blouson 1.1.4 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/README.md +23 -0
- data/blouson.gemspec +2 -1
- data/lib/blouson/sentry_parameter_filter.rb +76 -0
- data/lib/blouson/version.rb +1 -1
- metadata +23 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2b25599e819a53e78883ffd4e743eb30202e9e2fb3f8c7b040d89b538fae446f
|
|
4
|
+
data.tar.gz: 36685c9343cc6db285668bb8bfdd2d7d8ec29c15c621de8005551f6907ca0250
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ade492f5a1994bfed0f02412d98c0e996baa827bcc65ac4256bda7f851e6814d6f9c017e13da5013d7e0c9821e83859f3870ad82d5f7c2d4ac59d0aac024d01f
|
|
7
|
+
data.tar.gz: 3e995584ca65d2498bdcff2d4c6c5bc8cd3d06beadc22569e808408af634577e4d94bd70c18f0613b458e1b6b1466e7807a18bc52aacbce573389a5e4372fe52
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -65,6 +65,28 @@ end
|
|
|
65
65
|
Arproxy.enable!
|
|
66
66
|
```
|
|
67
67
|
|
|
68
|
+
### SentryParameterFilter
|
|
69
|
+
Blouson provides an [sentry-ruby](https://github.com/getsentry/sentry-ruby) filter to conceal sensitive data from query string, request body, request headers and cookie values.
|
|
70
|
+
|
|
71
|
+
```ruby
|
|
72
|
+
require 'sentry-ruby'
|
|
73
|
+
require 'blouson/sentry_parameter_filter'
|
|
74
|
+
|
|
75
|
+
Sentry.init do |config|
|
|
76
|
+
# Enable `send_default_pii` to send the filtered sensitive information.
|
|
77
|
+
config.send_default_pii = true
|
|
78
|
+
|
|
79
|
+
filter_pattern = Rails.application.config.filter_parameters
|
|
80
|
+
secure_headers = %w(secret_token)
|
|
81
|
+
filter = Blouson::SentryParameterFilter.new(filter_pattern, secure_headers)
|
|
82
|
+
|
|
83
|
+
config.before_send = lambda do |event, _hint|
|
|
84
|
+
filter.process(event.to_hash)
|
|
85
|
+
end
|
|
86
|
+
end
|
|
87
|
+
|
|
88
|
+
```
|
|
89
|
+
|
|
68
90
|
### RavenParameterFilterProcessor
|
|
69
91
|
Blouson provides an [Raven-Ruby](https://github.com/getsentry/raven-ruby) processor to conceal sensitive data from query string, request body, request headers and cookie values.
|
|
70
92
|
|
|
@@ -81,6 +103,7 @@ Raven.configure do |config|
|
|
|
81
103
|
end
|
|
82
104
|
```
|
|
83
105
|
|
|
106
|
+
|
|
84
107
|
### SensitiveMailLogFilter
|
|
85
108
|
ActionMailer outputs email address, all headers, and body text to the log when sending email.
|
|
86
109
|
|
data/blouson.gemspec
CHANGED
|
@@ -22,11 +22,12 @@ Gem::Specification.new do |spec|
|
|
|
22
22
|
spec.require_paths = ["lib"]
|
|
23
23
|
|
|
24
24
|
spec.add_dependency 'rails', '>= 4.0.0'
|
|
25
|
-
spec.add_dependency 'sentry-raven'
|
|
26
25
|
|
|
27
26
|
spec.add_development_dependency 'arproxy'
|
|
28
27
|
spec.add_development_dependency 'mysql2'
|
|
29
28
|
spec.add_development_dependency 'pry'
|
|
29
|
+
spec.add_development_dependency 'sentry-raven'
|
|
30
|
+
spec.add_development_dependency 'sentry-ruby'
|
|
30
31
|
|
|
31
32
|
spec.add_development_dependency 'appraisal'
|
|
32
33
|
spec.add_development_dependency "bundler", ">= 1.14"
|
|
@@ -0,0 +1,76 @@
|
|
|
1
|
+
module Blouson
|
|
2
|
+
class SentryParameterFilter
|
|
3
|
+
def initialize(filters, header_filters = [])
|
|
4
|
+
# ActionDispatch::Http::ParameterFilter is deprecated and will be removed from Rails 6.1.
|
|
5
|
+
parameter_filter_klass = if defined?(ActiveSupport::ParameterFilter)
|
|
6
|
+
ActiveSupport::ParameterFilter
|
|
7
|
+
else
|
|
8
|
+
ActionDispatch::Http::ParameterFilter
|
|
9
|
+
end
|
|
10
|
+
@parameter_filter = parameter_filter_klass.new(filters)
|
|
11
|
+
@header_filters = header_filters.map(&:downcase)
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def process(event)
|
|
15
|
+
process_query_string(event)
|
|
16
|
+
process_request_body(event)
|
|
17
|
+
process_request_header(event)
|
|
18
|
+
process_cookie(event)
|
|
19
|
+
ensure
|
|
20
|
+
return event
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
private
|
|
24
|
+
|
|
25
|
+
def process_request_body(event)
|
|
26
|
+
if event[:request] && event[:request][:data].present?
|
|
27
|
+
data = event[:request][:data]
|
|
28
|
+
if data.is_a?(String)
|
|
29
|
+
# Maybe JSON request
|
|
30
|
+
begin
|
|
31
|
+
data = JSON.parse(data)
|
|
32
|
+
event[:request][:data] = JSON.dump(@parameter_filter.filter(data))
|
|
33
|
+
rescue JSON::ParserError => e
|
|
34
|
+
# Record parser error to extra field
|
|
35
|
+
event[:extra]['BlousonError'] = e.message
|
|
36
|
+
end
|
|
37
|
+
else
|
|
38
|
+
event[:request][:data] = @parameter_filter.filter(data)
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
def process_query_string(event)
|
|
44
|
+
if event[:request] && event[:request][:query_string].present?
|
|
45
|
+
query = Rack::Utils.parse_query(event[:request][:query_string])
|
|
46
|
+
filtered = @parameter_filter.filter(query)
|
|
47
|
+
|
|
48
|
+
event[:request][:query_string] = Rack::Utils.build_query(filtered)
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
def process_request_header(event)
|
|
53
|
+
if event[:request] && event[:request][:headers]
|
|
54
|
+
headers = event[:request][:headers]
|
|
55
|
+
headers.each_key do |k|
|
|
56
|
+
if @header_filters.include?(k.downcase)
|
|
57
|
+
headers[k] = 'FILTERED'
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
end
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
def process_cookie(event)
|
|
64
|
+
if (cookies = event.dig(:request, :cookies))
|
|
65
|
+
event[:request][:cookies] = @parameter_filter.filter(cookies)
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
if event[:request] && event[:request][:headers] && event[:request][:headers]['Cookie']
|
|
69
|
+
cookies = Hash[event[:request][:headers]['Cookie'].split('; ').map { |pair| pair.split('=', 2) }]
|
|
70
|
+
filtered = @parameter_filter.filter(cookies)
|
|
71
|
+
|
|
72
|
+
event[:request][:headers]['Cookie'] = filtered.map { |pair| pair.join('=') }.join('; ')
|
|
73
|
+
end
|
|
74
|
+
end
|
|
75
|
+
end
|
|
76
|
+
end
|
data/lib/blouson/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: blouson
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 2.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Cookpad Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-05-
|
|
11
|
+
date: 2022-05-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -25,13 +25,13 @@ dependencies:
|
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
26
|
version: 4.0.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
|
-
name:
|
|
28
|
+
name: arproxy
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
31
|
- - ">="
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
33
|
version: '0'
|
|
34
|
-
type: :
|
|
34
|
+
type: :development
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
@@ -39,7 +39,7 @@ dependencies:
|
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '0'
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
|
-
name:
|
|
42
|
+
name: mysql2
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
44
44
|
requirements:
|
|
45
45
|
- - ">="
|
|
@@ -53,7 +53,7 @@ dependencies:
|
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
54
|
version: '0'
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
|
-
name:
|
|
56
|
+
name: pry
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
58
58
|
requirements:
|
|
59
59
|
- - ">="
|
|
@@ -67,7 +67,21 @@ dependencies:
|
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
68
|
version: '0'
|
|
69
69
|
- !ruby/object:Gem::Dependency
|
|
70
|
-
name:
|
|
70
|
+
name: sentry-raven
|
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
|
72
|
+
requirements:
|
|
73
|
+
- - ">="
|
|
74
|
+
- !ruby/object:Gem::Version
|
|
75
|
+
version: '0'
|
|
76
|
+
type: :development
|
|
77
|
+
prerelease: false
|
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
79
|
+
requirements:
|
|
80
|
+
- - ">="
|
|
81
|
+
- !ruby/object:Gem::Version
|
|
82
|
+
version: '0'
|
|
83
|
+
- !ruby/object:Gem::Dependency
|
|
84
|
+
name: sentry-ruby
|
|
71
85
|
requirement: !ruby/object:Gem::Requirement
|
|
72
86
|
requirements:
|
|
73
87
|
- - ">="
|
|
@@ -168,6 +182,7 @@ files:
|
|
|
168
182
|
- lib/blouson/sensitive_params_silener.rb
|
|
169
183
|
- lib/blouson/sensitive_query_filter.rb
|
|
170
184
|
- lib/blouson/sensitive_table_query_log_silencer.rb
|
|
185
|
+
- lib/blouson/sentry_parameter_filter.rb
|
|
171
186
|
- lib/blouson/tolerant_regexp.rb
|
|
172
187
|
- lib/blouson/version.rb
|
|
173
188
|
homepage: https://github.com/cookpad/blouson
|
|
@@ -189,7 +204,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
189
204
|
- !ruby/object:Gem::Version
|
|
190
205
|
version: '0'
|
|
191
206
|
requirements: []
|
|
192
|
-
rubygems_version: 3.
|
|
207
|
+
rubygems_version: 3.2.32
|
|
193
208
|
signing_key:
|
|
194
209
|
specification_version: 4
|
|
195
210
|
summary: Filter tools to mask sensitive data in various logs
|