crypt_keeper 0.18.1 → 0.18.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/gemfiles/activerecord_3_1.gemfile.lock +1 -1
  3. data/gemfiles/activerecord_3_2.gemfile.lock +1 -1
  4. data/gemfiles/activerecord_4_0.gemfile.lock +1 -1
  5. data/gemfiles/activerecord_4_1.gemfile.lock +1 -1
  6. data/lib/crypt_keeper/log_subscriber/mysql_aes.rb +4 -2
  7. data/lib/crypt_keeper/log_subscriber/postgres_pgp.rb +4 -2
  8. data/lib/crypt_keeper/version.rb +1 -1
  9. data/spec/log_subscriber/mysql_aes_spec.rb +61 -0
  10. data/spec/log_subscriber/postgres_pgp_spec.rb +5 -0
  11. metadata +4 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 546bb7aa3367ddbf34fd11da51b3b36532eb7486
4
- data.tar.gz: 175bc48b58322dd5a59b04ab885dde2f907d40a0
3
+ metadata.gz: 7f892ea12e8ebe78efc372c995b6046043839599
4
+ data.tar.gz: 5c058382eed934967e33b4cc4f68644712b4a4d9
5
5
  SHA512:
6
- metadata.gz: e76ab7631ea88e368017c1c33239f65a9a3f15edb84618134f776e4d8b947def43109f990cfff8d150adc313a39ddee0246be680c32a2aa924d4292cf3f343a4
7
- data.tar.gz: ce6e2576f67345a2922e72cc65fd4e03f80c1bc4b620fe45dabaef2f1305ed7754204b6b485fca675c88ef8c294bbb921669fc316773def314b2be06422ebb01
6
+ metadata.gz: 708f2a385bd0bab815a376dfc4252bf5791a76d53c29e1affdf633a046ebcc4811a27610175d40f3cb6bed1062cee33b1ebe22777298a217befbee39de6938c8
7
+ data.tar.gz: b6585ed554225f21b49cdc9384bd2a83e9601368430bd44282af3ae31b0e07c452fa3a9210f699204fb2dc3e35d4a1d9e35d8695f73e3ff92bfa0d3d2f147a29
data/gemfiles/activerecord_3_1.gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: ../
3
3
  specs:
4
- crypt_keeper (0.18.0)
4
+ crypt_keeper (0.18.1)
5
5
  activerecord (>= 3.1, < 4.2)
6
6
  activesupport (>= 3.1, < 4.2)
7
7
  aes (~> 0.5.0)
data/gemfiles/activerecord_3_2.gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: ../
3
3
  specs:
4
- crypt_keeper (0.18.0)
4
+ crypt_keeper (0.18.1)
5
5
  activerecord (>= 3.1, < 4.2)
6
6
  activesupport (>= 3.1, < 4.2)
7
7
  aes (~> 0.5.0)
data/gemfiles/activerecord_4_0.gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: ../
3
3
  specs:
4
- crypt_keeper (0.18.0)
4
+ crypt_keeper (0.18.1)
5
5
  activerecord (>= 3.1, < 4.2)
6
6
  activesupport (>= 3.1, < 4.2)
7
7
  aes (~> 0.5.0)
data/gemfiles/activerecord_4_1.gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: ../
3
3
  specs:
4
- crypt_keeper (0.18.0)
4
+ crypt_keeper (0.18.1)
5
5
  activerecord (>= 3.1, < 4.2)
6
6
  activesupport (>= 3.1, < 4.2)
7
7
  aes (~> 0.5.0)
data/lib/crypt_keeper/log_subscriber/mysql_aes.rb CHANGED
@@ -12,9 +12,11 @@ module CryptKeeper
12
12
 
13
13
  # Public: Prevents sensitive data from being logged
14
14
  def sql_with_mysql_aes(event)
15
- filter = /(aes_(encrypt|decrypt))\(.*\)/i
15
+ filter = /(aes_(encrypt|decrypt))\(.*\)/i
16
+ payload = event.payload[:sql]
17
+ .encode('UTF-8', 'binary', invalid: :replace, undef: :replace, replace: '')
16
18
 
17
- event.payload[:sql] = event.payload[:sql].gsub(filter) do |_|
19
+ event.payload[:sql] = payload.gsub(filter) do |_|
18
20
  "#{$1}([FILTERED])"
19
21
  end
20
22
 
data/lib/crypt_keeper/log_subscriber/postgres_pgp.rb CHANGED
@@ -12,9 +12,11 @@ module CryptKeeper
12
12
 
13
13
  # Public: Prevents sensitive data from being logged
14
14
  def sql_with_postgres_pgp(event)
15
- filter = /(\(*)pgp_(sym|pub)_(?<operation>decrypt|encrypt)(\(+.*\)+)/im
15
+ filter = /(\(*)pgp_(sym|pub)_(?<operation>decrypt|encrypt)(\(+.*\)+)/im
16
+ payload = event.payload[:sql]
17
+ .encode('UTF-8', 'binary', invalid: :replace, undef: :replace, replace: '')
16
18
 
17
- event.payload[:sql] = event.payload[:sql].gsub(filter) do |_|
19
+ event.payload[:sql] = payload.gsub(filter) do |_|
18
20
  "#{$~[:operation]}([FILTERED])"
19
21
  end
20
22
 
data/lib/crypt_keeper/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module CryptKeeper
2
- VERSION = "0.18.1"
2
+ VERSION = "0.18.2"
3
3
  end
data/spec/log_subscriber/mysql_aes_spec.rb ADDED
@@ -0,0 +1,61 @@
1
+ require 'spec_helper'
2
+
3
+ module CryptKeeper::LogSubscriber
4
+ describe MysqlAes do
5
+ use_mysql
6
+
7
+ context "AES encryption" do
8
+ # Fire the ActiveSupport.on_load
9
+ before do
10
+ CryptKeeper::Provider::MysqlAesNew.new key: 'secret', salt: 'salt'
11
+ end
12
+
13
+ subject { ::ActiveRecord::LogSubscriber.new }
14
+
15
+ let(:input_query) do
16
+ "SELECT aes_encrypt('encrypt_value', 'encrypt_key'), aes_decrypt('decrypt_value', 'decrypt_key') FROM DUAL;"
17
+ end
18
+
19
+ let(:output_query) do
20
+ "SELECT aes_encrypt([FILTERED]) FROM DUAL;"
21
+ end
22
+
23
+ let(:input_search_query) do
24
+ "SELECT \"sensitive_data\".* FROM \"sensitive_data\" WHERE ((aes_decrypt('f'), 'tool') = 'blah')) AND secret = 'testing'"
25
+ end
26
+
27
+ let(:output_search_query) do
28
+ "SELECT \"sensitive_data\".* FROM \"sensitive_data\" WHERE ((aes_decrypt([FILTERED]) AND secret = 'testing'"
29
+ end
30
+
31
+ it "filters aes functions" do
32
+ subject.should_receive(:sql_without_mysql_aes) do |event|
33
+ event.payload[:sql].should == output_query
34
+ end
35
+
36
+ subject.sql(ActiveSupport::Notifications::Event.new(:sql, 1, 1, 1, { sql: input_query }))
37
+ end
38
+
39
+ it "filters aes functions in lowercase" do
40
+ subject.should_receive(:sql_without_mysql_aes) do |event|
41
+ event.payload[:sql].should == output_query.downcase.gsub(/filtered/, 'FILTERED')
42
+ end
43
+
44
+ subject.sql(ActiveSupport::Notifications::Event.new(:sql, 1, 1, 1, { sql: input_query.downcase }))
45
+ end
46
+
47
+ it "filters aes functions when searching" do
48
+ subject.should_receive(:sql_without_mysql_aes) do |event|
49
+ event.payload[:sql].should == output_search_query
50
+ end
51
+
52
+ subject.sql(ActiveSupport::Notifications::Event.new(:sql, 1, 1, 1, { sql: input_search_query }))
53
+ end
54
+
55
+ it "forces string encodings" do
56
+ string_encoding_query = "SELECT aes_encrypt('hi \255', 'test')"
57
+ subject.sql(ActiveSupport::Notifications::Event.new(:sql, 1, 1, 1, { sql: string_encoding_query }))
58
+ end
59
+ end
60
+ end
61
+ end
data/spec/log_subscriber/postgres_pgp_spec.rb CHANGED
@@ -51,6 +51,11 @@ module CryptKeeper::LogSubscriber
51
51
 
52
52
  subject.sql(ActiveSupport::Notifications::Event.new(:sql, 1, 1, 1, { sql: input_search_query }))
53
53
  end
54
+
55
+ it "forces string encodings" do
56
+ string_encoding_query = "SELECT pgp_sym_encrypt('hi \255', 'test')"
57
+ subject.sql(ActiveSupport::Notifications::Event.new(:sql, 1, 1, 1, { sql: string_encoding_query }))
58
+ end
54
59
  end
55
60
 
56
61
  context "Public key encryption" do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: crypt_keeper
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.18.1
4
+ version: 0.18.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Justin Mazzi
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-06-14 00:00:00.000000000 Z
11
+ date: 2014-08-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activerecord
@@ -260,6 +260,7 @@ files:
260
260
  - spec/default.database.yml
261
261
  - spec/fixtures/private.asc
262
262
  - spec/fixtures/public.asc
263
+ - spec/log_subscriber/mysql_aes_spec.rb
263
264
  - spec/log_subscriber/postgres_pgp_spec.rb
264
265
  - spec/model_spec.rb
265
266
  - spec/provider/aes_new_spec.rb
@@ -299,6 +300,7 @@ test_files:
299
300
  - spec/default.database.yml
300
301
  - spec/fixtures/private.asc
301
302
  - spec/fixtures/public.asc
303
+ - spec/log_subscriber/mysql_aes_spec.rb
302
304
  - spec/log_subscriber/postgres_pgp_spec.rb
303
305
  - spec/model_spec.rb
304
306
  - spec/provider/aes_new_spec.rb