better_newrelic_sql_obfuscator 1.0.0 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/.rvmrc +1 -0
- data/Gemfile +6 -5
- data/Gemfile.lock +5 -4
- data/Rakefile +1 -1
- data/VERSION +1 -1
- data/better_newrelic_sql_obfuscator.gemspec +22 -18
- data/lib/better_newrelic_sql_obfuscator.rb +1 -1
- data/test/better_newrelic_sql_obfuscator_unit_test.rb +84 -0
- metadata +46 -38
data/.rvmrc
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
rvm use ruby-1.8.7@better_newrelic_obfuscator --create --install
|
data/Gemfile
CHANGED
@@ -6,9 +6,10 @@ source "http://rubygems.org"
|
|
6
6
|
# Add dependencies to develop your gem here.
|
7
7
|
# Include everything needed to run rake, tests, features, etc.
|
8
8
|
group :development do
|
9
|
-
gem
|
10
|
-
gem "
|
11
|
-
gem "
|
12
|
-
gem "
|
13
|
-
gem "
|
9
|
+
gem 'rake'
|
10
|
+
gem "minitest"
|
11
|
+
gem "yard"
|
12
|
+
gem "bundler"
|
13
|
+
gem "jeweler"
|
14
|
+
gem "rcov"
|
14
15
|
end
|
data/Gemfile.lock
CHANGED
@@ -9,14 +9,15 @@ GEM
|
|
9
9
|
minitest (2.10.0)
|
10
10
|
rake (0.9.2.2)
|
11
11
|
rcov (0.9.11)
|
12
|
-
yard (0.
|
12
|
+
yard (0.7.4)
|
13
13
|
|
14
14
|
PLATFORMS
|
15
15
|
ruby
|
16
16
|
|
17
17
|
DEPENDENCIES
|
18
|
-
bundler
|
19
|
-
jeweler
|
18
|
+
bundler
|
19
|
+
jeweler
|
20
20
|
minitest
|
21
|
+
rake
|
21
22
|
rcov
|
22
|
-
yard
|
23
|
+
yard
|
data/Rakefile
CHANGED
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.0.
|
1
|
+
1.0.1
|
@@ -4,20 +4,21 @@
|
|
4
4
|
# -*- encoding: utf-8 -*-
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
|
-
s.name =
|
8
|
-
s.version = "1.0.
|
7
|
+
s.name = "better_newrelic_sql_obfuscator"
|
8
|
+
s.version = "1.0.1"
|
9
9
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
11
|
s.authors = ["Renewable Funding, LLC"]
|
12
|
-
s.date =
|
13
|
-
s.description =
|
14
|
-
s.email =
|
12
|
+
s.date = "2012-01-12"
|
13
|
+
s.description = "see Summary"
|
14
|
+
s.email = "devteam@renewfund.com"
|
15
15
|
s.extra_rdoc_files = [
|
16
16
|
"LICENSE.txt",
|
17
17
|
"README.rdoc"
|
18
18
|
]
|
19
19
|
s.files = [
|
20
20
|
".document",
|
21
|
+
".rvmrc",
|
21
22
|
"Gemfile",
|
22
23
|
"Gemfile.lock",
|
23
24
|
"LICENSE.txt",
|
@@ -26,36 +27,39 @@ Gem::Specification.new do |s|
|
|
26
27
|
"VERSION",
|
27
28
|
"better_newrelic_sql_obfuscator.gemspec",
|
28
29
|
"lib/better_newrelic_sql_obfuscator.rb",
|
30
|
+
"test/better_newrelic_sql_obfuscator_unit_test.rb",
|
29
31
|
"test/helper.rb"
|
30
32
|
]
|
31
|
-
s.homepage =
|
33
|
+
s.homepage = "http://github.com/projectdx/better_newrelic_sql_obfuscator"
|
32
34
|
s.licenses = ["MIT"]
|
33
35
|
s.require_paths = ["lib"]
|
34
|
-
s.rubygems_version =
|
35
|
-
s.summary =
|
36
|
+
s.rubygems_version = "1.8.10"
|
37
|
+
s.summary = "Obfuscate SQL in NewRelic in a way that doesn't suck"
|
36
38
|
|
37
39
|
if s.respond_to? :specification_version then
|
38
|
-
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
39
40
|
s.specification_version = 3
|
40
41
|
|
41
42
|
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
43
|
+
s.add_development_dependency(%q<rake>, [">= 0"])
|
42
44
|
s.add_development_dependency(%q<minitest>, [">= 0"])
|
43
|
-
s.add_development_dependency(%q<yard>, ["
|
44
|
-
s.add_development_dependency(%q<bundler>, ["
|
45
|
-
s.add_development_dependency(%q<jeweler>, ["
|
45
|
+
s.add_development_dependency(%q<yard>, [">= 0"])
|
46
|
+
s.add_development_dependency(%q<bundler>, [">= 0"])
|
47
|
+
s.add_development_dependency(%q<jeweler>, [">= 0"])
|
46
48
|
s.add_development_dependency(%q<rcov>, [">= 0"])
|
47
49
|
else
|
50
|
+
s.add_dependency(%q<rake>, [">= 0"])
|
48
51
|
s.add_dependency(%q<minitest>, [">= 0"])
|
49
|
-
s.add_dependency(%q<yard>, ["
|
50
|
-
s.add_dependency(%q<bundler>, ["
|
51
|
-
s.add_dependency(%q<jeweler>, ["
|
52
|
+
s.add_dependency(%q<yard>, [">= 0"])
|
53
|
+
s.add_dependency(%q<bundler>, [">= 0"])
|
54
|
+
s.add_dependency(%q<jeweler>, [">= 0"])
|
52
55
|
s.add_dependency(%q<rcov>, [">= 0"])
|
53
56
|
end
|
54
57
|
else
|
58
|
+
s.add_dependency(%q<rake>, [">= 0"])
|
55
59
|
s.add_dependency(%q<minitest>, [">= 0"])
|
56
|
-
s.add_dependency(%q<yard>, ["
|
57
|
-
s.add_dependency(%q<bundler>, ["
|
58
|
-
s.add_dependency(%q<jeweler>, ["
|
60
|
+
s.add_dependency(%q<yard>, [">= 0"])
|
61
|
+
s.add_dependency(%q<bundler>, [">= 0"])
|
62
|
+
s.add_dependency(%q<jeweler>, [">= 0"])
|
59
63
|
s.add_dependency(%q<rcov>, [">= 0"])
|
60
64
|
end
|
61
65
|
end
|
@@ -54,7 +54,7 @@ module BetterNewrelicSqlObfuscator
|
|
54
54
|
obfuscated_sql = [field_expression, comparison, obfuscate_value(sensitive_data)].compact.join
|
55
55
|
|
56
56
|
# Don't obfuscate if we have a field expression that's on the whitelist or is on a 'nickname' field
|
57
|
-
|
57
|
+
unless field_expression.to_s.empty?
|
58
58
|
table_name, field_name = field_expression.to_s.gsub('"', '').split('.')
|
59
59
|
case
|
60
60
|
when whitelisted?('%s.%s' % [table_name, field_name])
|
@@ -0,0 +1,84 @@
|
|
1
|
+
require File.expand_path( File.dirname( __FILE__ ) + '/helper' )
|
2
|
+
require 'minitest/autorun'
|
3
|
+
|
4
|
+
class BetterNewrelicSqlObfuscatorUnitTest < MiniTest::Unit::TestCase
|
5
|
+
|
6
|
+
describe ".obfuscate_value" do
|
7
|
+
it "should salt and md5" do
|
8
|
+
expected = "'%s'" % Digest::MD5.hexdigest('3:foo')
|
9
|
+
assert_equal expected, BetterNewrelicSqlObfuscator.obfuscate_value('foo')
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
describe '.obfuscate (generic)' do
|
14
|
+
|
15
|
+
def assert_obfuscated_eq(sql, expected, message = nil)
|
16
|
+
actual = BetterNewrelicSqlObfuscator.obfuscate(sql)
|
17
|
+
assert_equal expected, actual, message
|
18
|
+
end
|
19
|
+
|
20
|
+
def assert_not_obfuscated(sql, message = nil)
|
21
|
+
assert_obfuscated_eq(sql, sql, message)
|
22
|
+
end
|
23
|
+
|
24
|
+
def ob_value(value)
|
25
|
+
BetterNewrelicSqlObfuscator.obfuscate_value(value)
|
26
|
+
end
|
27
|
+
|
28
|
+
it "should replace quoted strings floating out there by themselves" do
|
29
|
+
assert_obfuscated_eq %Q{select * from some_table where f_table_name = 'sensitive data'},
|
30
|
+
%Q{select * from some_table where f_table_name = #{ob_value("sensitive data")}}
|
31
|
+
end
|
32
|
+
|
33
|
+
it "should be copacetic with double-apostrophe quoting" do
|
34
|
+
assert_obfuscated_eq %Q{select * from some_table where f_table_name = '' and b_table_name = 'sensitive'' data'},
|
35
|
+
%Q{select * from some_table where f_table_name = #{ob_value('')} and b_table_name = #{ob_value("sensitive'' data")}}
|
36
|
+
end
|
37
|
+
|
38
|
+
it "should be copacetic with E'foo' string quoting" do
|
39
|
+
assert_obfuscated_eq %Q{select * from some_table where f_table_name = E'sensitive\\' data'},
|
40
|
+
%Q{select * from some_table where f_table_name = E#{ob_value("sensitive\\' data")}}
|
41
|
+
end
|
42
|
+
|
43
|
+
it "should replace quoted strings when compared against a double-quoted table-dot-field expression" do
|
44
|
+
assert_obfuscated_eq %Q{select * from some_table where "some_table"."some_field" = 'sensitive data'},
|
45
|
+
%Q{select * from some_table where "some_table"."some_field" = #{ob_value('sensitive data')}}
|
46
|
+
end
|
47
|
+
|
48
|
+
it "should replace quoted strings when compared against a double-quoted table-dot-field expression using whatever comparison operator" do
|
49
|
+
assert_obfuscated_eq %Q{select * from some_table where "some_table"."some_field" somehow_matches 'sensitive data'},
|
50
|
+
%Q{select * from some_table where "some_table"."some_field" somehow_matches #{ob_value('sensitive data')}}
|
51
|
+
end
|
52
|
+
|
53
|
+
it "should not replace quoted strings if they're used against a field that's on the whitelist" do
|
54
|
+
begin
|
55
|
+
BetterNewrelicSqlObfuscator.whitelist 'some_table.whitelisted_field'
|
56
|
+
assert_not_obfuscated %Q{select * from some_table where "some_table"."whitelisted_field"='perfectly harmless value'}
|
57
|
+
ensure
|
58
|
+
BetterNewrelicSqlObfuscator::WhitelistHash.delete('some_table.whitelisted_field') # don't clobber config/initializers
|
59
|
+
end
|
60
|
+
end
|
61
|
+
|
62
|
+
it "should not eat subsequent expressions" do
|
63
|
+
begin
|
64
|
+
BetterNewrelicSqlObfuscator.whitelist 'some_table.whitelisted_field'
|
65
|
+
assert_obfuscated_eq \
|
66
|
+
%Q{select * from some_table where "some_table"."whitelisted_field"='perfectly harmless value' and "secret"."address"=E'i am the \\'lizard king'},
|
67
|
+
%Q{select * from some_table where "some_table"."whitelisted_field"='perfectly harmless value' and "secret"."address"=E#{ob_value('i am the \\\'lizard king')}}
|
68
|
+
ensure
|
69
|
+
BetterNewrelicSqlObfuscator::WhitelistHash.delete('some_table.whitelisted_field') # don't clobber config/initializers
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
it "should not replace quoted strings if an arbitrary block expression returns true on them" do
|
74
|
+
ob_proc = Proc.new { |table, field| [table, field] == %w[wibble wobble] }
|
75
|
+
begin
|
76
|
+
BetterNewrelicSqlObfuscator.dont_obfuscate_table_and_field(&ob_proc)
|
77
|
+
assert_not_obfuscated %Q{select * from some_table where "wibble"."wobble"='a_nickname'}
|
78
|
+
ensure
|
79
|
+
BetterNewrelicSqlObfuscator::DontObfuscateProcs.delete(ob_proc) # don't clobber config/initializers
|
80
|
+
end
|
81
|
+
end
|
82
|
+
end
|
83
|
+
|
84
|
+
end
|
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: better_newrelic_sql_obfuscator
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
5
|
-
prerelease:
|
4
|
+
hash: 21
|
5
|
+
prerelease:
|
6
6
|
segments:
|
7
7
|
- 1
|
8
8
|
- 0
|
9
|
-
-
|
10
|
-
version: 1.0.
|
9
|
+
- 1
|
10
|
+
version: 1.0.1
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Renewable Funding, LLC
|
@@ -15,12 +15,24 @@ autorequire:
|
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
17
|
|
18
|
-
date: 2012-01-
|
19
|
-
default_executable:
|
18
|
+
date: 2012-01-12 00:00:00 Z
|
20
19
|
dependencies:
|
21
20
|
- !ruby/object:Gem::Dependency
|
21
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
22
|
+
none: false
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
hash: 3
|
27
|
+
segments:
|
28
|
+
- 0
|
29
|
+
version: "0"
|
30
|
+
version_requirements: *id001
|
31
|
+
name: rake
|
22
32
|
prerelease: false
|
23
|
-
|
33
|
+
type: :development
|
34
|
+
- !ruby/object:Gem::Dependency
|
35
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
24
36
|
none: false
|
25
37
|
requirements:
|
26
38
|
- - ">="
|
@@ -29,60 +41,54 @@ dependencies:
|
|
29
41
|
segments:
|
30
42
|
- 0
|
31
43
|
version: "0"
|
44
|
+
version_requirements: *id002
|
32
45
|
name: minitest
|
33
|
-
|
46
|
+
prerelease: false
|
34
47
|
type: :development
|
35
48
|
- !ruby/object:Gem::Dependency
|
36
|
-
|
37
|
-
version_requirements: &id002 !ruby/object:Gem::Requirement
|
49
|
+
requirement: &id003 !ruby/object:Gem::Requirement
|
38
50
|
none: false
|
39
51
|
requirements:
|
40
|
-
- -
|
52
|
+
- - ">="
|
41
53
|
- !ruby/object:Gem::Version
|
42
|
-
hash:
|
54
|
+
hash: 3
|
43
55
|
segments:
|
44
56
|
- 0
|
45
|
-
|
46
|
-
|
47
|
-
version: 0.6.0
|
57
|
+
version: "0"
|
58
|
+
version_requirements: *id003
|
48
59
|
name: yard
|
49
|
-
|
60
|
+
prerelease: false
|
50
61
|
type: :development
|
51
62
|
- !ruby/object:Gem::Dependency
|
52
|
-
|
53
|
-
version_requirements: &id003 !ruby/object:Gem::Requirement
|
63
|
+
requirement: &id004 !ruby/object:Gem::Requirement
|
54
64
|
none: false
|
55
65
|
requirements:
|
56
|
-
- -
|
66
|
+
- - ">="
|
57
67
|
- !ruby/object:Gem::Version
|
58
|
-
hash:
|
68
|
+
hash: 3
|
59
69
|
segments:
|
60
|
-
- 1
|
61
|
-
- 0
|
62
70
|
- 0
|
63
|
-
version:
|
71
|
+
version: "0"
|
72
|
+
version_requirements: *id004
|
64
73
|
name: bundler
|
65
|
-
|
74
|
+
prerelease: false
|
66
75
|
type: :development
|
67
76
|
- !ruby/object:Gem::Dependency
|
68
|
-
|
69
|
-
version_requirements: &id004 !ruby/object:Gem::Requirement
|
77
|
+
requirement: &id005 !ruby/object:Gem::Requirement
|
70
78
|
none: false
|
71
79
|
requirements:
|
72
|
-
- -
|
80
|
+
- - ">="
|
73
81
|
- !ruby/object:Gem::Version
|
74
|
-
hash:
|
82
|
+
hash: 3
|
75
83
|
segments:
|
76
|
-
-
|
77
|
-
|
78
|
-
|
79
|
-
version: 1.6.4
|
84
|
+
- 0
|
85
|
+
version: "0"
|
86
|
+
version_requirements: *id005
|
80
87
|
name: jeweler
|
81
|
-
|
88
|
+
prerelease: false
|
82
89
|
type: :development
|
83
90
|
- !ruby/object:Gem::Dependency
|
84
|
-
|
85
|
-
version_requirements: &id005 !ruby/object:Gem::Requirement
|
91
|
+
requirement: &id006 !ruby/object:Gem::Requirement
|
86
92
|
none: false
|
87
93
|
requirements:
|
88
94
|
- - ">="
|
@@ -91,8 +97,9 @@ dependencies:
|
|
91
97
|
segments:
|
92
98
|
- 0
|
93
99
|
version: "0"
|
100
|
+
version_requirements: *id006
|
94
101
|
name: rcov
|
95
|
-
|
102
|
+
prerelease: false
|
96
103
|
type: :development
|
97
104
|
description: see Summary
|
98
105
|
email: devteam@renewfund.com
|
@@ -105,6 +112,7 @@ extra_rdoc_files:
|
|
105
112
|
- README.rdoc
|
106
113
|
files:
|
107
114
|
- .document
|
115
|
+
- .rvmrc
|
108
116
|
- Gemfile
|
109
117
|
- Gemfile.lock
|
110
118
|
- LICENSE.txt
|
@@ -113,8 +121,8 @@ files:
|
|
113
121
|
- VERSION
|
114
122
|
- better_newrelic_sql_obfuscator.gemspec
|
115
123
|
- lib/better_newrelic_sql_obfuscator.rb
|
124
|
+
- test/better_newrelic_sql_obfuscator_unit_test.rb
|
116
125
|
- test/helper.rb
|
117
|
-
has_rdoc: true
|
118
126
|
homepage: http://github.com/projectdx/better_newrelic_sql_obfuscator
|
119
127
|
licenses:
|
120
128
|
- MIT
|
@@ -144,7 +152,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
144
152
|
requirements: []
|
145
153
|
|
146
154
|
rubyforge_project:
|
147
|
-
rubygems_version: 1.
|
155
|
+
rubygems_version: 1.8.10
|
148
156
|
signing_key:
|
149
157
|
specification_version: 3
|
150
158
|
summary: Obfuscate SQL in NewRelic in a way that doesn't suck
|