blouson 1.0.2 → 1.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.travis.yml +15 -11
- data/Appraisals +8 -10
- data/CHANGELOG.md +15 -0
- data/README.md +30 -1
- data/gemfiles/{rails_4.0.gemfile → rails_5.2.gemfile} +1 -2
- data/gemfiles/{rails_4.1.gemfile → rails_6.0.gemfile} +1 -2
- data/lib/blouson.rb +1 -0
- data/lib/blouson/engine.rb +8 -0
- data/lib/blouson/raven_parameter_filter_processor.rb +11 -1
- data/lib/blouson/sensitive_mail_log_filter.rb +17 -0
- data/lib/blouson/sensitive_query_filter.rb +9 -3
- data/lib/blouson/sensitive_table_query_log_silencer.rb +1 -4
- data/lib/blouson/version.rb +1 -1
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 3c5a05fbdf574e2e9c8420e7d24ad36ba81786df09d1916073d409ba47f764ec
|
|
4
|
+
data.tar.gz: 4d14dbf88a1e8aa457bcc5b2dae76846bf02d1cb5da4fb32e9ef23909e600f5a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 552ac7c5c3f6faaafe54355ea30d016ab47b5ac419b4466a27b0976bfdd60c89e9b4becf2aebc74a7937e25b9076e440f66fac65f141881d3e606c1257759f2a
|
|
7
|
+
data.tar.gz: 242d596166fc9beb1ca7380c1b9ae066d044e687ed9e783449c51788a6578e9f200178a04b6a63554f3576adab494800774d2694bbc3d9ab23820aad9223dc6d
|
data/.travis.yml
CHANGED
|
@@ -1,20 +1,24 @@
|
|
|
1
1
|
sudo: false
|
|
2
2
|
language: ruby
|
|
3
|
+
services:
|
|
4
|
+
- mysql
|
|
3
5
|
gemfile:
|
|
4
|
-
- gemfiles/rails_4.0.gemfile
|
|
5
|
-
- gemfiles/rails_4.1.gemfile
|
|
6
6
|
- gemfiles/rails_4.2.gemfile
|
|
7
7
|
- gemfiles/rails_5.0.gemfile
|
|
8
8
|
- gemfiles/rails_5.1.gemfile
|
|
9
|
+
- gemfiles/rails_5.2.gemfile
|
|
10
|
+
- gemfiles/rails_6.0.gemfile
|
|
9
11
|
rvm:
|
|
10
|
-
- 2.
|
|
11
|
-
- 2.
|
|
12
|
-
- 2.
|
|
12
|
+
- 2.3.8
|
|
13
|
+
- 2.4.6
|
|
14
|
+
- 2.5.5
|
|
15
|
+
- 2.6.3
|
|
13
16
|
matrix:
|
|
14
17
|
exclude:
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
18
|
+
- rvm: 2.3.8
|
|
19
|
+
gemfile: gemfiles/rails_6.0.gemfile
|
|
20
|
+
- rvm: 2.4.6
|
|
21
|
+
gemfile: gemfiles/rails_6.0.gemfile
|
|
22
|
+
before_install:
|
|
23
|
+
- "[[ $BUNDLE_GEMFILE =~ rails_4\\.2 ]] && gem uninstall -v '>= 2' -i $(rvm gemdir)@global -ax bundler || true"
|
|
24
|
+
- "[[ $BUNDLE_GEMFILE =~ rails_4\\.2 ]] && gem install bundler -v '< 2' || true"
|
data/Appraisals
CHANGED
|
@@ -1,13 +1,3 @@
|
|
|
1
|
-
appraise 'rails-4.0' do
|
|
2
|
-
gem 'rails', '~> 4.0.0'
|
|
3
|
-
gem 'mysql2', '~> 0.3.10'
|
|
4
|
-
end
|
|
5
|
-
|
|
6
|
-
appraise 'rails-4.1' do
|
|
7
|
-
gem 'rails', '~> 4.1.0'
|
|
8
|
-
gem 'mysql2', '~> 0.3.13'
|
|
9
|
-
end
|
|
10
|
-
|
|
11
1
|
appraise 'rails-4.2' do
|
|
12
2
|
gem 'rails', '~> 4.2.0'
|
|
13
3
|
end
|
|
@@ -20,4 +10,12 @@ appraise 'rails-5.1' do
|
|
|
20
10
|
gem 'rails', '~> 5.1.0'
|
|
21
11
|
end
|
|
22
12
|
|
|
13
|
+
appraise 'rails-5.2' do
|
|
14
|
+
gem 'rails', '~> 5.2.0'
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
appraise 'rails-6.0' do
|
|
18
|
+
gem 'rails', '~> 6.0.0'
|
|
19
|
+
end
|
|
20
|
+
|
|
23
21
|
# vim: set ft=ruby:
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,18 @@
|
|
|
1
|
+
# 1.1.3 (2020-12-11)
|
|
2
|
+
- Fix cookies not being filtered when used with Raven::Rack
|
|
3
|
+
|
|
4
|
+
# 1.1.2 (2019-10-24)
|
|
5
|
+
- Support Rails 6.0
|
|
6
|
+
|
|
7
|
+
# 1.1.1 (2019-09-27)
|
|
8
|
+
- Change to use ActiveSupport::LoggerSilence for thread safety #10
|
|
9
|
+
|
|
10
|
+
# 1.1.0 (2019-08-09)
|
|
11
|
+
- Add feature to filter sensitive mail logs.
|
|
12
|
+
|
|
13
|
+
# 1.0.3 (2018-12-18)
|
|
14
|
+
- Fix Blouson::SensitiveQueryFilter::StatementInvalidErrorFilter for exceptions created with no arguments (like ActiveRecord::NoDatabaseError)
|
|
15
|
+
|
|
1
16
|
# 1.0.2 (2017-09-21)
|
|
2
17
|
- Change Raven filter's secure_headers config to be case insensitive https://github.com/cookpad/blouson/pull/4
|
|
3
18
|
|
data/README.md
CHANGED
|
@@ -8,6 +8,7 @@ Blouson is a filter tool for Rails to conceal sensitive data from various logs.
|
|
|
8
8
|
- SQL query in Rails log
|
|
9
9
|
- Exception messages in `ActiveRecord::StatementInvalid`
|
|
10
10
|
- Sentry Raven parameters
|
|
11
|
+
- Mail parameters in Rails log
|
|
11
12
|
|
|
12
13
|
## Installation
|
|
13
14
|
|
|
@@ -75,11 +76,39 @@ secure_headers = %w(secret_token)
|
|
|
75
76
|
|
|
76
77
|
Raven.configure do |config|
|
|
77
78
|
...
|
|
78
|
-
config.processors
|
|
79
|
+
config.processors << Blouson::RavenParameterFilterProcessor.create(filter_pattern, secure_headers)
|
|
79
80
|
...
|
|
80
81
|
end
|
|
81
82
|
```
|
|
82
83
|
|
|
84
|
+
### SensitiveMailLogFilter
|
|
85
|
+
ActionMailer outputs email address, all headers, and body text to the log when sending email.
|
|
86
|
+
|
|
87
|
+
```
|
|
88
|
+
D, [2019-08-08T08:40:15.939251 #67674] DEBUG -- : UserMailer#hello: processed outbound mail in 43.0ms
|
|
89
|
+
I, [2019-08-08T08:40:15.946281 #67674] INFO -- : Sent mail to xxx@example.com (6.3ms)
|
|
90
|
+
D, [2019-08-08T08:40:15.946432 #67674] DEBUG -- : Date: Thu, 08 Aug 2019 08:40:15 +0900
|
|
91
|
+
From: from@example.com
|
|
92
|
+
To: xxx@example.com
|
|
93
|
+
Message-ID: <xxx>
|
|
94
|
+
Subject: Hello
|
|
95
|
+
Mime-Version: 1.0
|
|
96
|
+
Content-Type: text/plain; charset=UTF-8
|
|
97
|
+
Content-Transfer-Encoding: 7bit
|
|
98
|
+
|
|
99
|
+
Example mail.
|
|
100
|
+
```
|
|
101
|
+
|
|
102
|
+
Blouson filters such logs.
|
|
103
|
+
|
|
104
|
+
Example:
|
|
105
|
+
|
|
106
|
+
```
|
|
107
|
+
D, [2019-08-08T08:47:06.524182 #67886] DEBUG -- : UserMailer#hello: processed outbound mail in 23.2ms
|
|
108
|
+
I, [2019-08-08T08:47:06.530849 #67886] INFO -- : Sent mail to [FILTERED] (6.4ms)
|
|
109
|
+
D, [2019-08-08T08:47:06.530953 #67886] DEBUG -- : [Blouson::SensitiveMailLogFilter] Mail data is filtered for sensitive data
|
|
110
|
+
```
|
|
111
|
+
|
|
83
112
|
## Contributing
|
|
84
113
|
|
|
85
114
|
Bug reports and pull requests are welcome on GitHub at https://github.com/cookpad/blouson.
|
data/lib/blouson.rb
CHANGED
data/lib/blouson/engine.rb
CHANGED
|
@@ -22,5 +22,13 @@ module Blouson
|
|
|
22
22
|
end
|
|
23
23
|
end
|
|
24
24
|
end
|
|
25
|
+
|
|
26
|
+
initializer 'blouson.set_sensitive_mail_log_filter' do |app|
|
|
27
|
+
if Rails.env.production? || ENV['ENABLE_SENSITIVE_MAIL_LOG_FILTER'] == '1'
|
|
28
|
+
ActiveSupport.on_load(:action_mailer) do
|
|
29
|
+
ActionMailer::LogSubscriber.prepend Blouson::SensitiveMailLogFilter
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|
|
25
33
|
end
|
|
26
34
|
end
|
|
@@ -14,7 +14,13 @@ module Blouson
|
|
|
14
14
|
end
|
|
15
15
|
|
|
16
16
|
def initialize(client = nil)
|
|
17
|
-
|
|
17
|
+
# ActionDispatch::Http::ParameterFilter is deprecated and will be removed from Rails 6.1.
|
|
18
|
+
parameter_filter_klass = if defined?(ActiveSupport::ParameterFilter)
|
|
19
|
+
ActiveSupport::ParameterFilter
|
|
20
|
+
else
|
|
21
|
+
ActionDispatch::Http::ParameterFilter
|
|
22
|
+
end
|
|
23
|
+
@parameter_filter = parameter_filter_klass.new(self.class.filters)
|
|
18
24
|
end
|
|
19
25
|
|
|
20
26
|
def process(value)
|
|
@@ -65,6 +71,10 @@ module Blouson
|
|
|
65
71
|
end
|
|
66
72
|
|
|
67
73
|
def process_cookie(value)
|
|
74
|
+
if (cookies = value.dig(:request, :cookies))
|
|
75
|
+
value[:request][:cookies] = @parameter_filter.filter(cookies)
|
|
76
|
+
end
|
|
77
|
+
|
|
68
78
|
if value[:request] && value[:request][:headers] && value[:request][:headers]['Cookie']
|
|
69
79
|
cookies = Hash[value[:request][:headers]['Cookie'].split('; ').map { |pair| pair.split('=', 2) }]
|
|
70
80
|
filtered = @parameter_filter.filter(cookies)
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
module Blouson
|
|
2
|
+
module SensitiveMailLogFilter
|
|
3
|
+
def deliver(event)
|
|
4
|
+
e = ActiveSupport::Notifications::Event.new(
|
|
5
|
+
event.name,
|
|
6
|
+
event.time,
|
|
7
|
+
event.end,
|
|
8
|
+
event.transaction_id,
|
|
9
|
+
event.payload.merge(
|
|
10
|
+
to: Blouson::FILTERED,
|
|
11
|
+
mail: "[Blouson::SensitiveMailLogFilter] Mail data is filtered for sensitive data"
|
|
12
|
+
)
|
|
13
|
+
)
|
|
14
|
+
super(e)
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
@@ -15,9 +15,10 @@ module Blouson
|
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
module StatementInvalidErrorFilter
|
|
18
|
-
def initialize(message, original_exception = nil)
|
|
19
|
-
if SensitiveQueryFilter.contain_sensitive_query?(message)
|
|
20
|
-
message = SensitiveQueryFilter.filter_sensitive_words(message)
|
|
18
|
+
def initialize(message = nil, original_exception = nil, sql: nil, binds: nil)
|
|
19
|
+
if SensitiveQueryFilter.contain_sensitive_query?(message) || (SensitiveQueryFilter.contain_sensitive_query?(sql))
|
|
20
|
+
message = SensitiveQueryFilter.filter_sensitive_words(message) if message
|
|
21
|
+
sql = SensitiveQueryFilter.filter_sensitive_words(sql) if sql
|
|
21
22
|
if defined?(Mysql2::Error)
|
|
22
23
|
if original_exception.is_a?(Mysql2::Error)
|
|
23
24
|
original_exception.extend(Mysql2Filter)
|
|
@@ -30,6 +31,11 @@ module Blouson
|
|
|
30
31
|
if original_exception
|
|
31
32
|
# Rails < 5.0
|
|
32
33
|
super(message, original_exception)
|
|
34
|
+
elsif sql
|
|
35
|
+
# Rails >= 6.0
|
|
36
|
+
#
|
|
37
|
+
# - https://github.com/rails/rails/pull/34468
|
|
38
|
+
super(message, sql: sql, binds: binds)
|
|
33
39
|
else
|
|
34
40
|
# Rails >= 5.0
|
|
35
41
|
#
|
|
@@ -5,12 +5,9 @@ module Blouson
|
|
|
5
5
|
return super(sql, name)
|
|
6
6
|
end
|
|
7
7
|
|
|
8
|
-
|
|
9
|
-
ActiveRecord::Base.logger.level = Logger::INFO
|
|
8
|
+
ActiveRecord::Base.logger.silence(Logger::INFO) do
|
|
10
9
|
Rails.logger.info " [Blouson::SensitiveTableQueryLogSilencer] SQL Log is skipped for sensitive table"
|
|
11
10
|
super(sql, name)
|
|
12
|
-
ensure
|
|
13
|
-
ActiveRecord::Base.logger.level = Logger::DEBUG
|
|
14
11
|
end
|
|
15
12
|
end
|
|
16
13
|
end
|
data/lib/blouson/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: blouson
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.1.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Cookpad Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-12-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -155,14 +155,15 @@ files:
|
|
|
155
155
|
- bin/console
|
|
156
156
|
- bin/setup
|
|
157
157
|
- blouson.gemspec
|
|
158
|
-
- gemfiles/rails_4.0.gemfile
|
|
159
|
-
- gemfiles/rails_4.1.gemfile
|
|
160
158
|
- gemfiles/rails_4.2.gemfile
|
|
161
159
|
- gemfiles/rails_5.0.gemfile
|
|
162
160
|
- gemfiles/rails_5.1.gemfile
|
|
161
|
+
- gemfiles/rails_5.2.gemfile
|
|
162
|
+
- gemfiles/rails_6.0.gemfile
|
|
163
163
|
- lib/blouson.rb
|
|
164
164
|
- lib/blouson/engine.rb
|
|
165
165
|
- lib/blouson/raven_parameter_filter_processor.rb
|
|
166
|
+
- lib/blouson/sensitive_mail_log_filter.rb
|
|
166
167
|
- lib/blouson/sensitive_params_silener.rb
|
|
167
168
|
- lib/blouson/sensitive_query_filter.rb
|
|
168
169
|
- lib/blouson/sensitive_table_query_log_silencer.rb
|
|
@@ -187,8 +188,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
187
188
|
- !ruby/object:Gem::Version
|
|
188
189
|
version: '0'
|
|
189
190
|
requirements: []
|
|
190
|
-
|
|
191
|
-
rubygems_version: 2.5.2
|
|
191
|
+
rubygems_version: 3.1.4
|
|
192
192
|
signing_key:
|
|
193
193
|
specification_version: 4
|
|
194
194
|
summary: Filter tools to mask sensitive data in various logs
|