From 863143302706f698a32da8e77f8df0420251eedd Mon Sep 17 00:00:00 2001
From: YuviPanda <yuvipanda@gmail.com>
Date: Wed, 4 Jan 2023 11:43:15 -0800
Subject: [PATCH] Use json to read .json files

I hate that I can no longer say 'all json is valid YAML'
sigh
---
 pre_commit_hook_ensure_sops/__main__.py | 13 ++++++++++---
 setup.py                                |  2 +-
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/pre_commit_hook_ensure_sops/__main__.py b/pre_commit_hook_ensure_sops/__main__.py
index ec78b38..9bd9d27 100644
--- a/pre_commit_hook_ensure_sops/__main__.py
+++ b/pre_commit_hook_ensure_sops/__main__.py
@@ -3,6 +3,7 @@
 Validate if given list of files are encrypted with sops.
 """
 from argparse import ArgumentParser
+import json
 from ruamel.yaml import YAML
 from ruamel.yaml.parser import ParserError
 import sys
@@ -36,14 +37,20 @@ def check_file(filename):
     Returns a boolean indicating wether given file is valid or not, as well as
     a string with a human readable success / failure message.
     """
+    # All YAML is valid JSON *except* if it contains hard tabs, and the default go
+    # JSON outputter uses hard tabs, and since sops is written in go it does the same.
+    # So we can't just use a YAML loader here - we use a yaml one if it ends in
+    # .yaml, but json otherwise
+    if filename.endswith('.yaml'):
+        loader_func = yaml.load
+    else:
+        loader_func = json.load
     # sops doesn't have a --verify (https://github.com/mozilla/sops/issues/437)
     # so we implement some heuristics, primarily to guard against unencrypted
     # files being checked in.
     with open(filename) as f:
         try:
-            # Use the YAML parser to load files. All JSON is valid YAML, so this
-            # properly deals with JSON files too
-            doc = yaml.load(f)
+            doc = loader_func(f)
         except ParserError:
             # All sops encrypted files are valid JSON or YAML
             return False, f"{filename}: Not valid JSON or YAML, is not properly encrypted"
diff --git a/setup.py b/setup.py
index 7a2ec88..b6a33cc 100644
--- a/setup.py
+++ b/setup.py
@@ -5,7 +5,7 @@ with open("README.md", "r") as fh:
 
 setuptools.setup(
     name="pre-commit-hook-ensure-sops",
-    version="0.1",
+    version="1.0",
     author="Yuvi Panda",
     author_email="yuvipanda@gmail.com",
     description="pre-commit hook to ensure that files that should be encrypted with sops are in fact encrypted",