blouson 1.1.2 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +64 -0
- data/Appraisals +8 -4
- data/CHANGELOG.md +13 -0
- data/README.md +25 -2
- data/blouson.gemspec +2 -1
- data/gemfiles/{rails_4.2.gemfile → rails_6.1.gemfile} +1 -1
- data/gemfiles/rails_7.0.gemfile +7 -0
- data/lib/blouson/raven_parameter_filter_processor.rb +4 -0
- data/lib/blouson/sensitive_table_query_log_silencer.rb +3 -3
- data/lib/blouson/sentry_parameter_filter.rb +76 -0
- data/lib/blouson/version.rb +1 -1
- metadata +29 -13
- data/.travis.yml +0 -24
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2b25599e819a53e78883ffd4e743eb30202e9e2fb3f8c7b040d89b538fae446f
|
4
|
+
data.tar.gz: 36685c9343cc6db285668bb8bfdd2d7d8ec29c15c621de8005551f6907ca0250
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ade492f5a1994bfed0f02412d98c0e996baa827bcc65ac4256bda7f851e6814d6f9c017e13da5013d7e0c9821e83859f3870ad82d5f7c2d4ac59d0aac024d01f
|
7
|
+
data.tar.gz: 3e995584ca65d2498bdcff2d4c6c5bc8cd3d06beadc22569e808408af634577e4d94bd70c18f0613b458e1b6b1466e7807a18bc52aacbce573389a5e4372fe52
|
@@ -0,0 +1,64 @@
|
|
1
|
+
name: CI
|
2
|
+
|
3
|
+
on:
|
4
|
+
push:
|
5
|
+
pull_request:
|
6
|
+
|
7
|
+
jobs:
|
8
|
+
test:
|
9
|
+
runs-on: ubuntu-latest
|
10
|
+
strategy:
|
11
|
+
fail-fast: false
|
12
|
+
matrix:
|
13
|
+
ruby:
|
14
|
+
- '2.6'
|
15
|
+
- '2.7'
|
16
|
+
- '3.0'
|
17
|
+
- '3.1'
|
18
|
+
gemfile:
|
19
|
+
- rails_5.0
|
20
|
+
- rails_5.1
|
21
|
+
- rails_5.2
|
22
|
+
- rails_6.0
|
23
|
+
- rails_6.1
|
24
|
+
- rails_7.0
|
25
|
+
exclude:
|
26
|
+
# Ruby >= 3.0 is supported since Rails 6.0
|
27
|
+
- ruby: '3.0'
|
28
|
+
gemfile: rails_5.0
|
29
|
+
- ruby: '3.0'
|
30
|
+
gemfile: rails_5.1
|
31
|
+
- ruby: '3.0'
|
32
|
+
gemfile: rails_5.2
|
33
|
+
- ruby: '3.1'
|
34
|
+
gemfile: rails_5.0
|
35
|
+
- ruby: '3.1'
|
36
|
+
gemfile: rails_5.1
|
37
|
+
- ruby: '3.1'
|
38
|
+
gemfile: rails_5.2
|
39
|
+
# Rails 7.0 supports Ruby >= 2.7 only
|
40
|
+
- ruby: '2.6'
|
41
|
+
gemfile: rails_7.0
|
42
|
+
name: Run test with Ruby ${{ matrix.ruby }} and Gemfile ${{ matrix.gemfile }}
|
43
|
+
services:
|
44
|
+
mysql:
|
45
|
+
image: mysql:5.7
|
46
|
+
env:
|
47
|
+
MYSQL_ALLOW_EMPTY_PASSWORD: '1'
|
48
|
+
MYSQL_DATABASE: blouson
|
49
|
+
ports:
|
50
|
+
- 3306:3306
|
51
|
+
options: >-
|
52
|
+
--health-cmd "mysqladmin ping"
|
53
|
+
--health-interval 10s
|
54
|
+
--health-timeout 5s
|
55
|
+
--health-retries 5
|
56
|
+
env:
|
57
|
+
BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile
|
58
|
+
steps:
|
59
|
+
- uses: actions/checkout@v3
|
60
|
+
- uses: ruby/setup-ruby@v1
|
61
|
+
with:
|
62
|
+
ruby-version: ${{ matrix.ruby }}
|
63
|
+
bundler-cache: true
|
64
|
+
- run: bundle exec rake spec
|
data/Appraisals
CHANGED
@@ -1,7 +1,3 @@
|
|
1
|
-
appraise 'rails-4.2' do
|
2
|
-
gem 'rails', '~> 4.2.0'
|
3
|
-
end
|
4
|
-
|
5
1
|
appraise 'rails-5.0' do
|
6
2
|
gem 'rails', '~> 5.0.0'
|
7
3
|
end
|
@@ -18,4 +14,12 @@ appraise 'rails-6.0' do
|
|
18
14
|
gem 'rails', '~> 6.0.0'
|
19
15
|
end
|
20
16
|
|
17
|
+
appraise 'rails-6.1' do
|
18
|
+
gem 'rails', '~> 6.1.0'
|
19
|
+
end
|
20
|
+
|
21
|
+
appraise 'rails-7.0' do
|
22
|
+
gem 'rails', '~> 7.0.0'
|
23
|
+
end
|
24
|
+
|
21
25
|
# vim: set ft=ruby:
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,16 @@
|
|
1
|
+
# 2.0.0 (2022-05-23)
|
2
|
+
- Support parameter filter for `sentry-ruby` gem
|
3
|
+
- [Breaking change] Drop dependency of `sentry-raven` gem
|
4
|
+
|
5
|
+
# 1.1.4 (2022-05-02)
|
6
|
+
- Fix ArgumentError on activerecord 7.0
|
7
|
+
|
8
|
+
# 1.1.3 (2020-12-11)
|
9
|
+
- Fix cookies not being filtered when used with Raven::Rack
|
10
|
+
|
11
|
+
# 1.1.2 (2019-10-24)
|
12
|
+
- Support Rails 6.0
|
13
|
+
|
1
14
|
# 1.1.1 (2019-09-27)
|
2
15
|
- Change to use ActiveSupport::LoggerSilence for thread safety #10
|
3
16
|
|
data/README.md
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
# Blouson
|
2
2
|
[![Gem Version](https://badge.fury.io/rb/blouson.svg)](https://badge.fury.io/rb/blouson)
|
3
|
-
[![Build Status](https://
|
3
|
+
[![Build Status](https://github.com/cookpad/blouson/actions/workflows/ci.yml/badge.svg)](https://github.com/cookpad/blouson/actions/workflows/ci.yml)
|
4
4
|
|
5
5
|
Blouson is a filter tool for Rails to conceal sensitive data from various logs.
|
6
6
|
|
@@ -65,6 +65,28 @@ end
|
|
65
65
|
Arproxy.enable!
|
66
66
|
```
|
67
67
|
|
68
|
+
### SentryParameterFilter
|
69
|
+
Blouson provides an [sentry-ruby](https://github.com/getsentry/sentry-ruby) filter to conceal sensitive data from query string, request body, request headers and cookie values.
|
70
|
+
|
71
|
+
```ruby
|
72
|
+
require 'sentry-ruby'
|
73
|
+
require 'blouson/sentry_parameter_filter'
|
74
|
+
|
75
|
+
Sentry.init do |config|
|
76
|
+
# Enable `send_default_pii` to send the filtered sensitive information.
|
77
|
+
config.send_default_pii = true
|
78
|
+
|
79
|
+
filter_pattern = Rails.application.config.filter_parameters
|
80
|
+
secure_headers = %w(secret_token)
|
81
|
+
filter = Blouson::SentryParameterFilter.new(filter_pattern, secure_headers)
|
82
|
+
|
83
|
+
config.before_send = lambda do |event, _hint|
|
84
|
+
filter.process(event.to_hash)
|
85
|
+
end
|
86
|
+
end
|
87
|
+
|
88
|
+
```
|
89
|
+
|
68
90
|
### RavenParameterFilterProcessor
|
69
91
|
Blouson provides an [Raven-Ruby](https://github.com/getsentry/raven-ruby) processor to conceal sensitive data from query string, request body, request headers and cookie values.
|
70
92
|
|
@@ -76,11 +98,12 @@ secure_headers = %w(secret_token)
|
|
76
98
|
|
77
99
|
Raven.configure do |config|
|
78
100
|
...
|
79
|
-
config.processors
|
101
|
+
config.processors << Blouson::RavenParameterFilterProcessor.create(filter_pattern, secure_headers)
|
80
102
|
...
|
81
103
|
end
|
82
104
|
```
|
83
105
|
|
106
|
+
|
84
107
|
### SensitiveMailLogFilter
|
85
108
|
ActionMailer outputs email address, all headers, and body text to the log when sending email.
|
86
109
|
|
data/blouson.gemspec
CHANGED
@@ -22,11 +22,12 @@ Gem::Specification.new do |spec|
|
|
22
22
|
spec.require_paths = ["lib"]
|
23
23
|
|
24
24
|
spec.add_dependency 'rails', '>= 4.0.0'
|
25
|
-
spec.add_dependency 'sentry-raven'
|
26
25
|
|
27
26
|
spec.add_development_dependency 'arproxy'
|
28
27
|
spec.add_development_dependency 'mysql2'
|
29
28
|
spec.add_development_dependency 'pry'
|
29
|
+
spec.add_development_dependency 'sentry-raven'
|
30
|
+
spec.add_development_dependency 'sentry-ruby'
|
30
31
|
|
31
32
|
spec.add_development_dependency 'appraisal'
|
32
33
|
spec.add_development_dependency "bundler", ">= 1.14"
|
@@ -71,6 +71,10 @@ module Blouson
|
|
71
71
|
end
|
72
72
|
|
73
73
|
def process_cookie(value)
|
74
|
+
if (cookies = value.dig(:request, :cookies))
|
75
|
+
value[:request][:cookies] = @parameter_filter.filter(cookies)
|
76
|
+
end
|
77
|
+
|
74
78
|
if value[:request] && value[:request][:headers] && value[:request][:headers]['Cookie']
|
75
79
|
cookies = Hash[value[:request][:headers]['Cookie'].split('; ').map { |pair| pair.split('=', 2) }]
|
76
80
|
filtered = @parameter_filter.filter(cookies)
|
@@ -1,13 +1,13 @@
|
|
1
1
|
module Blouson
|
2
2
|
class SensitiveTableQueryLogSilencer < Arproxy::Base
|
3
|
-
def execute(sql, name=nil)
|
3
|
+
def execute(sql, name=nil, **kwargs)
|
4
4
|
if Rails.logger.level != Logger::DEBUG || !(Blouson::SENSITIVE_TABLE_REGEXP === sql)
|
5
|
-
return super(sql, name)
|
5
|
+
return super(sql, name, **kwargs)
|
6
6
|
end
|
7
7
|
|
8
8
|
ActiveRecord::Base.logger.silence(Logger::INFO) do
|
9
9
|
Rails.logger.info " [Blouson::SensitiveTableQueryLogSilencer] SQL Log is skipped for sensitive table"
|
10
|
-
super(sql, name)
|
10
|
+
super(sql, name, **kwargs)
|
11
11
|
end
|
12
12
|
end
|
13
13
|
end
|
@@ -0,0 +1,76 @@
|
|
1
|
+
module Blouson
|
2
|
+
class SentryParameterFilter
|
3
|
+
def initialize(filters, header_filters = [])
|
4
|
+
# ActionDispatch::Http::ParameterFilter is deprecated and will be removed from Rails 6.1.
|
5
|
+
parameter_filter_klass = if defined?(ActiveSupport::ParameterFilter)
|
6
|
+
ActiveSupport::ParameterFilter
|
7
|
+
else
|
8
|
+
ActionDispatch::Http::ParameterFilter
|
9
|
+
end
|
10
|
+
@parameter_filter = parameter_filter_klass.new(filters)
|
11
|
+
@header_filters = header_filters.map(&:downcase)
|
12
|
+
end
|
13
|
+
|
14
|
+
def process(event)
|
15
|
+
process_query_string(event)
|
16
|
+
process_request_body(event)
|
17
|
+
process_request_header(event)
|
18
|
+
process_cookie(event)
|
19
|
+
ensure
|
20
|
+
return event
|
21
|
+
end
|
22
|
+
|
23
|
+
private
|
24
|
+
|
25
|
+
def process_request_body(event)
|
26
|
+
if event[:request] && event[:request][:data].present?
|
27
|
+
data = event[:request][:data]
|
28
|
+
if data.is_a?(String)
|
29
|
+
# Maybe JSON request
|
30
|
+
begin
|
31
|
+
data = JSON.parse(data)
|
32
|
+
event[:request][:data] = JSON.dump(@parameter_filter.filter(data))
|
33
|
+
rescue JSON::ParserError => e
|
34
|
+
# Record parser error to extra field
|
35
|
+
event[:extra]['BlousonError'] = e.message
|
36
|
+
end
|
37
|
+
else
|
38
|
+
event[:request][:data] = @parameter_filter.filter(data)
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
def process_query_string(event)
|
44
|
+
if event[:request] && event[:request][:query_string].present?
|
45
|
+
query = Rack::Utils.parse_query(event[:request][:query_string])
|
46
|
+
filtered = @parameter_filter.filter(query)
|
47
|
+
|
48
|
+
event[:request][:query_string] = Rack::Utils.build_query(filtered)
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
def process_request_header(event)
|
53
|
+
if event[:request] && event[:request][:headers]
|
54
|
+
headers = event[:request][:headers]
|
55
|
+
headers.each_key do |k|
|
56
|
+
if @header_filters.include?(k.downcase)
|
57
|
+
headers[k] = 'FILTERED'
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
63
|
+
def process_cookie(event)
|
64
|
+
if (cookies = event.dig(:request, :cookies))
|
65
|
+
event[:request][:cookies] = @parameter_filter.filter(cookies)
|
66
|
+
end
|
67
|
+
|
68
|
+
if event[:request] && event[:request][:headers] && event[:request][:headers]['Cookie']
|
69
|
+
cookies = Hash[event[:request][:headers]['Cookie'].split('; ').map { |pair| pair.split('=', 2) }]
|
70
|
+
filtered = @parameter_filter.filter(cookies)
|
71
|
+
|
72
|
+
event[:request][:headers]['Cookie'] = filtered.map { |pair| pair.join('=') }.join('; ')
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
76
|
+
end
|
data/lib/blouson/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: blouson
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Cookpad Inc.
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-05-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|
@@ -25,13 +25,13 @@ dependencies:
|
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: 4.0.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
|
-
name:
|
28
|
+
name: arproxy
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
31
|
- - ">="
|
32
32
|
- !ruby/object:Gem::Version
|
33
33
|
version: '0'
|
34
|
-
type: :
|
34
|
+
type: :development
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
@@ -39,7 +39,7 @@ dependencies:
|
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: '0'
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
|
-
name:
|
42
|
+
name: mysql2
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
45
|
- - ">="
|
@@ -53,7 +53,7 @@ dependencies:
|
|
53
53
|
- !ruby/object:Gem::Version
|
54
54
|
version: '0'
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
|
-
name:
|
56
|
+
name: pry
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
58
58
|
requirements:
|
59
59
|
- - ">="
|
@@ -67,7 +67,21 @@ dependencies:
|
|
67
67
|
- !ruby/object:Gem::Version
|
68
68
|
version: '0'
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
|
-
name:
|
70
|
+
name: sentry-raven
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - ">="
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '0'
|
76
|
+
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - ">="
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '0'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: sentry-ruby
|
71
85
|
requirement: !ruby/object:Gem::Requirement
|
72
86
|
requirements:
|
73
87
|
- - ">="
|
@@ -143,9 +157,9 @@ executables: []
|
|
143
157
|
extensions: []
|
144
158
|
extra_rdoc_files: []
|
145
159
|
files:
|
160
|
+
- ".github/workflows/ci.yml"
|
146
161
|
- ".gitignore"
|
147
162
|
- ".rspec"
|
148
|
-
- ".travis.yml"
|
149
163
|
- Appraisals
|
150
164
|
- CHANGELOG.md
|
151
165
|
- Gemfile
|
@@ -155,11 +169,12 @@ files:
|
|
155
169
|
- bin/console
|
156
170
|
- bin/setup
|
157
171
|
- blouson.gemspec
|
158
|
-
- gemfiles/rails_4.2.gemfile
|
159
172
|
- gemfiles/rails_5.0.gemfile
|
160
173
|
- gemfiles/rails_5.1.gemfile
|
161
174
|
- gemfiles/rails_5.2.gemfile
|
162
175
|
- gemfiles/rails_6.0.gemfile
|
176
|
+
- gemfiles/rails_6.1.gemfile
|
177
|
+
- gemfiles/rails_7.0.gemfile
|
163
178
|
- lib/blouson.rb
|
164
179
|
- lib/blouson/engine.rb
|
165
180
|
- lib/blouson/raven_parameter_filter_processor.rb
|
@@ -167,13 +182,14 @@ files:
|
|
167
182
|
- lib/blouson/sensitive_params_silener.rb
|
168
183
|
- lib/blouson/sensitive_query_filter.rb
|
169
184
|
- lib/blouson/sensitive_table_query_log_silencer.rb
|
185
|
+
- lib/blouson/sentry_parameter_filter.rb
|
170
186
|
- lib/blouson/tolerant_regexp.rb
|
171
187
|
- lib/blouson/version.rb
|
172
188
|
homepage: https://github.com/cookpad/blouson
|
173
189
|
licenses:
|
174
190
|
- MIT
|
175
191
|
metadata: {}
|
176
|
-
post_install_message:
|
192
|
+
post_install_message:
|
177
193
|
rdoc_options: []
|
178
194
|
require_paths:
|
179
195
|
- lib
|
@@ -188,8 +204,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
188
204
|
- !ruby/object:Gem::Version
|
189
205
|
version: '0'
|
190
206
|
requirements: []
|
191
|
-
rubygems_version: 3.
|
192
|
-
signing_key:
|
207
|
+
rubygems_version: 3.2.32
|
208
|
+
signing_key:
|
193
209
|
specification_version: 4
|
194
210
|
summary: Filter tools to mask sensitive data in various logs
|
195
211
|
test_files: []
|
data/.travis.yml
DELETED
@@ -1,24 +0,0 @@
|
|
1
|
-
sudo: false
|
2
|
-
language: ruby
|
3
|
-
services:
|
4
|
-
- mysql
|
5
|
-
gemfile:
|
6
|
-
- gemfiles/rails_4.2.gemfile
|
7
|
-
- gemfiles/rails_5.0.gemfile
|
8
|
-
- gemfiles/rails_5.1.gemfile
|
9
|
-
- gemfiles/rails_5.2.gemfile
|
10
|
-
- gemfiles/rails_6.0.gemfile
|
11
|
-
rvm:
|
12
|
-
- 2.3.8
|
13
|
-
- 2.4.6
|
14
|
-
- 2.5.5
|
15
|
-
- 2.6.3
|
16
|
-
matrix:
|
17
|
-
exclude:
|
18
|
-
- rvm: 2.3.8
|
19
|
-
gemfile: gemfiles/rails_6.0.gemfile
|
20
|
-
- rvm: 2.4.6
|
21
|
-
gemfile: gemfiles/rails_6.0.gemfile
|
22
|
-
before_install:
|
23
|
-
- "[[ $BUNDLE_GEMFILE =~ rails_4\\.2 ]] && gem uninstall -v '>= 2' -i $(rvm gemdir)@global -ax bundler || true"
|
24
|
-
- "[[ $BUNDLE_GEMFILE =~ rails_4\\.2 ]] && gem install bundler -v '< 2' || true"
|