blouson 1.1.4 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/README.md +23 -0
- data/blouson.gemspec +2 -1
- data/lib/blouson/sentry_parameter_filter.rb +76 -0
- data/lib/blouson/version.rb +1 -1
- metadata +23 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2b25599e819a53e78883ffd4e743eb30202e9e2fb3f8c7b040d89b538fae446f
|
|
4
|
+
data.tar.gz: 36685c9343cc6db285668bb8bfdd2d7d8ec29c15c621de8005551f6907ca0250
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ade492f5a1994bfed0f02412d98c0e996baa827bcc65ac4256bda7f851e6814d6f9c017e13da5013d7e0c9821e83859f3870ad82d5f7c2d4ac59d0aac024d01f
|
|
7
|
+
data.tar.gz: 3e995584ca65d2498bdcff2d4c6c5bc8cd3d06beadc22569e808408af634577e4d94bd70c18f0613b458e1b6b1466e7807a18bc52aacbce573389a5e4372fe52
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -65,6 +65,28 @@ end
|
|
|
65
65
|
Arproxy.enable!
|
|
66
66
|
```
|
|
67
67
|
|
|
68
|
+
### SentryParameterFilter
|
|
69
|
+
Blouson provides an [sentry-ruby](https://github.com/getsentry/sentry-ruby) filter to conceal sensitive data from query string, request body, request headers and cookie values.
|
|
70
|
+
|
|
71
|
+
```ruby
|
|
72
|
+
require 'sentry-ruby'
|
|
73
|
+
require 'blouson/sentry_parameter_filter'
|
|
74
|
+
|
|
75
|
+
Sentry.init do |config|
|
|
76
|
+
# Enable `send_default_pii` to send the filtered sensitive information.
|
|
77
|
+
config.send_default_pii = true
|
|
78
|
+
|
|
79
|
+
filter_pattern = Rails.application.config.filter_parameters
|
|
80
|
+
secure_headers = %w(secret_token)
|
|
81
|
+
filter = Blouson::SentryParameterFilter.new(filter_pattern, secure_headers)
|
|
82
|
+
|
|
83
|
+
config.before_send = lambda do |event, _hint|
|
|
84
|
+
filter.process(event.to_hash)
|
|
85
|
+
end
|
|
86
|
+
end
|
|
87
|
+
|
|
88
|
+
```
|
|
89
|
+
|
|
68
90
|
### RavenParameterFilterProcessor
|
|
69
91
|
Blouson provides an [Raven-Ruby](https://github.com/getsentry/raven-ruby) processor to conceal sensitive data from query string, request body, request headers and cookie values.
|
|
70
92
|
|
|
@@ -81,6 +103,7 @@ Raven.configure do |config|
|
|
|
81
103
|
end
|
|
82
104
|
```
|
|
83
105
|
|
|
106
|
+
|
|
84
107
|
### SensitiveMailLogFilter
|
|
85
108
|
ActionMailer outputs email address, all headers, and body text to the log when sending email.
|
|
86
109
|
|
data/blouson.gemspec
CHANGED
|
@@ -22,11 +22,12 @@ Gem::Specification.new do |spec|
|
|
|
22
22
|
spec.require_paths = ["lib"]
|
|
23
23
|
|
|
24
24
|
spec.add_dependency 'rails', '>= 4.0.0'
|
|
25
|
-
spec.add_dependency 'sentry-raven'
|
|
26
25
|
|
|
27
26
|
spec.add_development_dependency 'arproxy'
|
|
28
27
|
spec.add_development_dependency 'mysql2'
|
|
29
28
|
spec.add_development_dependency 'pry'
|
|
29
|
+
spec.add_development_dependency 'sentry-raven'
|
|
30
|
+
spec.add_development_dependency 'sentry-ruby'
|
|
30
31
|
|
|
31
32
|
spec.add_development_dependency 'appraisal'
|
|
32
33
|
spec.add_development_dependency "bundler", ">= 1.14"
|
|
@@ -0,0 +1,76 @@
|
|
|
1
|
+
module Blouson
|
|
2
|
+
class SentryParameterFilter
|
|
3
|
+
def initialize(filters, header_filters = [])
|
|
4
|
+
# ActionDispatch::Http::ParameterFilter is deprecated and will be removed from Rails 6.1.
|
|
5
|
+
parameter_filter_klass = if defined?(ActiveSupport::ParameterFilter)
|
|
6
|
+
ActiveSupport::ParameterFilter
|
|
7
|
+
else
|
|
8
|
+
ActionDispatch::Http::ParameterFilter
|
|
9
|
+
end
|
|
10
|
+
@parameter_filter = parameter_filter_klass.new(filters)
|
|
11
|
+
@header_filters = header_filters.map(&:downcase)
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def process(event)
|
|
15
|
+
process_query_string(event)
|
|
16
|
+
process_request_body(event)
|
|
17
|
+
process_request_header(event)
|
|
18
|
+
process_cookie(event)
|
|
19
|
+
ensure
|
|
20
|
+
return event
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
private
|
|
24
|
+
|
|
25
|
+
def process_request_body(event)
|
|
26
|
+
if event[:request] && event[:request][:data].present?
|
|
27
|
+
data = event[:request][:data]
|
|
28
|
+
if data.is_a?(String)
|
|
29
|
+
# Maybe JSON request
|
|
30
|
+
begin
|
|
31
|
+
data = JSON.parse(data)
|
|
32
|
+
event[:request][:data] = JSON.dump(@parameter_filter.filter(data))
|
|
33
|
+
rescue JSON::ParserError => e
|
|
34
|
+
# Record parser error to extra field
|
|
35
|
+
event[:extra]['BlousonError'] = e.message
|
|
36
|
+
end
|
|
37
|
+
else
|
|
38
|
+
event[:request][:data] = @parameter_filter.filter(data)
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
def process_query_string(event)
|
|
44
|
+
if event[:request] && event[:request][:query_string].present?
|
|
45
|
+
query = Rack::Utils.parse_query(event[:request][:query_string])
|
|
46
|
+
filtered = @parameter_filter.filter(query)
|
|
47
|
+
|
|
48
|
+
event[:request][:query_string] = Rack::Utils.build_query(filtered)
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
def process_request_header(event)
|
|
53
|
+
if event[:request] && event[:request][:headers]
|
|
54
|
+
headers = event[:request][:headers]
|
|
55
|
+
headers.each_key do |k|
|
|
56
|
+
if @header_filters.include?(k.downcase)
|
|
57
|
+
headers[k] = 'FILTERED'
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
end
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
def process_cookie(event)
|
|
64
|
+
if (cookies = event.dig(:request, :cookies))
|
|
65
|
+
event[:request][:cookies] = @parameter_filter.filter(cookies)
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
if event[:request] && event[:request][:headers] && event[:request][:headers]['Cookie']
|
|
69
|
+
cookies = Hash[event[:request][:headers]['Cookie'].split('; ').map { |pair| pair.split('=', 2) }]
|
|
70
|
+
filtered = @parameter_filter.filter(cookies)
|
|
71
|
+
|
|
72
|
+
event[:request][:headers]['Cookie'] = filtered.map { |pair| pair.join('=') }.join('; ')
|
|
73
|
+
end
|
|
74
|
+
end
|
|
75
|
+
end
|
|
76
|
+
end
|
data/lib/blouson/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: blouson
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 2.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Cookpad Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-05-
|
|
11
|
+
date: 2022-05-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -25,13 +25,13 @@ dependencies:
|
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
26
|
version: 4.0.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
|
-
name:
|
|
28
|
+
name: arproxy
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
31
|
- - ">="
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
33
|
version: '0'
|
|
34
|
-
type: :
|
|
34
|
+
type: :development
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
@@ -39,7 +39,7 @@ dependencies:
|
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '0'
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
|
-
name:
|
|
42
|
+
name: mysql2
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
44
44
|
requirements:
|
|
45
45
|
- - ">="
|
|
@@ -53,7 +53,7 @@ dependencies:
|
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
54
|
version: '0'
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
|
-
name:
|
|
56
|
+
name: pry
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
58
58
|
requirements:
|
|
59
59
|
- - ">="
|
|
@@ -67,7 +67,21 @@ dependencies:
|
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
68
|
version: '0'
|
|
69
69
|
- !ruby/object:Gem::Dependency
|
|
70
|
-
name:
|
|
70
|
+
name: sentry-raven
|
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
|
72
|
+
requirements:
|
|
73
|
+
- - ">="
|
|
74
|
+
- !ruby/object:Gem::Version
|
|
75
|
+
version: '0'
|
|
76
|
+
type: :development
|
|
77
|
+
prerelease: false
|
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
79
|
+
requirements:
|
|
80
|
+
- - ">="
|
|
81
|
+
- !ruby/object:Gem::Version
|
|
82
|
+
version: '0'
|
|
83
|
+
- !ruby/object:Gem::Dependency
|
|
84
|
+
name: sentry-ruby
|
|
71
85
|
requirement: !ruby/object:Gem::Requirement
|
|
72
86
|
requirements:
|
|
73
87
|
- - ">="
|
|
@@ -168,6 +182,7 @@ files:
|
|
|
168
182
|
- lib/blouson/sensitive_params_silener.rb
|
|
169
183
|
- lib/blouson/sensitive_query_filter.rb
|
|
170
184
|
- lib/blouson/sensitive_table_query_log_silencer.rb
|
|
185
|
+
- lib/blouson/sentry_parameter_filter.rb
|
|
171
186
|
- lib/blouson/tolerant_regexp.rb
|
|
172
187
|
- lib/blouson/version.rb
|
|
173
188
|
homepage: https://github.com/cookpad/blouson
|
|
@@ -189,7 +204,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
189
204
|
- !ruby/object:Gem::Version
|
|
190
205
|
version: '0'
|
|
191
206
|
requirements: []
|
|
192
|
-
rubygems_version: 3.
|
|
207
|
+
rubygems_version: 3.2.32
|
|
193
208
|
signing_key:
|
|
194
209
|
specification_version: 4
|
|
195
210
|
summary: Filter tools to mask sensitive data in various logs
|