noreply.github.com>
Date: Mon, 6 Nov 2023 23:27:39 +0000
Subject: [PATCH 5/5] updated changelog

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index bea94ad..2fe7eff 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,7 +8,7 @@ All notable changes to this project will be documented in this file. See [standa
 
 ### Changed
 
-- Bump Cryptography above 41.0.3 to resolve [#19](https://github.com/dotenv-org/python-dotenv-vault/issues/19) ([Vulnerable OpenSSL included in cryptography wheels](https://github.com/advisories/GHSA-5cpq-8wj7-hf2v) and [pyca/cryptography's wheels include vulnerable OpenSSL](https://github.com/advisories/GHSA-jm77-qphf-c4w8))
+- Bump Cryptography above 41.0.3 to resolve [#19](https://github.com/dotenv-org/python-dotenv-vault/issues/19) (High severity [CVE-2023-38325](https://nvd.nist.gov/vuln/detail/CVE-2023-38325))
 
 ## 0.6.3