carwash 1.0.0 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/carwash.gemspec +2 -0
- data/lib/carwash/scrubber.rb +17 -17
- data/lib/carwash/version.rb +1 -1
- data/lib/carwash/xml_value_discoverer.rb +4 -4
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7dedb715ebed845cfa7533e62fc0259c32e1d486
|
4
|
+
data.tar.gz: 31caf74a8cc0341b4e0d19e71093a2bc89003b7a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3363073c280fbd86f5822e6bd16dbee1ef403ea4f9d59ca45177984e274b6ddb9f5ac321f0fe05b96ffde29e3c5bfb9a04f6cf2e00af896ae2a0376d41d2d91b
|
7
|
+
data.tar.gz: 2545cb05ff0632561f9ed4a749df5c97a75240fe8727e3f0f1da8f7fa8f0e86eda5d57fde19136600d0d94cdc08730a1112199722d3b6f7e731aea76bfa55d0a
|
data/carwash.gemspec
CHANGED
@@ -20,6 +20,8 @@ Gem::Specification.new do |spec|
|
|
20
20
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
21
21
|
spec.require_paths = ["lib"]
|
22
22
|
|
23
|
+
spec.required_ruby_version = "~> 2.0"
|
24
|
+
|
23
25
|
spec.add_development_dependency "bundler", "~> 1.14"
|
24
26
|
spec.add_development_dependency "rake", "~> 10.0"
|
25
27
|
spec.add_development_dependency "rspec", "~> 3.0"
|
data/lib/carwash/scrubber.rb
CHANGED
@@ -4,27 +4,27 @@ require "set"
|
|
4
4
|
# obscures them in lines of text.
|
5
5
|
class Carwash::Scrubber
|
6
6
|
DEFAULT_OBSCURE_WITH = "********"
|
7
|
-
DEFAULT_SENSITIVE_KEYS = %w[key password
|
7
|
+
DEFAULT_SENSITIVE_KEYS = %w[key password token]
|
8
8
|
|
9
9
|
attr_accessor :obscure_with
|
10
10
|
attr_reader :sensitive_keys
|
11
11
|
|
12
|
-
def initialize(
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
@obscure_with
|
12
|
+
def initialize(options = {})
|
13
|
+
@sensitive_keys = options.fetch(:sensitive_keys, DEFAULT_SENSITIVE_KEYS)
|
14
|
+
@check_for_rails = options.fetch(:check_for_rails, true)
|
15
|
+
@check_env_vars = options.fetch(:check_env_vars, true)
|
16
|
+
@obscure_with = options.fetch(:obscure_with, DEFAULT_OBSCURE_WITH)
|
17
17
|
|
18
|
-
@sensitive_keys = Set.new(sensitive_keys.map(&:to_s).map(&:downcase))
|
18
|
+
@sensitive_keys = Set.new(@sensitive_keys.map(&:to_s).map(&:downcase))
|
19
19
|
@sensitive_vals = Set.new
|
20
20
|
|
21
|
-
if check_for_rails && defined? Rails
|
21
|
+
if @check_for_rails && defined? Rails
|
22
22
|
@sensitive_keys += Rails.configuration.filter_parameters.map(&:to_s).map(&:downcase).compact
|
23
23
|
@sensitive_keys += Rails.application.secrets.keys.map(&:to_s).map(&:downcase).compact
|
24
24
|
@sensitive_vals += Rails.application.secrets.values.map(&:to_s).map(&:downcase).compact
|
25
25
|
end
|
26
26
|
|
27
|
-
if check_env_vars
|
27
|
+
if @check_env_vars
|
28
28
|
ENV.each do |env_key, env_val|
|
29
29
|
@sensitive_keys.each do |key|
|
30
30
|
if env_key =~ %r{[_-]?#{key}}i
|
@@ -63,33 +63,33 @@ class Carwash::Scrubber
|
|
63
63
|
#
|
64
64
|
# NOTE: Does *not* discover/learn values from the line; use `#scrub` to both
|
65
65
|
# discover and obscure based on the line.
|
66
|
-
def obscure_sensitive_values(line,
|
66
|
+
def obscure_sensitive_values(line, options = {})
|
67
67
|
line = line.clone
|
68
|
-
obscure_sensitive_values!(line,
|
68
|
+
obscure_sensitive_values!(line, options)
|
69
69
|
line
|
70
70
|
end
|
71
71
|
|
72
72
|
# Go through a line of text and obscure any potentially sensitive values
|
73
73
|
# detected. Makes replacements in place.
|
74
|
-
def obscure_sensitive_values!(line,
|
74
|
+
def obscure_sensitive_values!(line, options = {})
|
75
75
|
@sensitive_vals.each do |val|
|
76
|
-
line.gsub!(val, obscure_with)
|
76
|
+
line.gsub!(val, options.fetch(:obscure_with, self.obscure_with))
|
77
77
|
end
|
78
78
|
end
|
79
79
|
|
80
80
|
# Scans the line to try and discover potentially sensitive values, then
|
81
81
|
# obscures all sensitive values known. Returns the line with replacements
|
82
82
|
# made.
|
83
|
-
def scrub(line,
|
83
|
+
def scrub(line, options = {})
|
84
84
|
discover_sensitive_values(line)
|
85
|
-
obscure_sensitive_values(line,
|
85
|
+
obscure_sensitive_values(line, options)
|
86
86
|
end
|
87
87
|
|
88
88
|
# Scans the line to try and discover potentially sensitive values, then
|
89
89
|
# obscures all sensitive values known. Makes replacements in place.
|
90
|
-
def scrub!(line,
|
90
|
+
def scrub!(line, options = {})
|
91
91
|
discover_sensitive_values(line)
|
92
|
-
obscure_sensitive_values!(line,
|
92
|
+
obscure_sensitive_values!(line, options)
|
93
93
|
end
|
94
94
|
|
95
95
|
# Learns from and scrubs each line of an input stream, writing the result to
|
data/lib/carwash/version.rb
CHANGED
@@ -5,10 +5,10 @@ require 'rexml/document'
|
|
5
5
|
# since they match the `key="value"` format that it handles.
|
6
6
|
class Carwash::XmlValueDiscoverer < Struct.new(:key)
|
7
7
|
def discover(line)
|
8
|
-
line.scan(%r{[^/]#{key}>(?:([^<]+)|<!\[CDATA\[(.*?)\]\])}i)
|
9
|
-
|
10
|
-
|
11
|
-
|
8
|
+
line.scan(%r{[^/]#{key}>(?:([^<]+)|<!\[CDATA\[(.*?)\]\])}i).
|
9
|
+
map(&:compact).
|
10
|
+
flatten(1).
|
11
|
+
map { |val| unescape_value(val) }
|
12
12
|
end
|
13
13
|
|
14
14
|
def unescape_value(value)
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: carwash
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Nathan Clark
|
@@ -86,9 +86,9 @@ require_paths:
|
|
86
86
|
- lib
|
87
87
|
required_ruby_version: !ruby/object:Gem::Requirement
|
88
88
|
requirements:
|
89
|
-
- - "
|
89
|
+
- - "~>"
|
90
90
|
- !ruby/object:Gem::Version
|
91
|
-
version: '0'
|
91
|
+
version: '2.0'
|
92
92
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
93
93
|
requirements:
|
94
94
|
- - ">="
|