credit_card_sanitizer 0.2.10 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9dc65743cee097af71731792951b75869f841751
-  data.tar.gz: 48b148cfc9d284e39b8aee68bb5e66806395983d
+  metadata.gz: d5ae372ef59ad6ef19b7378a2d4ed5f566dd4675
+  data.tar.gz: a5fc65e8197b308cf57f4c1e845338b7826c4680
 SHA512:
-  metadata.gz: 2eeb65e7811c1e45ba55c173eb5eca6ffc92c9cd935048e063ab195f33be0e29315a75f103844978640be680153ccf340b7128d8d3ca57e3ff4f649a44832d79
-  data.tar.gz: 7c2a97ff0c1bfe2a2cffe1a708461659e714491e68baa8920efc7f4a4392959f831823e49e46dcba2938b9803ac6ee8204a0d2e40b4aab2d51b36b22250d030d
+  metadata.gz: 3b48c055c87b0e35ad221edc2237ee93c854ff99bdd022993403040c291b81cf15c57c3c65dfcf4976dcf2684cec0ec1a13d03007b3a9c4a2462c7934c1d031a
+  data.tar.gz: 20fc3896f0d93523dc43d3cf966171f3959314631f43017579afbadba265a8c9b15a7ec29a858ea5af29423d61904b4a80cdc7465c596553ed13bc8241ed45ac

data/lib/credit_card_sanitizer.rb

@@ -4,11 +4,7 @@ require 'luhn_checksum'
 
 class CreditCardSanitizer
 
-  LINE_NOISE = /[^\w_\n,()\/:]{0,8}/
-  # 12-19 digits explanation: https://en.wikipedia.org/wiki/Primary_Account_Number#Issuer_identification_number_.28IIN.29
-  NUMBERS_WITH_LINE_NOISE = /\d(?:#{LINE_NOISE}\d#{LINE_NOISE}){10,17}\d/
-
-  # Taken from https://github.com/Shopify/active_merchant/blob/master/lib/active_merchant/billing/credit_card_methods.rb#L7-L20
+  # https://github.com/Shopify/active_merchant/blob/master/lib/active_merchant/billing/credit_card_methods.rb#L5-L18
   CARD_COMPANIES = {
     'visa'               => /^4\d{12}(\d{3})?$/,
     'master'             => /^(5[1-5]\d{4}|677189)\d{10}$/,
@@ -24,54 +20,108 @@ class CreditCardSanitizer
     'laser'              => /^(6304|6706|6709|6771(?!89))\d{8}(\d{4}|\d{6,7})?$/
   }
   VALID_COMPANY_PREFIXES = Regexp.union(*CARD_COMPANIES.values)
-
-  def self.parameter_filter
-    Proc.new { |_, value| new.sanitize!(value) if value.is_a?(String) }
-  end
-
-  def initialize(replacement_token = 'X', replace_first = 6, replace_last = 4)
-    @replacement_token, @replace_first, @replace_last = replacement_token, replace_first, replace_last
+  LINE_NOISE = /[^\w_\n,()\/:]{,5}/
+  SCHEME = /((?:[a-zA-Z][\-+.a-zA-Z\d]{,9}):\S+)/
+  NUMBERS_WITH_LINE_NOISE = /#{SCHEME}?\d(?:#{LINE_NOISE}\d#{LINE_NOISE}){10,17}\d/
+
+  attr_reader :replacement_token, :expose_first, :expose_last
+
+  # Create a new CreditCardSanitizer
+  #
+  # Options
+  #
+  # :replacement_character - the character that will replace digits for redaction.
+  # :expose_first - the number of leading digits that will not be redacted.
+  # :expose_last - the number of ending digits that will not be redacted.
+  #
+  def initialize(options = {})
+    @replacement_token = options.fetch(:replacement_token, '▇')
+    @expose_first = options.fetch(:expose_first, 6)
+    @expose_last = options.fetch(:expose_last, 4)
   end
 
+  # Finds credit card numbers and redacts digits from them
+  #
+  # text - the text containing potential credit card numbers
+  #
+  # Examples
+  #
+  #   # If the text contains a credit card number:
+  #   sanitize!("4111 1111 1111 1111")
+  #   #=> "4111 11▇▇ ▇▇▇▇ 1111"
+  #
+  #   # If the text does not contain a credit card number:
+  #   sanitize!("I want all your credit card numbers!")
+  #   #=> nil
+  #
+  # Returns a String of the redacted text if a credit card number was detected.
+  # Returns nil if no credit card numbers were detected.
   def sanitize!(text)
-    replaced = nil
-
     to_utf8!(text)
 
+    redacted = nil
     text.gsub!(NUMBERS_WITH_LINE_NOISE) do |match|
-      numbers = match.gsub(/\D/, '')
+      next if $1
+      @numbers = match.tr('^0-9', '')
 
-      if LuhnChecksum.valid?(numbers) && valid_prefix?(numbers)
-        replaced = true
-        replace_numbers!(match, numbers.size - @replace_last)
+      if valid_numbers?
+        redacted = true
+        redact_numbers!(match)
       end
 
       match
     end
 
-    replaced && text
+    redacted && text
   end
 
+  # A proc that can be used
+  #
+  # text - the text containing potential credit card numbers
+  #
+  # Examples
+  #
+  #  Rails.app.config.filter_parameters = [:password, CreditCardSanitizer.parameter_filter]
+  #
+  #  env = {
+  #    "action_dispatch.request.parameters" => {"credit_card_number" => "123 4512 3451 2348", "password" => "123"},
+  #   "action_dispatch.parameter_filter" => Rails.app.config.filter_parameters
+  #  }
+  #
+  #  >> ActionDispatch::Request.new(env).filtered_parameters
+  #  => {"credit_card_number" => "123 451X XXXX 2348", "password" => "[FILTERED]"}
+  #
+  # Returns a Proc that takes the key/value of the request parameter.
+  def self.parameter_filter
+    Proc.new { |_, value| new.sanitize!(value) if value.is_a?(String) }
+  end
+
+  private
+
   def valid_prefix?(numbers)
     !!(numbers =~ VALID_COMPANY_PREFIXES)
   end
 
-  private
+  def valid_numbers?
+    LuhnChecksum.valid?(@numbers) && valid_prefix?(@numbers)
+  end
 
-  def replace_numbers!(text, replacement_limit)
-    # Leave the first @replace_first and last @replace_last numbers visible
+  def redact_numbers!(text)
     digit_index = 0
 
     text.gsub!(/\d/) do |number|
-      digit_index += 1
-      if digit_index > @replace_first && digit_index <= replacement_limit
-        @replacement_token
+      if within_redaction_range?(digit_index += 1)
+        replacement_token
       else
         number
       end
     end
   end
 
+  def within_redaction_range?(digit_index)
+    digit_index > expose_first && digit_index <= @numbers.size - expose_last
+  end
+
   if ''.respond_to?(:scrub)
     def to_utf8!(str)
       str.force_encoding(Encoding::UTF_8)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: credit_card_sanitizer
 version: !ruby/object:Gem::Version
-  version: 0.2.10
+  version: 0.3.0
 platform: ruby
 authors:
 - Eric Chapweske
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-10-13 00:00:00.000000000 Z
+date: 2014-10-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: appraisal