blouson 1.1.2 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 78a44cf04cd15a16cdfb9eb997fbce7d96afb7c5e78c2a27a0bfa41064eccdcd
-  data.tar.gz: 5647cc9aac63b8e4b94690949b3b171cb814b4319f2f673bf959bd03a265cafd
+  metadata.gz: 2b25599e819a53e78883ffd4e743eb30202e9e2fb3f8c7b040d89b538fae446f
+  data.tar.gz: 36685c9343cc6db285668bb8bfdd2d7d8ec29c15c621de8005551f6907ca0250
 SHA512:
-  metadata.gz: 8c5f39468c0f5de0f9b542d6ff239ddf41bdd6672ec969ec852ca2ff9d6ac67dfe7aa34955737a13ac6b60459d675f707032386941f651abe5e4f3f5d0a175f7
-  data.tar.gz: 740cfacbb6268c9466372e6c6775d7eae6f6b28528f2f255c8b07b57df570b9f38f6c7e45092c9f206b7c8073e9cdc3b296ae8dd479d24583602ca965cd19429
+  metadata.gz: ade492f5a1994bfed0f02412d98c0e996baa827bcc65ac4256bda7f851e6814d6f9c017e13da5013d7e0c9821e83859f3870ad82d5f7c2d4ac59d0aac024d01f
+  data.tar.gz: 3e995584ca65d2498bdcff2d4c6c5bc8cd3d06beadc22569e808408af634577e4d94bd70c18f0613b458e1b6b1466e7807a18bc52aacbce573389a5e4372fe52

data/.github/workflows/ci.yml

@@ -0,0 +1,64 @@
+name: CI
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby:
+          - '2.6'
+          - '2.7'
+          - '3.0'
+          - '3.1'
+        gemfile:
+          - rails_5.0
+          - rails_5.1
+          - rails_5.2
+          - rails_6.0
+          - rails_6.1
+          - rails_7.0
+        exclude:
+          # Ruby >= 3.0 is supported since Rails 6.0
+          - ruby: '3.0'
+            gemfile: rails_5.0
+          - ruby: '3.0'
+            gemfile: rails_5.1
+          - ruby: '3.0'
+            gemfile: rails_5.2
+          - ruby: '3.1'
+            gemfile: rails_5.0
+          - ruby: '3.1'
+            gemfile: rails_5.1
+          - ruby: '3.1'
+            gemfile: rails_5.2
+          # Rails 7.0 supports Ruby >= 2.7 only
+          - ruby: '2.6'
+            gemfile: rails_7.0
+    name: Run test with Ruby ${{ matrix.ruby }} and Gemfile ${{ matrix.gemfile }}
+    services:
+      mysql:
+        image: mysql:5.7
+        env:
+          MYSQL_ALLOW_EMPTY_PASSWORD: '1'
+          MYSQL_DATABASE: blouson
+        ports:
+          - 3306:3306
+        options: >-
+          --health-cmd "mysqladmin ping"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+    env:
+      BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+      - run: bundle exec rake spec

data/Appraisals

@@ -1,7 +1,3 @@
-appraise 'rails-4.2' do
-  gem 'rails', '~> 4.2.0'
-end
-
 appraise 'rails-5.0' do
   gem 'rails', '~> 5.0.0'
 end
@@ -18,4 +14,12 @@ appraise 'rails-6.0' do
   gem 'rails', '~> 6.0.0'
 end
 
+appraise 'rails-6.1' do
+  gem 'rails', '~> 6.1.0'
+end
+
+appraise 'rails-7.0' do
+  gem 'rails', '~> 7.0.0'
+end
+
 # vim: set ft=ruby:

data/CHANGELOG.md

@@ -1,3 +1,16 @@
+# 2.0.0 (2022-05-23)
+- Support parameter filter for `sentry-ruby` gem
+- [Breaking change] Drop dependency of `sentry-raven` gem
+
+# 1.1.4 (2022-05-02)
+- Fix ArgumentError on activerecord 7.0
+
+# 1.1.3 (2020-12-11)
+- Fix cookies not being filtered when used with Raven::Rack
+
+# 1.1.2 (2019-10-24)
+- Support Rails 6.0
+
 # 1.1.1 (2019-09-27)
 - Change to use ActiveSupport::LoggerSilence for thread safety #10
 

data/README.md

@@ -1,6 +1,6 @@
 # Blouson
 [![Gem Version](https://badge.fury.io/rb/blouson.svg)](https://badge.fury.io/rb/blouson)
-[![Build Status](https://travis-ci.org/cookpad/blouson.svg?branch=master)](https://travis-ci.org/cookpad/blouson)
+[![Build Status](https://github.com/cookpad/blouson/actions/workflows/ci.yml/badge.svg)](https://github.com/cookpad/blouson/actions/workflows/ci.yml)
 
 Blouson is a filter tool for Rails to conceal sensitive data from various logs.
 
@@ -65,6 +65,28 @@ end
 Arproxy.enable!
 ```
 
+### SentryParameterFilter
+Blouson provides an [sentry-ruby](https://github.com/getsentry/sentry-ruby) filter to conceal sensitive data from query string, request body, request headers and cookie values.
+
+```ruby
+require 'sentry-ruby'
+require 'blouson/sentry_parameter_filter'
+
+Sentry.init do |config|
+  # Enable `send_default_pii` to send the filtered sensitive information.
+  config.send_default_pii = true
+
+  filter_pattern = Rails.application.config.filter_parameters
+  secure_headers = %w(secret_token)
+  filter = Blouson::SentryParameterFilter.new(filter_pattern, secure_headers)
+
+  config.before_send = lambda do |event, _hint|
+    filter.process(event.to_hash)
+  end
+end
+
+```
+
 ### RavenParameterFilterProcessor
 Blouson provides an [Raven-Ruby](https://github.com/getsentry/raven-ruby) processor to conceal sensitive data from query string, request body, request headers and cookie values.
 
@@ -76,11 +98,12 @@ secure_headers = %w(secret_token)
 
 Raven.configure do |config|
   ...
-  config.processors = [Blouson::RavenParameterFilterProcessor.create(filter_pattern, secure_headers)]
+  config.processors << Blouson::RavenParameterFilterProcessor.create(filter_pattern, secure_headers)
   ...
 end
 ```
 
+
 ### SensitiveMailLogFilter
 ActionMailer outputs email address, all headers, and body text to the log when sending email.
 

data/blouson.gemspec

@@ -22,11 +22,12 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_dependency 'rails', '>= 4.0.0'
-  spec.add_dependency 'sentry-raven'
 
   spec.add_development_dependency 'arproxy'
   spec.add_development_dependency 'mysql2'
   spec.add_development_dependency 'pry'
+  spec.add_development_dependency 'sentry-raven'
+  spec.add_development_dependency 'sentry-ruby'
 
   spec.add_development_dependency 'appraisal'
   spec.add_development_dependency "bundler", ">= 1.14"

data/gemfiles/{rails_4.2.gemfile → rails_6.1.gemfile}

@@ -2,6 +2,6 @@
 
 source "https://rubygems.org"
 
-gem "rails", "~> 4.2.0"
+gem "rails", "~> 6.1.0"
 
 gemspec path: "../"

data/gemfiles/rails_7.0.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 7.0.0"
+
+gemspec path: "../"

data/lib/blouson/raven_parameter_filter_processor.rb

@@ -71,6 +71,10 @@ module Blouson
         end
 
         def process_cookie(value)
+          if (cookies = value.dig(:request, :cookies))
+            value[:request][:cookies] = @parameter_filter.filter(cookies)
+          end
+
           if value[:request] && value[:request][:headers] && value[:request][:headers]['Cookie']
             cookies  = Hash[value[:request][:headers]['Cookie'].split('; ').map { |pair| pair.split('=', 2) }]
             filtered = @parameter_filter.filter(cookies)

data/lib/blouson/sensitive_table_query_log_silencer.rb

@@ -1,13 +1,13 @@
 module Blouson
   class SensitiveTableQueryLogSilencer < Arproxy::Base
-    def execute(sql, name=nil)
+    def execute(sql, name=nil, **kwargs)
       if Rails.logger.level != Logger::DEBUG || !(Blouson::SENSITIVE_TABLE_REGEXP === sql)
-        return super(sql, name)
+        return super(sql, name, **kwargs)
       end
 
       ActiveRecord::Base.logger.silence(Logger::INFO) do
         Rails.logger.info "  [Blouson::SensitiveTableQueryLogSilencer] SQL Log is skipped for sensitive table"
-        super(sql, name)
+        super(sql, name, **kwargs)
       end
     end
   end

data/lib/blouson/sentry_parameter_filter.rb

@@ -0,0 +1,76 @@
+module Blouson
+  class SentryParameterFilter
+    def initialize(filters, header_filters = [])
+      # ActionDispatch::Http::ParameterFilter is deprecated and will be removed from Rails 6.1.
+      parameter_filter_klass = if defined?(ActiveSupport::ParameterFilter)
+                                 ActiveSupport::ParameterFilter
+                               else
+                                 ActionDispatch::Http::ParameterFilter
+                               end
+      @parameter_filter = parameter_filter_klass.new(filters)
+      @header_filters = header_filters.map(&:downcase)
+    end
+
+    def process(event)
+      process_query_string(event)
+      process_request_body(event)
+      process_request_header(event)
+      process_cookie(event)
+    ensure
+      return event
+    end
+
+    private
+
+    def process_request_body(event)
+      if event[:request] && event[:request][:data].present?
+        data = event[:request][:data]
+        if data.is_a?(String)
+          # Maybe JSON request
+          begin
+            data = JSON.parse(data)
+            event[:request][:data] = JSON.dump(@parameter_filter.filter(data))
+          rescue JSON::ParserError => e
+            # Record parser error to extra field
+            event[:extra]['BlousonError'] = e.message
+          end
+        else
+          event[:request][:data] = @parameter_filter.filter(data)
+        end
+      end
+    end
+
+    def process_query_string(event)
+      if event[:request] && event[:request][:query_string].present?
+        query    = Rack::Utils.parse_query(event[:request][:query_string])
+        filtered = @parameter_filter.filter(query)
+
+        event[:request][:query_string] = Rack::Utils.build_query(filtered)
+      end
+    end
+
+    def process_request_header(event)
+      if event[:request] && event[:request][:headers]
+        headers = event[:request][:headers]
+        headers.each_key do |k|
+          if @header_filters.include?(k.downcase)
+            headers[k] = 'FILTERED'
+          end
+        end
+      end
+    end
+
+    def process_cookie(event)
+      if (cookies = event.dig(:request, :cookies))
+        event[:request][:cookies] = @parameter_filter.filter(cookies)
+      end
+
+      if event[:request] && event[:request][:headers] && event[:request][:headers]['Cookie']
+        cookies  = Hash[event[:request][:headers]['Cookie'].split('; ').map { |pair| pair.split('=', 2) }]
+        filtered = @parameter_filter.filter(cookies)
+
+        event[:request][:headers]['Cookie'] = filtered.map { |pair| pair.join('=') }.join('; ')
+      end
+    end
+  end
+end

data/lib/blouson/version.rb

@@ -1,3 +1,3 @@
 module Blouson
-  VERSION = "1.1.2"
+  VERSION = "2.0.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: blouson
 version: !ruby/object:Gem::Version
-  version: 1.1.2
+  version: 2.0.0
 platform: ruby
 authors:
 - Cookpad Inc.
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2019-10-24 00:00:00.000000000 Z
+date: 2022-05-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -25,13 +25,13 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 4.0.0
 - !ruby/object:Gem::Dependency
-  name: sentry-raven
+  name: arproxy
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-  type: :runtime
+  type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
@@ -39,7 +39,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: arproxy
+  name: mysql2
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -53,7 +53,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: mysql2
+  name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -67,7 +67,21 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: pry
+  name: sentry-raven
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sentry-ruby
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -143,9 +157,9 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/ci.yml"
 - ".gitignore"
 - ".rspec"
-- ".travis.yml"
 - Appraisals
 - CHANGELOG.md
 - Gemfile
@@ -155,11 +169,12 @@ files:
 - bin/console
 - bin/setup
 - blouson.gemspec
-- gemfiles/rails_4.2.gemfile
 - gemfiles/rails_5.0.gemfile
 - gemfiles/rails_5.1.gemfile
 - gemfiles/rails_5.2.gemfile
 - gemfiles/rails_6.0.gemfile
+- gemfiles/rails_6.1.gemfile
+- gemfiles/rails_7.0.gemfile
 - lib/blouson.rb
 - lib/blouson/engine.rb
 - lib/blouson/raven_parameter_filter_processor.rb
@@ -167,13 +182,14 @@ files:
 - lib/blouson/sensitive_params_silener.rb
 - lib/blouson/sensitive_query_filter.rb
 - lib/blouson/sensitive_table_query_log_silencer.rb
+- lib/blouson/sentry_parameter_filter.rb
 - lib/blouson/tolerant_regexp.rb
 - lib/blouson/version.rb
 homepage: https://github.com/cookpad/blouson
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -188,8 +204,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key: 
+rubygems_version: 3.2.32
+signing_key:
 specification_version: 4
 summary: Filter tools to mask sensitive data in various logs
 test_files: []

data/.travis.yml

@@ -1,24 +0,0 @@
-sudo: false
-language: ruby
-services:
-  - mysql
-gemfile:
-  - gemfiles/rails_4.2.gemfile
-  - gemfiles/rails_5.0.gemfile
-  - gemfiles/rails_5.1.gemfile
-  - gemfiles/rails_5.2.gemfile
-  - gemfiles/rails_6.0.gemfile
-rvm:
-  - 2.3.8
-  - 2.4.6
-  - 2.5.5
-  - 2.6.3
-matrix:
-  exclude:
-    - rvm: 2.3.8
-      gemfile: gemfiles/rails_6.0.gemfile
-    - rvm: 2.4.6
-      gemfile: gemfiles/rails_6.0.gemfile
-before_install:
-  - "[[ $BUNDLE_GEMFILE =~ rails_4\\.2 ]] && gem uninstall -v '>= 2' -i $(rvm gemdir)@global -ax bundler || true"
-  - "[[ $BUNDLE_GEMFILE =~ rails_4\\.2 ]] && gem install bundler -v '< 2' || true"