RubyGems - carwash - Versions diffs - 1.0.4 → 1.0.5 - Mend

carwash 1.0.4 → 1.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/lib/carwash/scrubber.rb +41 -26
data/lib/carwash/version.rb +1 -1
data/lib/carwash/xml_value_discoverer.rb +4 -4
metadata +2 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7b7a07eb7fcf84ad48099cdad935a4fd85afc924
-  data.tar.gz: 87d2f6e4e62bd01e5f8aa2756b47c3b2987f4755
+  metadata.gz: d559bc6cb0b4d325e285d59b098e66141dcf6d8e
+  data.tar.gz: 2fc6b36b9ae7b0718dc02f07c4d4e3cf69afd385
 SHA512:
-  metadata.gz: 3de0d22683fada1ef9ea3a4c98b9491a79892453272c8b0b3163d2df303402759e5b873768b804138bb76a1f494511b215346660f0388e582e7d136da32e7e01
-  data.tar.gz: ae9baac4b486750a84dfada4332df477df5633f1ae2a4f669bc4ca252cf46ab9ef1ec947410937b4994c0d2bbe1be9c7a2e9840376133674818dfbe16dde6044
+  metadata.gz: de4df85bb09518aeb399879a4a5b2e04c44b9a9a86e4046830637864a37526a0fcb3801836b9445b3b5d410fd8a38ed25530e61daa65f9f612ce376fde1139f2
+  data.tar.gz: 4738821566324ae37176b9e29bcc75c40e9973df3aa2a36b5e106ee5d991821bd858b13489638bb67a1d19950a29770d8ebc1e7b12cabf2a047ae01f56a4ed99

data/lib/carwash/scrubber.rb CHANGED

@@ -9,27 +9,37 @@ class Carwash::Scrubber
   attr_accessor :obscure_with
   attr_reader :sensitive_keys
-  def initialize(options = {})
-    @sensitive_keys  = options.fetch(:sensitive_keys, DEFAULT_SENSITIVE_KEYS)
-    @check_for_rails = options.fetch(:check_for_rails, true)
-    @check_env_vars  = options.fetch(:check_env_vars, true)
-    @obscure_with    = options.fetch(:obscure_with, DEFAULT_OBSCURE_WITH)
+  def initialize(sensitive_keys: DEFAULT_SENSITIVE_KEYS,
+                 obscure_with: DEFAULT_OBSCURE_WITH,
+                 check_for_rails: true,
+                 check_env_vars: true)
+    @obscure_with = obscure_with
-    @sensitive_keys = Set.new(@sensitive_keys.map(&:to_s).map(&:downcase))
+    @sensitive_keys = Set.new(sensitive_keys.map(&:to_s).map(&:downcase))
     @sensitive_vals = Set.new
-    if @check_for_rails && defined? Rails
-      @sensitive_keys += Rails.configuration.filter_parameters.map(&:to_s).map(&:downcase).compact
-      @sensitive_keys += Rails.application.secrets.keys.map(&:to_s).map(&:downcase).compact
-      @sensitive_vals += Rails.application.secrets.values.map(&:to_s).map(&:downcase).compact
+    add_rails_secrets if check_for_rails && defined? Rails
+    add_env_values if check_env_vars
+  end
+  # Adds keys and values from Rails' secrets.yml and filter_parameters.
+  def add_rails_secrets
+    @sensitive_keys += Rails.configuration.filter_parameters.map(&:to_s).map(&:downcase).compact
+    @sensitive_keys += Rails.application.secrets.keys.map(&:to_s).map(&:downcase).compact
+    Rails.application.secrets.values.each do |secret|
+      add_sensitive_value(secret)
     end
+  end
-    if @check_env_vars
-      ENV.each do |env_key, env_val|
-        @sensitive_keys.each do |key|
-          if env_key =~ %r{[_-]?#{key}}i
-            @sensitive_vals.add env_val.downcase
-          end
+  # Adds sensitive values (as determined by the existing set of sensitive keys)
+  # found in environment variables.
+  def add_env_values
+    ENV.each do |env_key, env_val|
+      @sensitive_keys.each do |key|
+        if env_key =~ %r{[_-]?#{key}}i
+          add_sensitive_value(env_val)
         end
       end
     end
@@ -39,7 +49,10 @@ class Carwash::Scrubber
   # passwords/keys that are known at startup time, without relying on value
   # discovery.
   def add_sensitive_value(value)
-    @sensitive_vals.add(value.to_s.downcase)
+    value = value.to_s.downcase.strip
+    if !value.empty?
+      @sensitive_vals.add(value.to_s.downcase)
+    end
   end
   # Adds a string to the list of sensitive keys, to be used when learning new
@@ -54,7 +67,9 @@ class Carwash::Scrubber
   # known sensitive values.
   def discover_sensitive_values(line)
     value_discoverers.each do |discoverer|
-      @sensitive_vals += discoverer.discover(line).map(&:to_s).map(&:downcase)
+      discoverer.discover(line).each do |value|
+        add_sensitive_value(value)
+      end
     end
   end
@@ -63,33 +78,33 @@ class Carwash::Scrubber
   #
   # NOTE: Does *not* discover/learn values from the line; use `#scrub` to both
   # discover and obscure based on the line.
-  def obscure_sensitive_values(line, options = {})
+  def obscure_sensitive_values(line, obscure_with: self.obscure_with)
     line = line.clone
-    obscure_sensitive_values!(line, options)
+    obscure_sensitive_values!(line, obscure_with: obscure_with)
     line
   end
   # Go through a line of text and obscure any potentially sensitive values
   # detected. Makes replacements in place.
-  def obscure_sensitive_values!(line, options = {})
+  def obscure_sensitive_values!(line, obscure_with: self.obscure_with)
     @sensitive_vals.each do |val|
-      line.gsub!(val, options.fetch(:obscure_with, self.obscure_with))
+      line.gsub!(val, obscure_with)
     end
   end
   # Scans the line to try and discover potentially sensitive values, then
   # obscures all sensitive values known. Returns the line with replacements
   # made.
-  def scrub(line, options = {})
+  def scrub(line, obscure_with: self.obscure_with)
     discover_sensitive_values(line)
-    obscure_sensitive_values(line, options)
+    obscure_sensitive_values(line, obscure_with: obscure_with)
   end
   # Scans the line to try and discover potentially sensitive values, then
   # obscures all sensitive values known. Makes replacements in place.
-  def scrub!(line, options = {})
+  def scrub!(line, obscure_with: self.obscure_with)
     discover_sensitive_values(line)
-    obscure_sensitive_values!(line, options)
+    obscure_sensitive_values!(line, obscure_with: obscure_with)
   end
   # Learns from and scrubs each line of an input stream, writing the result to

data/lib/carwash/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Carwash
-  VERSION = "1.0.4"
+  VERSION = "1.0.5"
 end

data/lib/carwash/xml_value_discoverer.rb CHANGED

@@ -5,10 +5,10 @@ require 'rexml/document'
 # since they match the `key="value"` format that it handles.
 class Carwash::XmlValueDiscoverer < Struct.new(:key)
   def discover(line)
-    line.scan(%r{[^/]#{key}>(?:([^<]+)|<!\[CDATA\[(.*?)\]\])}i).
-      map(&:compact).
-      flatten(1).
-      map { |val| unescape_value(val) }
+    line.scan(%r{[^/]#{key}>(?:([^<]+)|<!\[CDATA\[(.*?)\]\])}i)
+      .map(&:compact)
+      .flatten(1)
+      .map { |val| unescape_value(val) }
   end
   def unescape_value(value)

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: carwash
 version: !ruby/object:Gem::Version
-  version: 1.0.4
+  version: 1.0.5
 platform: ruby
 authors:
 - Nathan Clark
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2017-05-30 00:00:00.000000000 Z
+date: 2017-06-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler