blouson 1.0.2 → 1.1.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (15) hide show
  1. checksums.yaml +5 -5
  2. data/.travis.yml +15 -11
  3. data/Appraisals +8 -10
  4. data/CHANGELOG.md +15 -0
  5. data/README.md +30 -1
  6. data/gemfiles/{rails_4.0.gemfile → rails_5.2.gemfile} +1 -2
  7. data/gemfiles/{rails_4.1.gemfile → rails_6.0.gemfile} +1 -2
  8. data/lib/blouson.rb +1 -0
  9. data/lib/blouson/engine.rb +8 -0
  10. data/lib/blouson/raven_parameter_filter_processor.rb +11 -1
  11. data/lib/blouson/sensitive_mail_log_filter.rb +17 -0
  12. data/lib/blouson/sensitive_query_filter.rb +9 -3
  13. data/lib/blouson/sensitive_table_query_log_silencer.rb +1 -4
  14. data/lib/blouson/version.rb +1 -1
  15. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 3f0289a12d72b9395df1eda3e175fb719eeca8f9
4
- data.tar.gz: b3eabf713614461869750438ffc28a4855baf55a
2
+ SHA256:
3
+ metadata.gz: 3c5a05fbdf574e2e9c8420e7d24ad36ba81786df09d1916073d409ba47f764ec
4
+ data.tar.gz: 4d14dbf88a1e8aa457bcc5b2dae76846bf02d1cb5da4fb32e9ef23909e600f5a
5
5
  SHA512:
6
- metadata.gz: fe01b3072ceb5bc18903850320cd53c937df2b3132e75637e36158fc6ddf854ff5ec2613440952667d19ddd3497de22d9c826969efca5013cecf6c80769b5642
7
- data.tar.gz: da9de96010abbc0bd01299206e38f6b45e774fe80071c797d84a1e72bc88701d0677247ccb4b07e58518bd2afb32b6b7e1786cc5ac486647f28f5e58e7e6fe01
6
+ metadata.gz: 552ac7c5c3f6faaafe54355ea30d016ab47b5ac419b4466a27b0976bfdd60c89e9b4becf2aebc74a7937e25b9076e440f66fac65f141881d3e606c1257759f2a
7
+ data.tar.gz: 242d596166fc9beb1ca7380c1b9ae066d044e687ed9e783449c51788a6578e9f200178a04b6a63554f3576adab494800774d2694bbc3d9ab23820aad9223dc6d
data/.travis.yml CHANGED
@@ -1,20 +1,24 @@
1
1
  sudo: false
2
2
  language: ruby
3
+ services:
4
+ - mysql
3
5
  gemfile:
4
- - gemfiles/rails_4.0.gemfile
5
- - gemfiles/rails_4.1.gemfile
6
6
  - gemfiles/rails_4.2.gemfile
7
7
  - gemfiles/rails_5.0.gemfile
8
8
  - gemfiles/rails_5.1.gemfile
9
+ - gemfiles/rails_5.2.gemfile
10
+ - gemfiles/rails_6.0.gemfile
9
11
  rvm:
10
- - 2.2.7
11
- - 2.3.4
12
- - 2.4.1
12
+ - 2.3.8
13
+ - 2.4.6
14
+ - 2.5.5
15
+ - 2.6.3
13
16
  matrix:
14
17
  exclude:
15
- # Rails 4.0 and 4.1 doesn't support Ruby 2.4 (because of integer unification)
16
- - rvm: 2.4.1
17
- gemfile: gemfiles/rails_4.0.gemfile
18
- - rvm: 2.4.1
19
- gemfile: gemfiles/rails_4.1.gemfile
20
- before_install: gem install --no-document bundler
18
+ - rvm: 2.3.8
19
+ gemfile: gemfiles/rails_6.0.gemfile
20
+ - rvm: 2.4.6
21
+ gemfile: gemfiles/rails_6.0.gemfile
22
+ before_install:
23
+ - "[[ $BUNDLE_GEMFILE =~ rails_4\\.2 ]] && gem uninstall -v '>= 2' -i $(rvm gemdir)@global -ax bundler || true"
24
+ - "[[ $BUNDLE_GEMFILE =~ rails_4\\.2 ]] && gem install bundler -v '< 2' || true"
data/Appraisals CHANGED
@@ -1,13 +1,3 @@
1
- appraise 'rails-4.0' do
2
- gem 'rails', '~> 4.0.0'
3
- gem 'mysql2', '~> 0.3.10'
4
- end
5
-
6
- appraise 'rails-4.1' do
7
- gem 'rails', '~> 4.1.0'
8
- gem 'mysql2', '~> 0.3.13'
9
- end
10
-
11
1
  appraise 'rails-4.2' do
12
2
  gem 'rails', '~> 4.2.0'
13
3
  end
@@ -20,4 +10,12 @@ appraise 'rails-5.1' do
20
10
  gem 'rails', '~> 5.1.0'
21
11
  end
22
12
 
13
+ appraise 'rails-5.2' do
14
+ gem 'rails', '~> 5.2.0'
15
+ end
16
+
17
+ appraise 'rails-6.0' do
18
+ gem 'rails', '~> 6.0.0'
19
+ end
20
+
23
21
  # vim: set ft=ruby:
data/CHANGELOG.md CHANGED
@@ -1,3 +1,18 @@
1
+ # 1.1.3 (2020-12-11)
2
+ - Fix cookies not being filtered when used with Raven::Rack
3
+
4
+ # 1.1.2 (2019-10-24)
5
+ - Support Rails 6.0
6
+
7
+ # 1.1.1 (2019-09-27)
8
+ - Change to use ActiveSupport::LoggerSilence for thread safety #10
9
+
10
+ # 1.1.0 (2019-08-09)
11
+ - Add feature to filter sensitive mail logs.
12
+
13
+ # 1.0.3 (2018-12-18)
14
+ - Fix Blouson::SensitiveQueryFilter::StatementInvalidErrorFilter for exceptions created with no arguments (like ActiveRecord::NoDatabaseError)
15
+
1
16
  # 1.0.2 (2017-09-21)
2
17
  - Change Raven filter's secure_headers config to be case insensitive https://github.com/cookpad/blouson/pull/4
3
18
 
data/README.md CHANGED
@@ -8,6 +8,7 @@ Blouson is a filter tool for Rails to conceal sensitive data from various logs.
8
8
  - SQL query in Rails log
9
9
  - Exception messages in `ActiveRecord::StatementInvalid`
10
10
  - Sentry Raven parameters
11
+ - Mail parameters in Rails log
11
12
 
12
13
  ## Installation
13
14
 
@@ -75,11 +76,39 @@ secure_headers = %w(secret_token)
75
76
 
76
77
  Raven.configure do |config|
77
78
  ...
78
- config.processors = [Blouson::RavenParameterFilterProcessor.create(filter_pattern, secure_headers)]
79
+ config.processors << Blouson::RavenParameterFilterProcessor.create(filter_pattern, secure_headers)
79
80
  ...
80
81
  end
81
82
  ```
82
83
 
84
+ ### SensitiveMailLogFilter
85
+ ActionMailer outputs email address, all headers, and body text to the log when sending email.
86
+
87
+ ```
88
+ D, [2019-08-08T08:40:15.939251 #67674] DEBUG -- : UserMailer#hello: processed outbound mail in 43.0ms
89
+ I, [2019-08-08T08:40:15.946281 #67674] INFO -- : Sent mail to xxx@example.com (6.3ms)
90
+ D, [2019-08-08T08:40:15.946432 #67674] DEBUG -- : Date: Thu, 08 Aug 2019 08:40:15 +0900
91
+ From: from@example.com
92
+ To: xxx@example.com
93
+ Message-ID: <xxx>
94
+ Subject: Hello
95
+ Mime-Version: 1.0
96
+ Content-Type: text/plain; charset=UTF-8
97
+ Content-Transfer-Encoding: 7bit
98
+
99
+ Example mail.
100
+ ```
101
+
102
+ Blouson filters such logs.
103
+
104
+ Example:
105
+
106
+ ```
107
+ D, [2019-08-08T08:47:06.524182 #67886] DEBUG -- : UserMailer#hello: processed outbound mail in 23.2ms
108
+ I, [2019-08-08T08:47:06.530849 #67886] INFO -- : Sent mail to [FILTERED] (6.4ms)
109
+ D, [2019-08-08T08:47:06.530953 #67886] DEBUG -- : [Blouson::SensitiveMailLogFilter] Mail data is filtered for sensitive data
110
+ ```
111
+
83
112
  ## Contributing
84
113
 
85
114
  Bug reports and pull requests are welcome on GitHub at https://github.com/cookpad/blouson.
data/gemfiles/{rails_4.0.gemfile → rails_5.2.gemfile} RENAMED
@@ -2,7 +2,6 @@
2
2
 
3
3
  source "https://rubygems.org"
4
4
 
5
- gem "rails", "~> 4.0.0"
6
- gem "mysql2", "~> 0.3.10"
5
+ gem "rails", "~> 5.2.0"
7
6
 
8
7
  gemspec path: "../"
data/gemfiles/{rails_4.1.gemfile → rails_6.0.gemfile} RENAMED
@@ -2,7 +2,6 @@
2
2
 
3
3
  source "https://rubygems.org"
4
4
 
5
- gem "rails", "~> 4.1.0"
6
- gem "mysql2", "~> 0.3.13"
5
+ gem "rails", "~> 6.0.0"
7
6
 
8
7
  gemspec path: "../"
data/lib/blouson.rb CHANGED
@@ -2,6 +2,7 @@ require "blouson/version"
2
2
 
3
3
  require 'blouson/sensitive_params_silener'
4
4
  require 'blouson/sensitive_query_filter'
5
+ require 'blouson/sensitive_mail_log_filter'
5
6
  require 'blouson/engine'
6
7
  require 'blouson/tolerant_regexp'
7
8
 
data/lib/blouson/engine.rb CHANGED
@@ -22,5 +22,13 @@ module Blouson
22
22
  end
23
23
  end
24
24
  end
25
+
26
+ initializer 'blouson.set_sensitive_mail_log_filter' do |app|
27
+ if Rails.env.production? || ENV['ENABLE_SENSITIVE_MAIL_LOG_FILTER'] == '1'
28
+ ActiveSupport.on_load(:action_mailer) do
29
+ ActionMailer::LogSubscriber.prepend Blouson::SensitiveMailLogFilter
30
+ end
31
+ end
32
+ end
25
33
  end
26
34
  end
data/lib/blouson/raven_parameter_filter_processor.rb CHANGED
@@ -14,7 +14,13 @@ module Blouson
14
14
  end
15
15
 
16
16
  def initialize(client = nil)
17
- @parameter_filter = ActionDispatch::Http::ParameterFilter.new(self.class.filters)
17
+ # ActionDispatch::Http::ParameterFilter is deprecated and will be removed from Rails 6.1.
18
+ parameter_filter_klass = if defined?(ActiveSupport::ParameterFilter)
19
+ ActiveSupport::ParameterFilter
20
+ else
21
+ ActionDispatch::Http::ParameterFilter
22
+ end
23
+ @parameter_filter = parameter_filter_klass.new(self.class.filters)
18
24
  end
19
25
 
20
26
  def process(value)
@@ -65,6 +71,10 @@ module Blouson
65
71
  end
66
72
 
67
73
  def process_cookie(value)
74
+ if (cookies = value.dig(:request, :cookies))
75
+ value[:request][:cookies] = @parameter_filter.filter(cookies)
76
+ end
77
+
68
78
  if value[:request] && value[:request][:headers] && value[:request][:headers]['Cookie']
69
79
  cookies = Hash[value[:request][:headers]['Cookie'].split('; ').map { |pair| pair.split('=', 2) }]
70
80
  filtered = @parameter_filter.filter(cookies)
data/lib/blouson/sensitive_mail_log_filter.rb ADDED
@@ -0,0 +1,17 @@
1
+ module Blouson
2
+ module SensitiveMailLogFilter
3
+ def deliver(event)
4
+ e = ActiveSupport::Notifications::Event.new(
5
+ event.name,
6
+ event.time,
7
+ event.end,
8
+ event.transaction_id,
9
+ event.payload.merge(
10
+ to: Blouson::FILTERED,
11
+ mail: "[Blouson::SensitiveMailLogFilter] Mail data is filtered for sensitive data"
12
+ )
13
+ )
14
+ super(e)
15
+ end
16
+ end
17
+ end
data/lib/blouson/sensitive_query_filter.rb CHANGED
@@ -15,9 +15,10 @@ module Blouson
15
15
  end
16
16
 
17
17
  module StatementInvalidErrorFilter
18
- def initialize(message, original_exception = nil)
19
- if SensitiveQueryFilter.contain_sensitive_query?(message)
20
- message = SensitiveQueryFilter.filter_sensitive_words(message)
18
+ def initialize(message = nil, original_exception = nil, sql: nil, binds: nil)
19
+ if SensitiveQueryFilter.contain_sensitive_query?(message) || (SensitiveQueryFilter.contain_sensitive_query?(sql))
20
+ message = SensitiveQueryFilter.filter_sensitive_words(message) if message
21
+ sql = SensitiveQueryFilter.filter_sensitive_words(sql) if sql
21
22
  if defined?(Mysql2::Error)
22
23
  if original_exception.is_a?(Mysql2::Error)
23
24
  original_exception.extend(Mysql2Filter)
@@ -30,6 +31,11 @@ module Blouson
30
31
  if original_exception
31
32
  # Rails < 5.0
32
33
  super(message, original_exception)
34
+ elsif sql
35
+ # Rails >= 6.0
36
+ #
37
+ # - https://github.com/rails/rails/pull/34468
38
+ super(message, sql: sql, binds: binds)
33
39
  else
34
40
  # Rails >= 5.0
35
41
  #
data/lib/blouson/sensitive_table_query_log_silencer.rb CHANGED
@@ -5,12 +5,9 @@ module Blouson
5
5
  return super(sql, name)
6
6
  end
7
7
 
8
- begin
9
- ActiveRecord::Base.logger.level = Logger::INFO
8
+ ActiveRecord::Base.logger.silence(Logger::INFO) do
10
9
  Rails.logger.info " [Blouson::SensitiveTableQueryLogSilencer] SQL Log is skipped for sensitive table"
11
10
  super(sql, name)
12
- ensure
13
- ActiveRecord::Base.logger.level = Logger::DEBUG
14
11
  end
15
12
  end
16
13
  end
data/lib/blouson/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Blouson
2
- VERSION = "1.0.2"
2
+ VERSION = "1.1.3"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: blouson
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.2
4
+ version: 1.1.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Cookpad Inc.
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2017-09-21 00:00:00.000000000 Z
11
+ date: 2020-12-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -155,14 +155,15 @@ files:
155
155
  - bin/console
156
156
  - bin/setup
157
157
  - blouson.gemspec
158
- - gemfiles/rails_4.0.gemfile
159
- - gemfiles/rails_4.1.gemfile
160
158
  - gemfiles/rails_4.2.gemfile
161
159
  - gemfiles/rails_5.0.gemfile
162
160
  - gemfiles/rails_5.1.gemfile
161
+ - gemfiles/rails_5.2.gemfile
162
+ - gemfiles/rails_6.0.gemfile
163
163
  - lib/blouson.rb
164
164
  - lib/blouson/engine.rb
165
165
  - lib/blouson/raven_parameter_filter_processor.rb
166
+ - lib/blouson/sensitive_mail_log_filter.rb
166
167
  - lib/blouson/sensitive_params_silener.rb
167
168
  - lib/blouson/sensitive_query_filter.rb
168
169
  - lib/blouson/sensitive_table_query_log_silencer.rb
@@ -187,8 +188,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
187
188
  - !ruby/object:Gem::Version
188
189
  version: '0'
189
190
  requirements: []
190
- rubyforge_project:
191
- rubygems_version: 2.5.2
191
+ rubygems_version: 3.1.4
192
192
  signing_key:
193
193
  specification_version: 4
194
194
  summary: Filter tools to mask sensitive data in various logs