attr_redactor 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 7ef566d6a681d20457b44307df0704879c64814b
+  data.tar.gz: 529a1c447257ad7b692d36847f1625bbd70354b0
+SHA512:
+  metadata.gz: fd65f904aac0a3827d8d108c2ba1b2481d3696882c046e8b1782db61899b1b3e45e092dfe3d745758cb121fb750c5caa6eee21f1dfd550d8abf8682d4f4cc2de
+  data.tar.gz: 4c96ba87e0a8a90eb78c3776d53487839843829694133167630bb33c29a5b2e5ebbcd5d1395496e0b80bf77ab160eddd1fae2f20ac50e68459b9ae7c74c280dd

data/.gitignore

@@ -0,0 +1,6 @@
+.bundle
+.DS_Store
+.ruby-version
+pkg
+Gemfile.lock
+coverage

data/.travis.yml

@@ -0,0 +1,17 @@
+sudo: false
+language: ruby
+cache: bundler
+rvm:
+  - 2.0
+  - 2.1
+  - 2.3.0
+env:
+  - ACTIVERECORD=3.0.0
+  - ACTIVERECORD=3.2.0
+  - ACTIVERECORD=4.0.0
+  - ACTIVERECORD=4.2.0
+matrix:
+  exclude:
+  allow_failures:
+    - rvm: rbx
+  fast_finish: true

data/CHANGELOG.md

@@ -0,0 +1,3 @@
+# attr_redactor #
+
+##0.1.0 ##

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gemspec

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2008 Sean Huber - shuber@huberry.com
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,259 @@
+[![Gem Version](https://badge.fury.io/rb/attr_redactor.svg)](https://badge.fury.io/rb/attr_redactor)
+[![Build Status](https://travis-ci.org/chrisjensen/attr_redactor.svg?branch=master)](https://travis-ci.org/chrisjensen/attr_redactor)
+[![Test Coverage](https://codeclimate.com/github/chrisjensen/attr_redactor/badges/coverage.svg)](https://codeclimate.com/github/chrisjensen/attr_redactor/coverage)
+[![Code Climate](https://codeclimate.com/github/chrisjensen/attr_redactor/badges/gpa.svg)](https://codeclimate.com/github/chrisjensen/attr_redactor)
+[![security](https://hakiri.io/github/chrisjensen/attr_redactor/master.svg)](https://hakiri.io/github/chrisjensen/attr_redactor/master)
+
+# attr_redactor
+
+Generates attr_accessors that transparently redact a hash attribute by removing, digesting or encrypting certain keys.
+
+This code is based off of the [attr_encrypted/attr_encrypted](https://github.com/attr-encrypted/attr_encrypted) code base.
+
+Helper classes for `ActiveRecord`, 
+
+`DataMapper`, and `Sequel` helpers have been retained, but have not been successfully tested.
+
+## Installation
+
+Add attr_redactor to your gemfile:
+
+```ruby
+  gem "attr_redactor"
+```
+
+Then install the gem:
+
+```bash
+  bundle install
+```
+
+## Usage
+
+If you're using an ORM like `ActiveRecord` using attr_redactor is easy:
+
+```ruby
+  class User
+    attr_redactor :user_data, redact: { :ssn => :remove, :email => :encrypt }
+  end
+```
+
+If you're using a PORO, you have to do a little bit more work by extending the class:
+
+```ruby
+  class User
+    extend AttrRedactor
+    attr_accessor :name
+    attr_redactor :user_data, redact: { :ssn => :remove, :email => :encrypt }, encryption_key: 'YOUR ENCRYPTION KEY'
+
+    def load
+      # loads the stored data
+    end
+
+    def save
+      # saves the :name and :redacted_user_data attributes somewhere (e.g. filesystem, database, etc)
+    end
+  end
+
+  user = User.new
+  user.user_data = { ssn: '123-45-6789', email: 'personal@email.com' }
+  user.redacted_data[:encrypted_email] # returns the encrypted version of :ssn
+  user.redacted_data.has_key?(:email) # false
+  user.save
+
+  user = User.load
+  user.data { email: 'personal@email.com' }
+```
+
+When you set a redacted attribute the data is *immediately* redacted and the attribute replaced.
+This is to avoid confusion or inconsistency when passing a record around that might be freshly created or loaded from the DB.
+
+```
+  user = User.new user_data: { ssn: '123-45-6789', email: 'personal@email.com' }
+  
+  user.user_data[:ssn] # nil
+```
+
+### Note on Updating Data
+
+Changes within the hash may not be saved
+
+To ensure ActiveRecord saves changed data, you should always update the hash entirely, not keys within the hash.
+
+```
+  user = User.new user_data: { ssn: '123-45-6789', email: 'personal@email.com' }
+  
+  user.user_data[:email] = 'new_address@gmail.com'
+  user.save!
+  
+  user.reload
+  user.user_data[:email] # 'personal@email.com'
+```
+
+### attr_redacted with database persistence
+
+By default, `attr_redacted` stores the redacted data in `:redacted_<attribute>`.
+
+Create or modify the table that your model uses to add a column with the `redacted_` prefix (which can be modified, see below), e.g. `redacted_ssn` via a migration like the following:
+
+```ruby
+  create_table :users do |t|
+    t.string :name
+    t.jsonb :redacted_user_data
+    t.timestamps
+  end
+```
+
+### Specifying the redacted attribute name
+
+By default, the redacted attribute name is `redacted_#{attribute}` (e.g. `attr_redacted :data` would create an attribute named `redacted_data`). So, if you're storing the redacted attribute in the database, you need to make sure the `redacted_#{attribute}` field exists in your table. You have a couple of options if you want to name your attribute or db column something else, see below for more details.
+
+
+## attr_redacted options
+
+#### Options are evaluated
+All options will be evaluated at the instance level.
+
+### Default options
+
+The following are the default options used by `attr_redacted`:
+
+```ruby
+  prefix:            'redacted_',
+  suffix:            '',
+  marshal:           false,
+  marshaler:         Marshal,
+  dump_method:       'dump',
+  load_method:       'load',
+```
+
+Additionally, you can specify default options for all redacted attributes in your class. Instead of having to define your class like this:
+
+```ruby
+  class User
+    attr_redacted :email, prefix: '', suffix: '_redacted'
+    attr_redacted :ssn, prefix: '', suffix: '_redacted'
+    attr_redacted :credit_card, prefix: '', suffix: '_redacted'
+  end
+```
+
+You can simply define some default options like so:
+
+```ruby
+  class User
+    attr_redacted_options.merge!(prefix: '', :suffix => '_crypted')
+    attr_redacted :email
+    attr_redacted :ssn
+    attr_redacted :credit_card
+  end
+```
+
+This should help keep your classes clean and DRY.
+
+### The `:attribute` option
+
+You can simply pass the name of the redacted attribute as the `:attribute` option:
+
+```ruby
+  class User
+    attr_redacted :data, attribute: 'obfuscated_data'
+  end
+```
+
+This would generate an attribute named `obfuscated_data`
+
+
+### The `:prefix` and `:suffix` options
+
+If you don't like the `redacted_#{attribute}` naming convention then you can specify your own:
+
+```ruby
+  class User
+    attr_redacted :data, prefix: 'secret_', suffix: '_hidden'
+  end
+```
+
+This would generate the attribute: `secret_data_hidden`.
+
+### The `:encryption_key` option
+
+Specifies the encryption key to use for encrypted data in the hash.
+This *must* be present if you use encryption.
+
+### The `:digest_salt` option
+
+Specifies a salt to use when digesting.
+If not present then your data will be hashed *without* a salt which makes it less secure.
+
+### The `:encode`, `:encode_iv`, and `:default_encoding` options
+
+You're probably going to be storing your redacted attributes somehow (e.g. filesystem, database, etc). You can pass the `:encode` option to automatically encode/decode when encrypting/hashing/decrypting. The default behavior assumes that you're using a string column type and will base64 encode your cipher text. If you choose to use the binary column type then encoding is not required, but be sure to pass in `false` with the `:encode` option.
+
+```ruby
+  class User
+    attr_redacted :data, encode: true, encode_iv: true
+  end
+```
+
+The default encoding is `m` (base64). You can change this by setting `encode: 'some encoding'`. See [`Arrary#pack`](http://ruby-doc.org/core-2.3.0/Array.html#method-i-pack) for more encoding options.
+
+## ORMs
+
+### ActiveRecord
+
+If you're using this gem with `ActiveRecord`, you get a few extra features:
+
+## Things to consider before using attr_redacted
+
+#### Data gone immediately
+Obviously, anything you decide to digest or remove, that will be done immediately and you will have no way to recover that data (except keeping a copy of the original hash)
+
+#### Searching, joining, etc
+You cannot search encrypted or hashed data (or, obviously, removed data), and because you can't search it, you can't index it either. You also can't use joins on the redacted data. Data that is securely encrypted is effectively noise. 
+So any operations that rely on the data not being noise will not work. If you need to do any of the aforementioned operations, please consider using database and file system encryption along with transport encryption as it moves through your stack.
+Since redacting uses a hash that is comparable, you could still index digested columns
+
+#### Data leaks
+Please also consider where your data leaks. If you're using attr_redacted with Rails, it's highly likely that this data will enter your app as a request parameter. You'll want to be sure that you're filtering your request params from you logs or else your data is sitting in the clear in your logs. [Parameter Filtering in Rails](http://apidock.com/rails/ActionDispatch/Http/FilterParameters) Please also consider other possible leak points.
+
+#### Metadata regarding your crypto implementation
+It is advisable to also store metadata regarding the circumstances of your encrypted data. Namely, you should store information about the key used to encrypt your data, as well as the algorithm. Having this metadata with every record will make key rotation and migrating to a new algorithm signficantly easier. It will allow you to continue to decrypt old data using the information provided in the metadata and new data can be encrypted using your new key and algorithm of choice.
+
+## Testing
+To verify you've configured redaction properly in your tests, use `attr_redacted?` and `attr_redact_hash`
+
+Given class:
+
+```ruby
+  class User
+    attr_redacted :data, redact: { :ssn => :remove, :email => :encrypt }
+  end
+```
+
+### Minitest
+```ruby
+  def test_should_redact_dataa
+    expected_hash = { :ssn => :remove, :email => :encrypt }
+    assert User.new.attr_redacted?(:data)
+    assert_equal expected_hash, User.new.data_redact_hash
+  end
+```
+
+### RSpec
+```ruby
+  it "should redact data"
+    expect(User.new.attr_redacted?(:data)).to be_truthy
+    expect(User.new.data_redact_hash).to eq({ :ssn => :remove, :email => :encrypt })
+  end
+```
+
+
+
+## Note on Patches/Pull Requests
+
+* Fork the project.
+* Make your feature addition or bug fix.
+* Add tests for it. This is important so I don't break it in a
+  future version unintentionally.
+* Commit, do not mess with rakefile, version, changelog, or history.
+* Send me a pull request. Bonus points for topic branches.

data/Rakefile

@@ -0,0 +1,22 @@
+require 'rake/testtask'
+require 'rdoc/task'
+require "bundler/gem_tasks"
+
+desc 'Test the attr_redactor gem.'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = true
+end
+
+desc 'Generate documentation for the attr_redactor gem.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'attr_redactor'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+desc 'Default: run unit tests.'
+task :default => :test

data/attr_redactor.gemspec

@@ -0,0 +1,52 @@
+# -*- encoding: utf-8 -*-
+
+lib = File.expand_path('../lib/', __FILE__)
+$:.unshift lib unless $:.include?(lib)
+
+require 'attr_redactor/version'
+require 'date'
+
+Gem::Specification.new do |s|
+  s.name    = 'attr_redactor'
+  s.version = AttrRedactor::Version.string
+  s.date    = Date.today
+
+  s.summary     = 'Redact JSON attributes before saving'
+  s.description = 'Generates attr_accessors that redact certain values in the JSON structure before saving.'
+
+  s.authors   = ['Chris Jensen']
+  s.email    = ['chris@broadthought.co']
+  s.homepage = 'http://github.com/chrisjensen/attr_redactor'
+
+  s.has_rdoc = false
+  s.rdoc_options = ['--line-numbers', '--inline-source', '--main', 'README.rdoc']
+
+  s.require_paths = ['lib']
+
+  s.files      = `git ls-files`.split("\n")
+  s.test_files = `git ls-files -- test/*`.split("\n")
+
+  s.required_ruby_version = '>= 2.0.0'
+
+  s.add_dependency('hash_redactor', ['~> 0.2.1'])
+  # support for testing with specific active record version
+  activerecord_version = if ENV.key?('ACTIVERECORD')
+    "~> #{ENV['ACTIVERECORD']}"
+  else
+    '~> 3.0'
+  end
+  s.add_development_dependency('activerecord', activerecord_version)
+  s.add_development_dependency('actionpack', activerecord_version)
+  s.add_development_dependency('datamapper')
+  s.add_development_dependency('rake')
+  s.add_development_dependency('minitest')
+  s.add_development_dependency('sequel')
+  if defined?(RUBY_ENGINE) && RUBY_ENGINE.to_sym == :jruby
+    s.add_development_dependency('activerecord-jdbcsqlite3-adapter')
+    s.add_development_dependency('jdbc-sqlite3', '< 3.8.7') # 3.8.7 is nice and broke
+  else
+    s.add_development_dependency('sqlite3')
+  end
+  s.add_development_dependency('dm-sqlite-adapter')
+  s.add_development_dependency("codeclimate-test-reporter")
+end

data/lib/attr_redactor/adapters/active_record.rb

@@ -0,0 +1,86 @@
+if defined?(ActiveRecord::Base)
+  module AttrRedactor
+    module Adapters
+      module ActiveRecord
+        def self.extended(base) # :nodoc:
+          base.class_eval do
+
+            # https://github.com/attr-encrypted/attr_encrypted/issues/68
+            alias_method :reload_without_attr_redactor, :reload
+            def reload(*args, &block)
+              result = reload_without_attr_redactor(*args, &block)
+              self.class.redacted_attributes.keys.each do |attribute_name|
+                instance_variable_set("@#{attribute_name}", nil)
+              end
+              result
+            end
+
+            def perform_attribute_assignment(method, new_attributes, *args)
+              return if new_attributes.blank?
+
+              send method, new_attributes.reject { |k, _|  self.class.redacted_attributes.key?(k.to_sym) }, *args
+              send method, new_attributes.reject { |k, _| !self.class.redacted_attributes.key?(k.to_sym) }, *args
+            end
+            private :perform_attribute_assignment
+
+            if ::ActiveRecord::VERSION::STRING > "3.1"
+              alias_method :assign_attributes_without_attr_redactor, :assign_attributes
+              def assign_attributes(*args)
+                perform_attribute_assignment :assign_attributes_without_attr_redactor, *args
+              end
+            end
+
+            alias_method :attributes_without_attr_redactor=, :attributes=
+            def attributes=(*args)
+              perform_attribute_assignment :attributes_without_attr_redactor=, *args
+            end
+          end
+        end
+
+        protected
+
+          # <tt>attr_redactor</tt> method
+          def attr_redactor(*attrs)
+            super
+            options = attrs.extract_options!
+            attr = attrs.pop
+            options.merge! redacted_attributes[attr]
+
+            define_method("#{attr}_changed?") do
+              if send("#{options[:attribute]}_changed?")
+                send(attr) != send("#{attr}_was")
+              end
+            end
+
+            define_method("#{attr}_was") do
+              attr_was_options = { operation: :unredacting }
+              redacted_attributes[attr].merge!(attr_was_options)
+              evaluated_options = evaluated_attr_redacted_options_for(attr)
+              [:iv, :salt, :operation].each { |key| redacted_attributes[attr].delete(key) }
+              self.class.unredact(attr, send("#{options[:attribute]}_was"), evaluated_options)
+            end
+
+            alias_method "#{attr}_before_type_cast", attr
+          end
+
+          def attribute_instance_methods_as_symbols
+            # We add accessor methods of the db columns to the list of instance
+            # methods returned to let ActiveRecord define the accessor methods
+            # for the db columns
+
+            # Use with_connection so the connection doesn't stay pinned to the thread.
+            connected = ::ActiveRecord::Base.connection_pool.with_connection(&:active?) rescue false
+
+            if connected && table_exists?
+              columns_hash.keys.inject(super) {|instance_methods, column_name| instance_methods.concat [column_name.to_sym, :"#{column_name}="]}
+            else
+              super
+            end
+          end
+      end
+    end
+  end
+
+  ActiveRecord::Base.extend AttrRedactor
+  ActiveRecord::Base.extend AttrRedactor::Adapters::ActiveRecord
+end

data/lib/attr_redactor/adapters/data_mapper.rb

@@ -0,0 +1,21 @@
+if defined?(DataMapper)
+  module AttrRedactor
+    module Adapters
+      module DataMapper
+        def self.extended(base) # :nodoc:
+          class << base
+            alias_method :included_without_attr_redactor, :included
+            alias_method :included, :included_with_attr_redactor
+          end
+        end
+
+        def included_with_attr_redactor(base)
+          included_without_attr_redactor(base)
+          base.extend AttrRedactor
+        end
+      end
+    end
+  end
+
+  DataMapper::Resource.extend AttrRedactor::Adapters::DataMapper
+end

data/lib/attr_redactor/version.rb

@@ -0,0 +1,17 @@
+module AttrRedactor
+  # Contains information about this gem's version
+  module Version
+    MAJOR = 0
+    MINOR = 1
+    PATCH = 0
+
+    # Returns a version string by joining <tt>MAJOR</tt>, <tt>MINOR</tt>, and <tt>PATCH</tt> with <tt>'.'</tt>
+    #
+    # Example
+    #
+    #   Version.string # '1.0.2'
+    def self.string
+      [MAJOR, MINOR, PATCH].join('.')
+    end
+  end
+end