crypt_keeper 0.18.1 → 0.18.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/gemfiles/activerecord_3_1.gemfile.lock +1 -1
  3. data/gemfiles/activerecord_3_2.gemfile.lock +1 -1
  4. data/gemfiles/activerecord_4_0.gemfile.lock +1 -1
  5. data/gemfiles/activerecord_4_1.gemfile.lock +1 -1
  6. data/lib/crypt_keeper/log_subscriber/mysql_aes.rb +4 -2
  7. data/lib/crypt_keeper/log_subscriber/postgres_pgp.rb +4 -2
  8. data/lib/crypt_keeper/version.rb +1 -1
  9. data/spec/log_subscriber/mysql_aes_spec.rb +61 -0
  10. data/spec/log_subscriber/postgres_pgp_spec.rb +5 -0
  11. metadata +4 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 546bb7aa3367ddbf34fd11da51b3b36532eb7486
4
- data.tar.gz: 175bc48b58322dd5a59b04ab885dde2f907d40a0
3
+ metadata.gz: 7f892ea12e8ebe78efc372c995b6046043839599
4
+ data.tar.gz: 5c058382eed934967e33b4cc4f68644712b4a4d9
5
5
  SHA512:
6
- metadata.gz: e76ab7631ea88e368017c1c33239f65a9a3f15edb84618134f776e4d8b947def43109f990cfff8d150adc313a39ddee0246be680c32a2aa924d4292cf3f343a4
7
- data.tar.gz: ce6e2576f67345a2922e72cc65fd4e03f80c1bc4b620fe45dabaef2f1305ed7754204b6b485fca675c88ef8c294bbb921669fc316773def314b2be06422ebb01
6
+ metadata.gz: 708f2a385bd0bab815a376dfc4252bf5791a76d53c29e1affdf633a046ebcc4811a27610175d40f3cb6bed1062cee33b1ebe22777298a217befbee39de6938c8
7
+ data.tar.gz: b6585ed554225f21b49cdc9384bd2a83e9601368430bd44282af3ae31b0e07c452fa3a9210f699204fb2dc3e35d4a1d9e35d8695f73e3ff92bfa0d3d2f147a29
data/gemfiles/activerecord_3_1.gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: ../
3
3
  specs:
4
- crypt_keeper (0.18.0)
4
+ crypt_keeper (0.18.1)
5
5
  activerecord (>= 3.1, < 4.2)
6
6
  activesupport (>= 3.1, < 4.2)
7
7
  aes (~> 0.5.0)
data/gemfiles/activerecord_3_2.gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: ../
3
3
  specs:
4
- crypt_keeper (0.18.0)
4
+ crypt_keeper (0.18.1)
5
5
  activerecord (>= 3.1, < 4.2)
6
6
  activesupport (>= 3.1, < 4.2)
7
7
  aes (~> 0.5.0)
data/gemfiles/activerecord_4_0.gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: ../
3
3
  specs:
4
- crypt_keeper (0.18.0)
4
+ crypt_keeper (0.18.1)
5
5
  activerecord (>= 3.1, < 4.2)
6
6
  activesupport (>= 3.1, < 4.2)
7
7
  aes (~> 0.5.0)
data/gemfiles/activerecord_4_1.gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: ../
3
3
  specs:
4
- crypt_keeper (0.18.0)
4
+ crypt_keeper (0.18.1)
5
5
  activerecord (>= 3.1, < 4.2)
6
6
  activesupport (>= 3.1, < 4.2)
7
7
  aes (~> 0.5.0)
data/lib/crypt_keeper/log_subscriber/mysql_aes.rb CHANGED
@@ -12,9 +12,11 @@ module CryptKeeper
12
12
 
13
13
  # Public: Prevents sensitive data from being logged
14
14
  def sql_with_mysql_aes(event)
15
- filter = /(aes_(encrypt|decrypt))\(.*\)/i
15
+ filter = /(aes_(encrypt|decrypt))\(.*\)/i
16
+ payload = event.payload[:sql]
17
+ .encode('UTF-8', 'binary', invalid: :replace, undef: :replace, replace: '')
16
18
 
17
- event.payload[:sql] = event.payload[:sql].gsub(filter) do |_|
19
+ event.payload[:sql] = payload.gsub(filter) do |_|
18
20
  "#{$1}([FILTERED])"
19
21
  end
20
22
 
data/lib/crypt_keeper/log_subscriber/postgres_pgp.rb CHANGED
@@ -12,9 +12,11 @@ module CryptKeeper
12
12
 
13
13
  # Public: Prevents sensitive data from being logged
14
14
  def sql_with_postgres_pgp(event)
15
- filter = /(\(*)pgp_(sym|pub)_(?<operation>decrypt|encrypt)(\(+.*\)+)/im
15
+ filter = /(\(*)pgp_(sym|pub)_(?<operation>decrypt|encrypt)(\(+.*\)+)/im
16
+ payload = event.payload[:sql]
17
+ .encode('UTF-8', 'binary', invalid: :replace, undef: :replace, replace: '')
16
18
 
17
- event.payload[:sql] = event.payload[:sql].gsub(filter) do |_|
19
+ event.payload[:sql] = payload.gsub(filter) do |_|
18
20
  "#{$~[:operation]}([FILTERED])"
19
21
  end
20
22
 
data/lib/crypt_keeper/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module CryptKeeper
2
- VERSION = "0.18.1"
2
+ VERSION = "0.18.2"
3
3
  end
data/spec/log_subscriber/mysql_aes_spec.rb ADDED
@@ -0,0 +1,61 @@
1
+ require 'spec_helper'
2
+
3
+ module CryptKeeper::LogSubscriber
4
+ describe MysqlAes do
5
+ use_mysql
6
+
7
+ context "AES encryption" do
8
+ # Fire the ActiveSupport.on_load
9
+ before do
10
+ CryptKeeper::Provider::MysqlAesNew.new key: 'secret', salt: 'salt'
11
+ end
12
+
13
+ subject { ::ActiveRecord::LogSubscriber.new }
14
+
15
+ let(:input_query) do
16
+ "SELECT aes_encrypt('encrypt_value', 'encrypt_key'), aes_decrypt('decrypt_value', 'decrypt_key') FROM DUAL;"
17
+ end
18
+
19
+ let(:output_query) do
20
+ "SELECT aes_encrypt([FILTERED]) FROM DUAL;"
21
+ end
22
+
23
+ let(:input_search_query) do
24
+ "SELECT \"sensitive_data\".* FROM \"sensitive_data\" WHERE ((aes_decrypt('f'), 'tool') = 'blah')) AND secret = 'testing'"
25
+ end
26
+
27
+ let(:output_search_query) do
28
+ "SELECT \"sensitive_data\".* FROM \"sensitive_data\" WHERE ((aes_decrypt([FILTERED]) AND secret = 'testing'"
29
+ end
30
+
31
+ it "filters aes functions" do
32
+ subject.should_receive(:sql_without_mysql_aes) do |event|
33
+ event.payload[:sql].should == output_query
34
+ end
35
+
36
+ subject.sql(ActiveSupport::Notifications::Event.new(:sql, 1, 1, 1, { sql: input_query }))
37
+ end
38
+
39
+ it "filters aes functions in lowercase" do
40
+ subject.should_receive(:sql_without_mysql_aes) do |event|
41
+ event.payload[:sql].should == output_query.downcase.gsub(/filtered/, 'FILTERED')
42
+ end
43
+
44
+ subject.sql(ActiveSupport::Notifications::Event.new(:sql, 1, 1, 1, { sql: input_query.downcase }))
45
+ end
46
+
47
+ it "filters aes functions when searching" do
48
+ subject.should_receive(:sql_without_mysql_aes) do |event|
49
+ event.payload[:sql].should == output_search_query
50
+ end
51
+
52
+ subject.sql(ActiveSupport::Notifications::Event.new(:sql, 1, 1, 1, { sql: input_search_query }))
53
+ end
54
+
55
+ it "forces string encodings" do
56
+ string_encoding_query = "SELECT aes_encrypt('hi \255', 'test')"
57
+ subject.sql(ActiveSupport::Notifications::Event.new(:sql, 1, 1, 1, { sql: string_encoding_query }))
58
+ end
59
+ end
60
+ end
61
+ end
data/spec/log_subscriber/postgres_pgp_spec.rb CHANGED
@@ -51,6 +51,11 @@ module CryptKeeper::LogSubscriber
51
51
 
52
52
  subject.sql(ActiveSupport::Notifications::Event.new(:sql, 1, 1, 1, { sql: input_search_query }))
53
53
  end
54
+
55
+ it "forces string encodings" do
56
+ string_encoding_query = "SELECT pgp_sym_encrypt('hi \255', 'test')"
57
+ subject.sql(ActiveSupport::Notifications::Event.new(:sql, 1, 1, 1, { sql: string_encoding_query }))
58
+ end
54
59
  end
55
60
 
56
61
  context "Public key encryption" do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: crypt_keeper
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.18.1
4
+ version: 0.18.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Justin Mazzi
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-06-14 00:00:00.000000000 Z
11
+ date: 2014-08-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activerecord
@@ -260,6 +260,7 @@ files:
260
260
  - spec/default.database.yml
261
261
  - spec/fixtures/private.asc
262
262
  - spec/fixtures/public.asc
263
+ - spec/log_subscriber/mysql_aes_spec.rb
263
264
  - spec/log_subscriber/postgres_pgp_spec.rb
264
265
  - spec/model_spec.rb
265
266
  - spec/provider/aes_new_spec.rb
@@ -299,6 +300,7 @@ test_files:
299
300
  - spec/default.database.yml
300
301
  - spec/fixtures/private.asc
301
302
  - spec/fixtures/public.asc
303
+ - spec/log_subscriber/mysql_aes_spec.rb
302
304
  - spec/log_subscriber/postgres_pgp_spec.rb
303
305
  - spec/model_spec.rb
304
306
  - spec/provider/aes_new_spec.rb