carwash 1.0.4 → 1.0.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/carwash/scrubber.rb +41 -26
  3. data/lib/carwash/version.rb +1 -1
  4. data/lib/carwash/xml_value_discoverer.rb +4 -4
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 7b7a07eb7fcf84ad48099cdad935a4fd85afc924
4
- data.tar.gz: 87d2f6e4e62bd01e5f8aa2756b47c3b2987f4755
3
+ metadata.gz: d559bc6cb0b4d325e285d59b098e66141dcf6d8e
4
+ data.tar.gz: 2fc6b36b9ae7b0718dc02f07c4d4e3cf69afd385
5
5
  SHA512:
6
- metadata.gz: 3de0d22683fada1ef9ea3a4c98b9491a79892453272c8b0b3163d2df303402759e5b873768b804138bb76a1f494511b215346660f0388e582e7d136da32e7e01
7
- data.tar.gz: ae9baac4b486750a84dfada4332df477df5633f1ae2a4f669bc4ca252cf46ab9ef1ec947410937b4994c0d2bbe1be9c7a2e9840376133674818dfbe16dde6044
6
+ metadata.gz: de4df85bb09518aeb399879a4a5b2e04c44b9a9a86e4046830637864a37526a0fcb3801836b9445b3b5d410fd8a38ed25530e61daa65f9f612ce376fde1139f2
7
+ data.tar.gz: 4738821566324ae37176b9e29bcc75c40e9973df3aa2a36b5e106ee5d991821bd858b13489638bb67a1d19950a29770d8ebc1e7b12cabf2a047ae01f56a4ed99
data/lib/carwash/scrubber.rb CHANGED
@@ -9,27 +9,37 @@ class Carwash::Scrubber
9
9
  attr_accessor :obscure_with
10
10
  attr_reader :sensitive_keys
11
11
 
12
- def initialize(options = {})
13
- @sensitive_keys = options.fetch(:sensitive_keys, DEFAULT_SENSITIVE_KEYS)
14
- @check_for_rails = options.fetch(:check_for_rails, true)
15
- @check_env_vars = options.fetch(:check_env_vars, true)
16
- @obscure_with = options.fetch(:obscure_with, DEFAULT_OBSCURE_WITH)
12
+ def initialize(sensitive_keys: DEFAULT_SENSITIVE_KEYS,
13
+ obscure_with: DEFAULT_OBSCURE_WITH,
14
+ check_for_rails: true,
15
+ check_env_vars: true)
16
+ @obscure_with = obscure_with
17
17
 
18
- @sensitive_keys = Set.new(@sensitive_keys.map(&:to_s).map(&:downcase))
18
+ @sensitive_keys = Set.new(sensitive_keys.map(&:to_s).map(&:downcase))
19
19
  @sensitive_vals = Set.new
20
20
 
21
- if @check_for_rails && defined? Rails
22
- @sensitive_keys += Rails.configuration.filter_parameters.map(&:to_s).map(&:downcase).compact
23
- @sensitive_keys += Rails.application.secrets.keys.map(&:to_s).map(&:downcase).compact
24
- @sensitive_vals += Rails.application.secrets.values.map(&:to_s).map(&:downcase).compact
21
+ add_rails_secrets if check_for_rails && defined? Rails
22
+
23
+ add_env_values if check_env_vars
24
+ end
25
+
26
+ # Adds keys and values from Rails' secrets.yml and filter_parameters.
27
+ def add_rails_secrets
28
+ @sensitive_keys += Rails.configuration.filter_parameters.map(&:to_s).map(&:downcase).compact
29
+ @sensitive_keys += Rails.application.secrets.keys.map(&:to_s).map(&:downcase).compact
30
+
31
+ Rails.application.secrets.values.each do |secret|
32
+ add_sensitive_value(secret)
25
33
  end
34
+ end
26
35
 
27
- if @check_env_vars
28
- ENV.each do |env_key, env_val|
29
- @sensitive_keys.each do |key|
30
- if env_key =~ %r{[_-]?#{key}}i
31
- @sensitive_vals.add env_val.downcase
32
- end
36
+ # Adds sensitive values (as determined by the existing set of sensitive keys)
37
+ # found in environment variables.
38
+ def add_env_values
39
+ ENV.each do |env_key, env_val|
40
+ @sensitive_keys.each do |key|
41
+ if env_key =~ %r{[_-]?#{key}}i
42
+ add_sensitive_value(env_val)
33
43
  end
34
44
  end
35
45
  end
@@ -39,7 +49,10 @@ class Carwash::Scrubber
39
49
  # passwords/keys that are known at startup time, without relying on value
40
50
  # discovery.
41
51
  def add_sensitive_value(value)
42
- @sensitive_vals.add(value.to_s.downcase)
52
+ value = value.to_s.downcase.strip
53
+ if !value.empty?
54
+ @sensitive_vals.add(value.to_s.downcase)
55
+ end
43
56
  end
44
57
 
45
58
  # Adds a string to the list of sensitive keys, to be used when learning new
@@ -54,7 +67,9 @@ class Carwash::Scrubber
54
67
  # known sensitive values.
55
68
  def discover_sensitive_values(line)
56
69
  value_discoverers.each do |discoverer|
57
- @sensitive_vals += discoverer.discover(line).map(&:to_s).map(&:downcase)
70
+ discoverer.discover(line).each do |value|
71
+ add_sensitive_value(value)
72
+ end
58
73
  end
59
74
  end
60
75
 
@@ -63,33 +78,33 @@ class Carwash::Scrubber
63
78
  #
64
79
  # NOTE: Does *not* discover/learn values from the line; use `#scrub` to both
65
80
  # discover and obscure based on the line.
66
- def obscure_sensitive_values(line, options = {})
81
+ def obscure_sensitive_values(line, obscure_with: self.obscure_with)
67
82
  line = line.clone
68
- obscure_sensitive_values!(line, options)
83
+ obscure_sensitive_values!(line, obscure_with: obscure_with)
69
84
  line
70
85
  end
71
86
 
72
87
  # Go through a line of text and obscure any potentially sensitive values
73
88
  # detected. Makes replacements in place.
74
- def obscure_sensitive_values!(line, options = {})
89
+ def obscure_sensitive_values!(line, obscure_with: self.obscure_with)
75
90
  @sensitive_vals.each do |val|
76
- line.gsub!(val, options.fetch(:obscure_with, self.obscure_with))
91
+ line.gsub!(val, obscure_with)
77
92
  end
78
93
  end
79
94
 
80
95
  # Scans the line to try and discover potentially sensitive values, then
81
96
  # obscures all sensitive values known. Returns the line with replacements
82
97
  # made.
83
- def scrub(line, options = {})
98
+ def scrub(line, obscure_with: self.obscure_with)
84
99
  discover_sensitive_values(line)
85
- obscure_sensitive_values(line, options)
100
+ obscure_sensitive_values(line, obscure_with: obscure_with)
86
101
  end
87
102
 
88
103
  # Scans the line to try and discover potentially sensitive values, then
89
104
  # obscures all sensitive values known. Makes replacements in place.
90
- def scrub!(line, options = {})
105
+ def scrub!(line, obscure_with: self.obscure_with)
91
106
  discover_sensitive_values(line)
92
- obscure_sensitive_values!(line, options)
107
+ obscure_sensitive_values!(line, obscure_with: obscure_with)
93
108
  end
94
109
 
95
110
  # Learns from and scrubs each line of an input stream, writing the result to
data/lib/carwash/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Carwash
2
- VERSION = "1.0.4"
2
+ VERSION = "1.0.5"
3
3
  end
data/lib/carwash/xml_value_discoverer.rb CHANGED
@@ -5,10 +5,10 @@ require 'rexml/document'
5
5
  # since they match the `key="value"` format that it handles.
6
6
  class Carwash::XmlValueDiscoverer < Struct.new(:key)
7
7
  def discover(line)
8
- line.scan(%r{[^/]#{key}>(?:([^<]+)|<!\[CDATA\[(.*?)\]\])}i).
9
- map(&:compact).
10
- flatten(1).
11
- map { |val| unescape_value(val) }
8
+ line.scan(%r{[^/]#{key}>(?:([^<]+)|<!\[CDATA\[(.*?)\]\])}i)
9
+ .map(&:compact)
10
+ .flatten(1)
11
+ .map { |val| unescape_value(val) }
12
12
  end
13
13
 
14
14
  def unescape_value(value)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: carwash
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.4
4
+ version: 1.0.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nathan Clark
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2017-05-30 00:00:00.000000000 Z
11
+ date: 2017-06-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler