attr_masker 0.1.0

data/.travis.yml

@@ -0,0 +1,32 @@
+sudo: false
+dist: trusty
+language: ruby
+before_install: gem install bundler -v 1.15.1
+
+script:
+  - bundle exec rspec
+
+rvm:
+  - "2.4"
+  - "2.3"
+  - "ruby-head"
+
+gemfile:
+  - gemfiles/Rails-5.1.gemfile
+
+matrix:
+  include:
+    - rvm: "2.4"
+      gemfile: "gemfiles/Rails-head.gemfile"
+    - rvm: "2.4"
+      gemfile: "gemfiles/Rails-5.0.gemfile"
+    - rvm: "2.3"
+      gemfile: "gemfiles/Rails-4.2.gemfile"
+    - rvm: "2.3"
+      gemfile: "gemfiles/Rails-4.1.gemfile"
+    - rvm: "2.2"
+      gemfile: "gemfiles/Rails-4.0.gemfile"
+
+  allow_failures:
+    - rvm: "ruby-head"
+    - gemfile: "gemfiles/Rails-head.gemfile"

data/Gemfile

@@ -0,0 +1,3 @@
+source "https://rubygems.org"
+
+gemspec

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2017 Ribose
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.adoc

@@ -0,0 +1,153 @@
+= attr_masker
+:source-highlighter: pygments
+:pygments-style: native
+:pygments-linenums-mode: inline
+
+image:https://img.shields.io/travis/riboseinc/attr_masker/master.svg["Build Status", link="https://travis-ci.org/riboseinc/attr_masker"]
+
+Mask ActiveRecord data with ease!
+
+== Introduction
+
+This gem is intended to mask sensitive data so that production database dumps
+can be used in staging or test environments.  It works with Active Record 4+
+and modern Rubies.
+
+== Getting started
+
+=== Installation
+
+Add attr_masker to your gemfile:
+
+[source,ruby]
+----
+  gem "attr_masker", github: "riboseinc/attr_masker"
+----
+
+
+Then install the gem:
+
+[source,sh]
+----
+  bundle install
+----
+
+=== Basic usage
+
+In your models, define attributes which should be masked:
+
+[source,ruby]
+----
+  class User
+    attr_masker :email, :first_name, :last_name
+  end
+----
+
+Then, when you want to mask the data, run the `db:mask` Rake task in some
+Rails environment other than production, for example:
+
+[source,sh]
+----
+  bundle exec rake db:mask RAILS_ENV=staging
+----
+
+WARNING: Data are destructively overwritten.  Run `rake db:mask` with care!
+
+=== Masking records selectively
+
+You can use `:if` and `:unless` options to prevent some records from being
+altered.
+
+[source,ruby]
+----
+# evaluates given proc for each record, and the record is passed as a proc's
+# argument
+attr_masker :email :unless => ->(record) { ! record.tester_user? }
+
+# calls #tester_user? method on each record
+attr_masker :first_name, :if => :tester_user?
+----
+
+=== Using custom maskers
+
+By default, data is maksed with `AttrMasker::Maskers::SIMPLE` masker which
+always returns `"(redacted)"` string.  But anything what responds to `#call`
+can be used instead: a lambda, `Method` instance, and more.  You can specify it
+by setting the `:masker` option.
+
+For instance, you may want to use https://github.com/ffaker/ffaker[ffaker] or
+https://github.com/skalee/well_read_faker[Well Read Faker] to generate random
+replacement values:
+
+[source,ruby]
+----
+require "ffaker"
+
+attr_masker :first_name, :masker => ->(_hash) { FFaker::Name.first_name }
+----
+
+A hash is passed as an argument, which includes some information about the
+record being masked and the attribute value.  It can be used to further
+customize masker's behaviour.
+
+=== Built-in maskers
+
+Attr Masker comes with several built-in maskers.
+
+`AttrMasker::Maskers::SIMPLE`::
++
+Simply replaces any value with the `"(redacted)"`.  Only useful for columns
+containing textual data.
++
+This is a default masker.  It is used when `:masker` option is unspecified.
++
+Example:
++
+[source,ruby]
+----
+attr_masker :first_name
+attr_masker :last_name, :masker => AttrMasker::Maskers::SIMPLE
+----
++
+Would set both `first_name` and `last_name` attributes to `"(redacted)"`.
+
+`AttrMasker::Maskers::Replacing`::
++
+Replaces characters with some masker string (single asterisk by default).
+Can be initialized with options.
++
+[options="header"]
+|===============================================================================
+|Name|Default|Description
+|`replacement`|`"*"`|Replacement string, can be empty.
+|`alphanum_only`|`false`|When true, only alphanumeric charaters are replaced.
+|===============================================================================
++
+Example:
++
+[source,ruby]
+----
+rm = AttrMasker::Maskers::Replacing.new(character: "X", alphanum_only: true)
+attr_masker :phone, :masker => rm
+----
++
+Would mask "123-456-7890" as "XXX-XXX-XXXX".
+
+== Roadmap & TODOs
+- documentation
+- spec tests
+- Make the `Rails.env` (in which `db:mask` could be run) configurable
+** maybe by passing `ENV` vars
+- more masking options!
+** default scrambling algorithms?
+** structured text preserving algorithms
+*** _e.g._, keeping an HTML snippet valid HTML, but with masked inner text
+** structured *Object* preserving algorithms
+*** _i.e._ generalization of the above HTML scenario
+- I18n of the default `"(redacted)"` phrase
+- …
+
+== Acknowledgements
+
+https://github.com/attr-encrypted/attr_encrypted[attr_encrypted] for the initial
+code structure

data/Rakefile

@@ -0,0 +1,32 @@
+# (c) 2017 Ribose Inc.
+#
+
+# require 'rake'
+# require 'rake/testtask'
+# require 'rake/rdoctask'
+
+require "bundler/gem_tasks"
+load "tasks/db.rake"
+
+# desc 'Generate documentation for the attr_masker gem.'
+# Rake::RDocTask.new(:rdoc) do |rdoc|
+#   rdoc.rdoc_dir = 'rdoc'
+#   rdoc.title    = 'attr_masker'
+#   rdoc.options << '--line-numbers' << '--inline-source'
+#   rdoc.rdoc_files.include('README*')
+#   rdoc.rdoc_files.include('lib/**/*.rb')
+# end
+#
+# if RUBY_VERSION < '1.9.3'
+#   require 'rcov/rcovtask'
+#
+#   task :rcov do
+#     system "rcov -o coverage/rcov --exclude '^(?!lib)' " + FileList[ 'test/**/*_test.rb' ].join(' ')
+#   end
+#
+#   desc 'Default: run unit tests under rcov.'
+#   task :default => :rcov
+# else
+#   desc 'Default: run unit tests.'
+#   task :default => :test
+# end

data/attr_masker.gemspec

@@ -0,0 +1,34 @@
+# (c) 2017 Ribose Inc.
+#
+
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "attr_masker/version"
+
+Gem::Specification.new do |gem|
+  gem.name              = "attr_masker"
+  gem.version           = AttrMasker::Version.string
+  gem.authors           = ["Ribose Inc."]
+  gem.email             = ["open.source@ribose.com"]
+  gem.homepage          = "https://github.com/riboseinc/attr_masker"
+  gem.summary           = "Masking attributes"
+  gem.licenses          = ["MIT"]
+  gem.description       = "It is desired to mask certain attributes " \
+                          "of certain models by modifying the database."
+
+  gem.files         = `git ls-files`.split($/)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ["lib"]
+
+  gem.add_runtime_dependency("rails", ">= 4.0.0", "< 6.0")
+  gem.add_runtime_dependency("ruby-progressbar", "~> 1.8")
+
+  gem.add_development_dependency("bundler", "~> 1.15")
+  gem.add_development_dependency("combustion", "~> 0.7.0")
+  gem.add_development_dependency("database_cleaner", "~> 1.6")
+  gem.add_development_dependency("pry")
+  gem.add_development_dependency("rspec", ">= 3.0")
+  gem.add_development_dependency("rubocop", "~> 0.49.1")
+  gem.add_development_dependency("sqlite3", "~> 1.3.13")
+end

data/config.ru

@@ -0,0 +1,7 @@
+require "rubygems"
+require "bundler"
+
+Bundler.require :default, :development
+
+Combustion.initialize! :all
+run Combustion::Application

data/gemfiles/Rails-4.0.gemfile

@@ -0,0 +1,5 @@
+source "https://rubygems.org"
+
+gem "activerecord", "~> 4.0.0"
+
+gemspec path: ".."

data/gemfiles/Rails-4.1.gemfile

@@ -0,0 +1,5 @@
+source "https://rubygems.org"
+
+gem "activerecord", "~> 4.1.0"
+
+gemspec path: ".."

data/gemfiles/Rails-4.2.gemfile

@@ -0,0 +1,5 @@
+source "https://rubygems.org"
+
+gem "activerecord", "~> 4.2.0"
+
+gemspec path: ".."

data/gemfiles/Rails-5.0.gemfile

@@ -0,0 +1,5 @@
+source "https://rubygems.org"
+
+gem "activerecord", "~> 5.0.0"
+
+gemspec path: ".."

data/gemfiles/Rails-5.1.gemfile

@@ -0,0 +1,5 @@
+source "https://rubygems.org"
+
+gem "activerecord", "~> 5.1.0"
+
+gemspec path: ".."

data/gemfiles/Rails-head.gemfile

@@ -0,0 +1,6 @@
+source "https://rubygems.org"
+
+gem "activerecord", github: "rails/rails"
+gem "arel", github: "rails/arel"
+
+gemspec path: ".."

data/lib/attr_masker/error.rb

@@ -0,0 +1,6 @@
+# (c) 2017 Ribose Inc.
+#
+module AttrMasker
+  class Error < ::StandardError
+  end
+end

data/lib/attr_masker/maskers/replacing.rb

@@ -0,0 +1,30 @@
+# (c) 2017 Ribose Inc.
+#
+module AttrMasker
+  module Maskers
+    # This default masker simply replaces any value with a fixed string.
+    #
+    # +opts+ is a Hash with the key :value that gives you the current attribute
+    # value.
+    #
+    class Replacing
+      attr_reader :replacement, :alphanum_only
+
+      def initialize(replacement: "*", alphanum_only: false)
+        replacement = "" if replacement.nil?
+        @replacement = replacement
+        @alphanum_only = alphanum_only
+      end
+
+      def call(value:, **_opts)
+        return value unless value.is_a? String
+
+        if alphanum_only
+          value.gsub(/[[:alnum:]]/, replacement)
+        else
+          replacement * value.size
+        end
+      end
+    end
+  end
+end

data/lib/attr_masker/maskers/simple.rb

@@ -0,0 +1,12 @@
+module AttrMasker
+  module Maskers
+    # This default masker simply replaces any value with a fixed string.
+    #
+    # +opts+ is a Hash with the key :value that gives you the current attribute
+    # value.
+    #
+    SIMPLE = lambda do |_opts|
+      "(redacted)"
+    end
+  end
+end

data/lib/attr_masker/performer.rb

@@ -0,0 +1,67 @@
+# (c) 2017 Ribose Inc.
+#
+module AttrMasker
+  module Performer
+    class ActiveRecord
+      def mask
+        unless defined? ::ActiveRecord
+          raise AttrMasker::Error, "ActiveRecord undefined. Nothing to do!"
+        end
+
+        # Do not want production environment to be masked!
+        #
+        if Rails.env.production?
+          raise AttrMasker::Error, "Attempted to run in production environment."
+        end
+
+        all_models.each do |klass|
+          next if klass.masker_attributes.empty?
+          mask_class(klass)
+        end
+      end
+
+      private
+
+      def mask_class(klass)
+        progressbar_for_model(klass) do |bar|
+          klass.all.each do |model|
+            mask_object model
+            bar.increment
+          end
+        end
+      end
+
+      # For each masker attribute, mask it, and save it!
+      #
+      def mask_object(instance)
+        klass = instance.class
+
+        updates = klass.masker_attributes.reduce({}) do |acc, masker_attr|
+          attr_name = masker_attr[0]
+          column_name = masker_attr[1][:column_name] || attr_name
+          masker_value = instance.mask(attr_name)
+          acc.merge!(column_name => masker_value)
+        end
+
+        klass.all.update(instance.id, updates)
+      end
+
+      def progressbar_for_model(klass)
+        bar = ProgressBar.create(
+          title: klass.name,
+          total: klass.count,
+          throttle_rate: 0.1,
+          format: %q[%t %c/%C (%j%%) %B %E],
+        )
+
+        yield bar
+      ensure
+        bar.finish
+      end
+
+      def all_models
+        ::ActiveRecord::Base.descendants.select(&:table_exists?)
+      end
+    end
+  end
+end

data/lib/attr_masker/railtie.rb

@@ -0,0 +1,17 @@
+# (c) 2017 Ribose Inc.
+#
+# URL:
+# http://blog.nathanhumbert.com/2010/02/rails-3-loading-rake-tasks-from-gem.html
+
+require "attr_masker"
+require "rails"
+
+module AttrMasker
+  class Railtie < Rails::Railtie
+    railtie_name :attr_masker
+
+    rake_tasks do
+      load "tasks/db.rake"
+    end
+  end
+end

data/lib/attr_masker/version.rb

@@ -0,0 +1,21 @@
+# (c) 2017 Ribose Inc.
+#
+
+module AttrMasker
+  # Contains information about this gem's version
+  module Version
+    MAJOR = 0
+    MINOR = 1
+    PATCH = 0
+
+    # Returns a version string by joining <tt>MAJOR</tt>, <tt>MINOR</tt>, and
+    # <tt>PATCH</tt> with <tt>'.'</tt>
+    #
+    # Example
+    #
+    #   Version.string # '1.0.2'
+    def self.string
+      [MAJOR, MINOR, PATCH].join(".")
+    end
+  end
+end