auth-sanitizer 0.1.4 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/CHANGELOG.md +63 -1
- data/CITATION.cff +1 -1
- data/CODE_OF_CONDUCT.md +0 -5
- data/CONTRIBUTING.md +74 -29
- data/FUNDING.md +0 -0
- data/LICENSE.md +10 -0
- data/README.md +136 -123
- data/RUBOCOP.md +0 -0
- data/SECURITY.md +1 -4
- data/certs/pboling.pem +27 -0
- data/lib/auth/sanitizer/core.rb +0 -0
- data/lib/auth/sanitizer/filtered_attributes.rb +27 -9
- data/lib/auth/sanitizer/sanitized_logger.rb +3 -3
- data/lib/auth/sanitizer/thing_filter.rb +0 -0
- data/lib/auth/sanitizer/version.rb +1 -1
- data/lib/auth/sanitizer.rb +6 -0
- data/lib/auth_sanitizer/loader.rb +27 -1
- data/sig/auth/sanitizer/version.rbs +8 -0
- data/sig/auth/sanitizer.rbs +0 -7
- data.tar.gz.sig +0 -0
- metadata +55 -27
- metadata.gz.sig +0 -0
- data/REEK +0 -0
|
@@ -34,10 +34,10 @@ module Auth
|
|
|
34
34
|
# the current {Auth::Sanitizer.filtered_label} value.
|
|
35
35
|
module InitializerMethods
|
|
36
36
|
def initialize(*args, &block)
|
|
37
|
-
super
|
|
37
|
+
super
|
|
38
38
|
@thing_filter = ThingFilter.new(
|
|
39
39
|
self.class.filtered_attribute_names,
|
|
40
|
-
label: Auth::Sanitizer.filtered_label
|
|
40
|
+
label: Auth::Sanitizer.filtered_label
|
|
41
41
|
)
|
|
42
42
|
end
|
|
43
43
|
end
|
|
@@ -93,16 +93,34 @@ module Auth
|
|
|
93
93
|
#
|
|
94
94
|
# @return [String]
|
|
95
95
|
def inspect
|
|
96
|
-
|
|
96
|
+
inspected = super
|
|
97
|
+
return inspected if thing_filter.things.empty?
|
|
97
98
|
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
99
|
+
redact_inspected_values(inspected.dup)
|
|
100
|
+
end
|
|
101
|
+
|
|
102
|
+
private
|
|
103
|
+
|
|
104
|
+
INSPECTED_STRING_VALUE = /"(?:(?:\\.)|[^"\\])*"/
|
|
105
|
+
INSPECTED_REDACTABLE_VALUE = /
|
|
106
|
+
(?:
|
|
107
|
+
(@([A-Za-z_]\w*[!?=]?)=) |
|
|
108
|
+
([,{]\s*([A-Za-z_]\w*[!?=]?):\s*) |
|
|
109
|
+
([,{]\s*:([A-Za-z_]\w*[!?=]?)\s*=>\s*) |
|
|
110
|
+
([,{]\s*"([A-Za-z_]\w*[!?=]?)"\s*=>\s*)
|
|
111
|
+
)
|
|
112
|
+
#{INSPECTED_STRING_VALUE}
|
|
113
|
+
/x
|
|
114
|
+
private_constant :INSPECTED_STRING_VALUE, :INSPECTED_REDACTABLE_VALUE
|
|
115
|
+
|
|
116
|
+
def redact_inspected_values(inspected)
|
|
117
|
+
inspected.gsub(INSPECTED_REDACTABLE_VALUE) do |match|
|
|
118
|
+
captures = Regexp.last_match.captures
|
|
119
|
+
prefix, = captures.each_slice(2).detect do |(_candidate_prefix, candidate_key)|
|
|
120
|
+
thing_filter.things.include?(candidate_key)
|
|
103
121
|
end
|
|
122
|
+
prefix ? "#{prefix}#{thing_filter.label}" : match
|
|
104
123
|
end
|
|
105
|
-
"#<#{self.class}:#{object_id} #{inspected_vars.join(", ")}>"
|
|
106
124
|
end
|
|
107
125
|
end
|
|
108
126
|
end
|
|
@@ -219,7 +219,7 @@ module Auth
|
|
|
219
219
|
# @param [String] message Logger message
|
|
220
220
|
# @return [String] Sanitized logger message
|
|
221
221
|
def sanitize_authorization_header(message)
|
|
222
|
-
message.gsub(/(Authorization:\s*)(
|
|
222
|
+
message.gsub(/(Authorization:\s*)(?:"[^"]*"|[^\r\n]+)/i, "\\1\"#{thing_filter.label}\"")
|
|
223
223
|
end
|
|
224
224
|
|
|
225
225
|
# Redact JSON-style values for configured sensitive key names.
|
|
@@ -227,7 +227,7 @@ module Auth
|
|
|
227
227
|
# @param [String] message Logger message
|
|
228
228
|
# @return [String] Sanitized logger message
|
|
229
229
|
def sanitize_json_pairs(message)
|
|
230
|
-
message.gsub(/([
|
|
230
|
+
message.gsub(/(["'])(#{thing_filter.pattern_source})\1(\s*:\s*)(["'])(.*?)\4/i) do
|
|
231
231
|
%(#{$1}#{$2}#{$1}#{$3}#{$4}#{thing_filter.label}#{$4})
|
|
232
232
|
end
|
|
233
233
|
end
|
|
@@ -237,7 +237,7 @@ module Auth
|
|
|
237
237
|
# @param [String] message Logger message
|
|
238
238
|
# @return [String] Sanitized logger message
|
|
239
239
|
def sanitize_form_and_query_pairs(message)
|
|
240
|
-
message.gsub(/(\b(?:#{thing_filter.pattern_source})=)([^&\s
|
|
240
|
+
message.gsub(/(\b(?:#{thing_filter.pattern_source})=)([^&\s"]+)/i, "\\1#{thing_filter.label}")
|
|
241
241
|
end
|
|
242
242
|
end
|
|
243
243
|
end
|
|
File without changes
|
data/lib/auth/sanitizer.rb
CHANGED
|
@@ -1,7 +1,13 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
require "version_gem"
|
|
4
|
+
|
|
3
5
|
require_relative "sanitizer/version"
|
|
4
6
|
require_relative "sanitizer/thing_filter"
|
|
5
7
|
require_relative "sanitizer/core"
|
|
6
8
|
require_relative "sanitizer/filtered_attributes"
|
|
7
9
|
require_relative "sanitizer/sanitized_logger"
|
|
10
|
+
|
|
11
|
+
Auth::Sanitizer::Version.class_eval do
|
|
12
|
+
extend VersionGem::Basic
|
|
13
|
+
end
|
|
@@ -22,12 +22,38 @@ module AuthSanitizer
|
|
|
22
22
|
# @return [Module] isolated Auth::Sanitizer module
|
|
23
23
|
def load_isolated
|
|
24
24
|
namespace = Module.new
|
|
25
|
+
auth_namespace = Module.new
|
|
26
|
+
namespace.const_set(:Auth, auth_namespace)
|
|
27
|
+
|
|
25
28
|
FILES.each do |relative_path|
|
|
26
29
|
path = File.expand_path("../#{relative_path}", __dir__)
|
|
27
|
-
|
|
30
|
+
auth_namespace.module_eval(isolated_source(path), path, 1)
|
|
28
31
|
end
|
|
32
|
+
|
|
29
33
|
namespace.const_get(:Auth).const_get(:Sanitizer)
|
|
30
34
|
end
|
|
35
|
+
|
|
36
|
+
private
|
|
37
|
+
|
|
38
|
+
# Remove the public top-level Auth wrapper before evaluating a file inside
|
|
39
|
+
# the anonymous Auth namespace. This keeps the normal files unchanged while
|
|
40
|
+
# avoiding Object::Auth leakage on runtimes where Module#module_eval still
|
|
41
|
+
# resolves nested module declarations through Object.
|
|
42
|
+
def isolated_source(path)
|
|
43
|
+
lines = File.readlines(path)
|
|
44
|
+
wrapper_index = lines.index("module Auth\n")
|
|
45
|
+
return lines.join.split("Auth::Sanitizer").join("Sanitizer") unless wrapper_index
|
|
46
|
+
|
|
47
|
+
lines.delete_at(wrapper_index)
|
|
48
|
+
closing_index = lines.rindex("end\n")
|
|
49
|
+
lines.delete_at(closing_index) if closing_index
|
|
50
|
+
|
|
51
|
+
wrapper_index.upto(lines.length - 1) do |index|
|
|
52
|
+
line = lines[index]
|
|
53
|
+
lines[index] = line.start_with?(" ") ? line[2..-1] : line
|
|
54
|
+
end
|
|
55
|
+
lines.join.split("Auth::Sanitizer").join("Sanitizer")
|
|
56
|
+
end
|
|
31
57
|
end
|
|
32
58
|
end
|
|
33
59
|
end
|
data/sig/auth/sanitizer.rbs
CHANGED
data.tar.gz.sig
CHANGED
|
Binary file
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: auth-sanitizer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1
|
|
4
|
+
version: 0.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Peter H. Boling
|
|
@@ -46,7 +46,7 @@ dependencies:
|
|
|
46
46
|
version: '1.1'
|
|
47
47
|
- - ">="
|
|
48
48
|
- !ruby/object:Gem::Version
|
|
49
|
-
version: 1.1.
|
|
49
|
+
version: 1.1.10
|
|
50
50
|
type: :runtime
|
|
51
51
|
prerelease: false
|
|
52
52
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -56,21 +56,27 @@ dependencies:
|
|
|
56
56
|
version: '1.1'
|
|
57
57
|
- - ">="
|
|
58
58
|
- !ruby/object:Gem::Version
|
|
59
|
-
version: 1.1.
|
|
59
|
+
version: 1.1.10
|
|
60
60
|
- !ruby/object:Gem::Dependency
|
|
61
61
|
name: kettle-dev
|
|
62
62
|
requirement: !ruby/object:Gem::Requirement
|
|
63
63
|
requirements:
|
|
64
64
|
- - "~>"
|
|
65
65
|
- !ruby/object:Gem::Version
|
|
66
|
-
version: '2.
|
|
66
|
+
version: '2.1'
|
|
67
|
+
- - ">="
|
|
68
|
+
- !ruby/object:Gem::Version
|
|
69
|
+
version: 2.1.0
|
|
67
70
|
type: :development
|
|
68
71
|
prerelease: false
|
|
69
72
|
version_requirements: !ruby/object:Gem::Requirement
|
|
70
73
|
requirements:
|
|
71
74
|
- - "~>"
|
|
72
75
|
- !ruby/object:Gem::Version
|
|
73
|
-
version: '2.
|
|
76
|
+
version: '2.1'
|
|
77
|
+
- - ">="
|
|
78
|
+
- !ruby/object:Gem::Version
|
|
79
|
+
version: 2.1.0
|
|
74
80
|
- !ruby/object:Gem::Dependency
|
|
75
81
|
name: bundler-audit
|
|
76
82
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -125,40 +131,60 @@ dependencies:
|
|
|
125
131
|
requirements:
|
|
126
132
|
- - "~>"
|
|
127
133
|
- !ruby/object:Gem::Version
|
|
128
|
-
version: '3.
|
|
134
|
+
version: '3.1'
|
|
129
135
|
- - ">="
|
|
130
136
|
- !ruby/object:Gem::Version
|
|
131
|
-
version: 3.
|
|
137
|
+
version: 3.1.1
|
|
132
138
|
type: :development
|
|
133
139
|
prerelease: false
|
|
134
140
|
version_requirements: !ruby/object:Gem::Requirement
|
|
135
141
|
requirements:
|
|
136
142
|
- - "~>"
|
|
137
143
|
- !ruby/object:Gem::Version
|
|
138
|
-
version: '3.
|
|
144
|
+
version: '3.1'
|
|
139
145
|
- - ">="
|
|
140
146
|
- !ruby/object:Gem::Version
|
|
141
|
-
version: 3.
|
|
147
|
+
version: 3.1.1
|
|
142
148
|
- !ruby/object:Gem::Dependency
|
|
143
149
|
name: kettle-test
|
|
144
150
|
requirement: !ruby/object:Gem::Requirement
|
|
145
151
|
requirements:
|
|
146
152
|
- - "~>"
|
|
147
153
|
- !ruby/object:Gem::Version
|
|
148
|
-
version: '
|
|
154
|
+
version: '2.0'
|
|
149
155
|
- - ">="
|
|
150
156
|
- !ruby/object:Gem::Version
|
|
151
|
-
version:
|
|
157
|
+
version: 2.0.3
|
|
152
158
|
type: :development
|
|
153
159
|
prerelease: false
|
|
154
160
|
version_requirements: !ruby/object:Gem::Requirement
|
|
155
161
|
requirements:
|
|
156
162
|
- - "~>"
|
|
157
163
|
- !ruby/object:Gem::Version
|
|
158
|
-
version: '
|
|
164
|
+
version: '2.0'
|
|
159
165
|
- - ">="
|
|
160
166
|
- !ruby/object:Gem::Version
|
|
161
|
-
version:
|
|
167
|
+
version: 2.0.3
|
|
168
|
+
- !ruby/object:Gem::Dependency
|
|
169
|
+
name: turbo_tests2
|
|
170
|
+
requirement: !ruby/object:Gem::Requirement
|
|
171
|
+
requirements:
|
|
172
|
+
- - "~>"
|
|
173
|
+
- !ruby/object:Gem::Version
|
|
174
|
+
version: '3.1'
|
|
175
|
+
- - ">="
|
|
176
|
+
- !ruby/object:Gem::Version
|
|
177
|
+
version: 3.1.1
|
|
178
|
+
type: :development
|
|
179
|
+
prerelease: false
|
|
180
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
181
|
+
requirements:
|
|
182
|
+
- - "~>"
|
|
183
|
+
- !ruby/object:Gem::Version
|
|
184
|
+
version: '3.1'
|
|
185
|
+
- - ">="
|
|
186
|
+
- !ruby/object:Gem::Version
|
|
187
|
+
version: 3.1.1
|
|
162
188
|
- !ruby/object:Gem::Dependency
|
|
163
189
|
name: ruby-progressbar
|
|
164
190
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -199,21 +225,21 @@ dependencies:
|
|
|
199
225
|
requirements:
|
|
200
226
|
- - "~>"
|
|
201
227
|
- !ruby/object:Gem::Version
|
|
202
|
-
version: '
|
|
228
|
+
version: '2.0'
|
|
203
229
|
- - ">="
|
|
204
230
|
- !ruby/object:Gem::Version
|
|
205
|
-
version:
|
|
231
|
+
version: 2.0.1
|
|
206
232
|
type: :development
|
|
207
233
|
prerelease: false
|
|
208
234
|
version_requirements: !ruby/object:Gem::Requirement
|
|
209
235
|
requirements:
|
|
210
236
|
- - "~>"
|
|
211
237
|
- !ruby/object:Gem::Version
|
|
212
|
-
version: '
|
|
238
|
+
version: '2.0'
|
|
213
239
|
- - ">="
|
|
214
240
|
- !ruby/object:Gem::Version
|
|
215
|
-
version:
|
|
216
|
-
description: "\
|
|
241
|
+
version: 2.0.1
|
|
242
|
+
description: "\U0001F48E Configurable KV output redaction. Sanitize/filter your secrets."
|
|
217
243
|
email:
|
|
218
244
|
- floss@galtzo.com
|
|
219
245
|
executables: []
|
|
@@ -224,8 +250,8 @@ extra_rdoc_files:
|
|
|
224
250
|
- CODE_OF_CONDUCT.md
|
|
225
251
|
- CONTRIBUTING.md
|
|
226
252
|
- FUNDING.md
|
|
253
|
+
- LICENSE.md
|
|
227
254
|
- README.md
|
|
228
|
-
- REEK
|
|
229
255
|
- RUBOCOP.md
|
|
230
256
|
- SECURITY.md
|
|
231
257
|
files:
|
|
@@ -234,10 +260,11 @@ files:
|
|
|
234
260
|
- CODE_OF_CONDUCT.md
|
|
235
261
|
- CONTRIBUTING.md
|
|
236
262
|
- FUNDING.md
|
|
263
|
+
- LICENSE.md
|
|
237
264
|
- README.md
|
|
238
|
-
- REEK
|
|
239
265
|
- RUBOCOP.md
|
|
240
266
|
- SECURITY.md
|
|
267
|
+
- certs/pboling.pem
|
|
241
268
|
- lib/auth/sanitizer.rb
|
|
242
269
|
- lib/auth/sanitizer/core.rb
|
|
243
270
|
- lib/auth/sanitizer/filtered_attributes.rb
|
|
@@ -246,15 +273,16 @@ files:
|
|
|
246
273
|
- lib/auth/sanitizer/version.rb
|
|
247
274
|
- lib/auth_sanitizer/loader.rb
|
|
248
275
|
- sig/auth/sanitizer.rbs
|
|
276
|
+
- sig/auth/sanitizer/version.rbs
|
|
249
277
|
homepage: https://github.com/ruby-oauth/auth-sanitizer
|
|
250
278
|
licenses:
|
|
251
279
|
- MIT
|
|
252
280
|
metadata:
|
|
253
|
-
homepage_uri: https://auth-sanitizer.galtzo.com
|
|
254
|
-
source_code_uri: https://github.com/ruby-oauth/auth-sanitizer/tree/v0.1
|
|
255
|
-
changelog_uri: https://github.com/ruby-oauth/auth-sanitizer/blob/v0.1
|
|
281
|
+
homepage_uri: https://auth-sanitizer.galtzo.com
|
|
282
|
+
source_code_uri: https://github.com/ruby-oauth/auth-sanitizer/tree/v0.2.1
|
|
283
|
+
changelog_uri: https://github.com/ruby-oauth/auth-sanitizer/blob/v0.2.1/CHANGELOG.md
|
|
256
284
|
bug_tracker_uri: https://github.com/ruby-oauth/auth-sanitizer/issues
|
|
257
|
-
documentation_uri: https://www.rubydoc.info/gems/auth-sanitizer/0.1
|
|
285
|
+
documentation_uri: https://www.rubydoc.info/gems/auth-sanitizer/0.2.1
|
|
258
286
|
funding_uri: https://github.com/sponsors/pboling
|
|
259
287
|
wiki_uri: https://github.com/ruby-oauth/auth-sanitizer/wiki
|
|
260
288
|
news_uri: https://www.railsbling.com/tags/auth-sanitizer
|
|
@@ -262,7 +290,7 @@ metadata:
|
|
|
262
290
|
rubygems_mfa_required: 'true'
|
|
263
291
|
rdoc_options:
|
|
264
292
|
- "--title"
|
|
265
|
-
- "auth-sanitizer - \
|
|
293
|
+
- "auth-sanitizer - \U0001F48E Configurable KV output redaction"
|
|
266
294
|
- "--main"
|
|
267
295
|
- README.md
|
|
268
296
|
- "--exclude"
|
|
@@ -283,7 +311,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
283
311
|
- !ruby/object:Gem::Version
|
|
284
312
|
version: '0'
|
|
285
313
|
requirements: []
|
|
286
|
-
rubygems_version: 4.0.
|
|
314
|
+
rubygems_version: 4.0.10
|
|
287
315
|
specification_version: 4
|
|
288
|
-
summary: "\
|
|
316
|
+
summary: "\U0001F48E Configurable KV output redaction"
|
|
289
317
|
test_files: []
|
metadata.gz.sig
CHANGED
|
Binary file
|
data/REEK
DELETED
|
File without changes
|