From 9382293b0bcaa2cf492decf363ac588c2d696439 Mon Sep 17 00:00:00 2001
From: Nick Meves <nick.meves@greenhouse.io>
Date: Mon, 11 May 2020 12:33:11 -0700
Subject: [PATCH] Ensure Cipher.Encrypt doesn't mangle input data []byte

---
 pkg/encryption/cipher_test.go | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/pkg/encryption/cipher_test.go b/pkg/encryption/cipher_test.go
index c49fb67a..197611ac 100644
--- a/pkg/encryption/cipher_test.go
+++ b/pkg/encryption/cipher_test.go
@@ -80,20 +80,26 @@ func TestEncryptAndDecrypt(t *testing.T) {
 									_, err := io.ReadFull(rand.Reader, data)
 									assert.Equal(t, nil, err)
 
+									// Ensure our Encrypt function doesn't encrypt in place
+									immutableData := make([]byte, len(data))
+									copy(immutableData, data)
+
 									encrypted, err := c.Encrypt(data)
 									assert.Equal(t, nil, err)
 									assert.NotEqual(t, encrypted, data)
+									// Encrypt didn't operate in-place on []byte
+									assert.Equal(t, data, immutableData)
 
 									// Ensure our Decrypt function doesn't decrypt in place
-									immutable := make([]byte, len(encrypted))
-									copy(immutable, encrypted)
+									immutableEnc := make([]byte, len(encrypted))
+									copy(immutableEnc, encrypted)
 
 									decrypted, err := c.Decrypt(encrypted)
 									assert.Equal(t, nil, err)
 									// Original data back
 									assert.Equal(t, data, decrypted)
 									// Decrypt didn't operate in-place on []byte
-									assert.Equal(t, encrypted, immutable)
+									assert.Equal(t, encrypted, immutableEnc)
 									// Encrypt/Decrypt actually did something
 									assert.NotEqual(t, encrypted, decrypted)
 								})