data_redactor 0.5.0 → 0.7.0

data/ext/data_redactor/redact.c

@@ -0,0 +1,160 @@
+#include "redact.h"
+#include "patterns.h"
+#include "placeholder.h"
+#include "custom_patterns.h"
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+char *wrap_boundary(const char *core) {
+    const char *prefix = "(^|[^0-9A-Za-z])(";
+    const char *suffix = ")([^0-9A-Za-z]|$)";
+    size_t len = strlen(prefix) + strlen(core) + strlen(suffix) + 1;
+    char *buf = (char *)malloc(len);
+    if (!buf) return NULL;
+    snprintf(buf, len, "%s%s%s", prefix, core, suffix);
+    return buf;
+}
+
+/*
+ * Replace all occurrences of a compiled pattern in `input` with PLACEHOLDER.
+ *
+ * If `use_boundary` is non-zero the pattern was compiled as:
+ *   (^|[^0-9A-Za-z])(CORE)([^0-9A-Za-z]|$)
+ * groups: [0]=full match  [1]=left boundary  [2]=CORE  [3]=right boundary
+ * We pass nmatch=4 so the engine fills all four slots, then use matches[1].rm_eo
+ * and matches[3].rm_so to locate the exact CORE span. The boundary characters
+ * are copied back verbatim so they are not lost.
+ */
+char *replace_all_matches(regex_t *pattern, const char *input,
+                          int use_boundary, const placeholder_t *ph) {
+    size_t ph_max   = max_placeholder_len(ph);
+    size_t out_cap  = strlen(input) * 2 + 512;
+    char *output = (char *)malloc(out_cap);
+    if (!output) return NULL;
+
+    char *ph_buf = (char *)malloc(ph_max + 1);
+    if (!ph_buf) { free(output); return NULL; }
+
+    size_t out_len = 0;
+    const char *cursor = input;
+    regmatch_t matches[4];
+
+    while (regexec(pattern, cursor, 4, matches, 0) == 0) {
+        regoff_t full_so = matches[0].rm_so;
+        regoff_t full_eo = matches[0].rm_eo;
+
+        if (full_so < 0 || full_eo < full_so) break;
+
+        regoff_t core_so = full_so;
+        regoff_t core_eo = full_eo;
+
+        if (use_boundary) {
+            if (matches[1].rm_so >= 0 && matches[1].rm_eo > matches[1].rm_so)
+                core_so = matches[1].rm_eo;
+            if (matches[3].rm_so >= 0 && matches[3].rm_eo > matches[3].rm_so)
+                core_eo = matches[3].rm_so;
+        }
+
+        size_t prefix_len = (size_t)core_so;
+        size_t suffix_len = (size_t)(full_eo - core_eo);
+        size_t match_len  = (size_t)(full_eo - full_so);
+        size_t core_len   = (size_t)(core_eo - core_so);
+
+        size_t ph_len = write_placeholder(ph_buf, ph, cursor + core_so, core_len);
+
+        size_t needed = out_len + prefix_len + ph_len + suffix_len + strlen(cursor + full_eo) + 1;
+        if (needed > out_cap) {
+            out_cap = needed * 2;
+            char *tmp = (char *)realloc(output, out_cap);
+            if (!tmp) { free(output); free(ph_buf); return NULL; }
+            output = tmp;
+        }
+
+        memcpy(output + out_len, cursor, prefix_len);
+        out_len += prefix_len;
+
+        memcpy(output + out_len, ph_buf, ph_len);
+        out_len += ph_len;
+
+        if (suffix_len > 0) {
+            memcpy(output + out_len, cursor + core_eo, suffix_len);
+            out_len += suffix_len;
+        }
+
+        cursor += full_eo;
+
+        if (match_len == 0) {
+            if (*cursor) output[out_len++] = *cursor++;
+            else break;
+        }
+    }
+    free(ph_buf);
+
+    size_t tail_len = strlen(cursor);
+    size_t needed = out_len + tail_len + 1;
+    if (needed > out_cap) {
+        out_cap = needed;
+        char *tmp = (char *)realloc(output, out_cap);
+        if (!tmp) { free(output); return NULL; }
+        output = tmp;
+    }
+    memcpy(output + out_len, cursor, tail_len);
+    out_len += tail_len;
+    output[out_len] = '\0';
+
+    return output;
+}
+
+/* Look up the i-th entry of the enable_bits Array. Out-of-bounds → 0 (skip). */
+static inline int enable_bit(VALUE rb_enable_bits, long i) {
+    if (i < 0 || i >= RARRAY_LEN(rb_enable_bits)) return 0;
+    VALUE v = rb_ary_entry(rb_enable_bits, i);
+    return RTEST(v) && NUM2INT(v) != 0;
+}
+
+VALUE rb_data_redactor_redact(VALUE self, VALUE rb_text,
+                              VALUE rb_ph_mode, VALUE rb_ph_str,
+                              VALUE rb_enable_bits) {
+    Check_Type(rb_text,         T_STRING);
+    Check_Type(rb_ph_str,       T_STRING);
+    Check_Type(rb_enable_bits,  T_ARRAY);
+
+    int ph_mode = NUM2INT(rb_ph_mode);
+    const char *ph_str_plain = StringValueCStr(rb_ph_str);
+
+    const char *input = StringValueCStr(rb_text);
+    char *working = strdup(input);
+    if (!working) rb_raise(rb_eNoMemError, "strdup failed");
+
+    placeholder_t ph;
+    ph.mode = ph_mode;
+
+    for (int i = 0; i < NUM_PATTERNS; i++) {
+        if (!enable_bit(rb_enable_bits, i)) continue;
+        ph.str = (ph_mode == PLACEHOLDER_MODE_PLAIN)
+                     ? ph_str_plain
+                     : tag_name_for_bit(pattern_tags[i]);
+        char *result = replace_all_matches(&compiled_patterns[i], working,
+                                           boundary_wrapped[i], &ph);
+        free(working);
+        if (!result) rb_raise(rb_eNoMemError, "replace_all_matches allocation failed");
+        working = result;
+    }
+
+    for (int i = 0; i < custom_count; i++) {
+        if (!enable_bit(rb_enable_bits, NUM_PATTERNS + i)) continue;
+        ph.str = (ph_mode == PLACEHOLDER_MODE_PLAIN)
+                     ? ph_str_plain
+                     : tag_name_for_bit(custom_patterns[i].tag);
+        char *result = replace_all_matches(&custom_patterns[i].compiled, working,
+                                           custom_patterns[i].boundary, &ph);
+        free(working);
+        if (!result) rb_raise(rb_eNoMemError, "replace_all_matches allocation failed (custom)");
+        working = result;
+    }
+
+    VALUE rb_result = rb_str_new_cstr(working);
+    free(working);
+    return rb_result;
+}

data/ext/data_redactor/redact.h

@@ -0,0 +1,35 @@
+#ifndef DATA_REDACTOR_REDACT_H
+#define DATA_REDACTOR_REDACT_H
+
+#include <ruby.h>
+#include <regex.h>
+#include "placeholder.h"
+
+/*
+ * Build a boundary-wrapped version of a pattern:
+ *   (^|[^0-9A-Za-z])(PATTERN)([^0-9A-Za-z]|$)
+ * Caller must free the returned string.
+ */
+char *wrap_boundary(const char *core);
+
+/*
+ * Replace all occurrences of a compiled pattern in `input` with the placeholder.
+ * Returns a newly malloc'd string (caller must free), or NULL on allocation failure.
+ */
+char *replace_all_matches(regex_t *pattern, const char *input,
+                          int use_boundary, const placeholder_t *ph);
+
+/*
+ * DataRedactor._redact(text, ph_mode, ph_str, enable_bits) -> String
+ *
+ * `enable_bits` is an Array of Integers, one per pattern index. The first
+ * NUM_PATTERNS entries cover built-ins; any extra entries cover currently
+ * registered custom patterns in registration order. A 0 entry skips that
+ * pattern entirely; non-zero runs it. The Ruby layer compiles `only:` /
+ * `except:` (mixed Symbol+String) into this array.
+ */
+VALUE rb_data_redactor_redact(VALUE self, VALUE rb_text,
+                              VALUE rb_ph_mode, VALUE rb_ph_str,
+                              VALUE rb_enable_bits);
+
+#endif

data/ext/data_redactor/scan.c

@@ -0,0 +1,131 @@
+#include "scan.h"
+#include "patterns.h"
+#include "placeholder.h"
+#include "custom_patterns.h"
+#include "redact.h"
+#include <regex.h>
+#include <string.h>
+#include <stdlib.h>
+
+/*
+ * To map working-buffer positions back to original-string positions we
+ * maintain a log of every replacement already applied. Each entry records
+ * where in the *working* buffer the replacement started (after all prior
+ * replacements) and how many bytes were removed (orig_len) vs. inserted
+ * (always 10, the length of "[REDACTED]").
+ *
+ * For a new match at working position W:
+ *   cumulative_shift_before_W = sum of (10 - orig_len) for all prior
+ *                               replacements whose working_pos <= W
+ *   original_pos = W - cumulative_shift_before_W
+ */
+/* Look up the i-th entry of the enable_bits Array. Out-of-bounds → 0 (skip). */
+static inline int scan_enable_bit(VALUE rb_enable_bits, long i) {
+    if (i < 0 || i >= RARRAY_LEN(rb_enable_bits)) return 0;
+    VALUE v = rb_ary_entry(rb_enable_bits, i);
+    return RTEST(v) && NUM2INT(v) != 0;
+}
+
+VALUE rb_data_redactor_scan(VALUE self, VALUE rb_text, VALUE rb_enable_bits) {
+    Check_Type(rb_text,        T_STRING);
+    Check_Type(rb_enable_bits, T_ARRAY);
+
+    const char *input = StringValueCStr(rb_text);
+
+    static const placeholder_t ph_default = { PLACEHOLDER_MODE_PLAIN, "[REDACTED]" };
+
+    char *working = strdup(input);
+    if (!working) rb_raise(rb_eNoMemError, "strdup failed");
+
+    VALUE matches_arr = rb_ary_new();
+
+    typedef struct { long wpos; long orig_len; } repl_t;
+    repl_t *repl_log = NULL;
+    int     repl_count = 0;
+    int     repl_cap   = 0;
+
+    #define REPL_LOG_PUSH(_wpos, _olen) do {                                  \
+        if (repl_count >= repl_cap) {                                         \
+            int _nc = repl_cap == 0 ? 16 : repl_cap * 2;                     \
+            repl_t *_t = (repl_t *)realloc(repl_log, sizeof(repl_t) * _nc);  \
+            if (!_t) { free(repl_log); free(working); rb_raise(rb_eNoMemError, "repl_log"); } \
+            repl_log = _t; repl_cap = _nc;                                    \
+        }                                                                     \
+        repl_log[repl_count].wpos     = (_wpos);                              \
+        repl_log[repl_count].orig_len = (_olen);                              \
+        repl_count++;                                                         \
+    } while (0)
+
+    #define WORKING_TO_ORIG(_wpos) ({                                         \
+        long _shift = 0;                                                      \
+        for (int _ri = 0; _ri < repl_count; _ri++) {                         \
+            if (repl_log[_ri].wpos <= (_wpos))                                \
+                _shift += 10 - repl_log[_ri].orig_len;                       \
+        }                                                                     \
+        (_wpos) - _shift;                                                     \
+    })
+
+    #define COLLECT_AND_REPLACE(pat, use_bnd, tag_bit, pat_name) do {        \
+        const char *_cur = working;                                           \
+        regmatch_t _m[4];                                                     \
+        while (regexec((pat), _cur, 4, _m, 0) == 0) {                        \
+            regoff_t _fso = _m[0].rm_so, _feo = _m[0].rm_eo;                 \
+            if (_fso < 0 || _feo < _fso) break;                               \
+            regoff_t _cso = _fso, _ceo = _feo;                                \
+            if (use_bnd) {                                                    \
+                if (_m[1].rm_so >= 0 && _m[1].rm_eo > _m[1].rm_so)          \
+                    _cso = _m[1].rm_eo;                                       \
+                if (_m[3].rm_so >= 0 && _m[3].rm_eo > _m[3].rm_so)          \
+                    _ceo = _m[3].rm_so;                                       \
+            }                                                                 \
+            size_t _vlen = (size_t)(_ceo - _cso);                             \
+            long _wpos   = (long)(_cur - working) + (long)_cso;              \
+            long _orig   = WORKING_TO_ORIG(_wpos);                            \
+            VALUE _match = rb_hash_new();                                     \
+            rb_hash_aset(_match, ID2SYM(rb_intern("tag")),                    \
+                         ID2SYM(rb_intern(tag_name_for_bit(tag_bit))));       \
+            rb_hash_aset(_match, ID2SYM(rb_intern("name")),                  \
+                         rb_str_new_cstr(pat_name));                          \
+            rb_hash_aset(_match, ID2SYM(rb_intern("value")),                 \
+                         rb_str_new(_cur + _cso, _vlen));                     \
+            rb_hash_aset(_match, ID2SYM(rb_intern("start")),                 \
+                         LONG2NUM(_orig));                                    \
+            rb_hash_aset(_match, ID2SYM(rb_intern("length")),                \
+                         LONG2NUM((long)_vlen));                              \
+            rb_ary_push(matches_arr, _match);                                 \
+            REPL_LOG_PUSH(_wpos, (long)_vlen);                                \
+            if (_feo == _fso) { if (*_cur) _cur++; else break; }             \
+            else _cur += _feo;                                                \
+        }                                                                     \
+        char *_next = replace_all_matches((pat), working, (use_bnd), &ph_default); \
+        free(working);                                                        \
+        if (!_next) { free(repl_log); rb_raise(rb_eNoMemError, "replace_all_matches failed in scan"); } \
+        working = _next;                                                      \
+    } while (0)
+
+    for (int i = 0; i < NUM_PATTERNS; i++) {
+        if (!scan_enable_bit(rb_enable_bits, i)) continue;
+        COLLECT_AND_REPLACE(&compiled_patterns[i], boundary_wrapped[i],
+                            pattern_tags[i], pattern_names[i]);
+    }
+
+    for (int i = 0; i < custom_count; i++) {
+        if (!scan_enable_bit(rb_enable_bits, NUM_PATTERNS + i)) continue;
+        COLLECT_AND_REPLACE(&custom_patterns[i].compiled,
+                            custom_patterns[i].boundary,
+                            custom_patterns[i].tag, custom_patterns[i].name);
+    }
+
+    #undef COLLECT_AND_REPLACE
+    #undef WORKING_TO_ORIG
+    #undef REPL_LOG_PUSH
+
+    free(repl_log);
+
+    VALUE result = rb_hash_new();
+    VALUE rb_redacted = rb_str_new_cstr(working);
+    free(working);
+    rb_hash_aset(result, ID2SYM(rb_intern("redacted")), rb_redacted);
+    rb_hash_aset(result, ID2SYM(rb_intern("matches")),  matches_arr);
+    return result;
+}

data/ext/data_redactor/scan.h

@@ -0,0 +1,12 @@
+#ifndef DATA_REDACTOR_SCAN_H
+#define DATA_REDACTOR_SCAN_H
+
+#include <ruby.h>
+
+/*
+ * DataRedactor._scan(text, enable_bits) -> { redacted: String, matches: Array<Hash> }
+ * enable_bits: same per-pattern 0/1 array as _redact.
+ */
+VALUE rb_data_redactor_scan(VALUE self, VALUE rb_text, VALUE rb_enable_bits);
+
+#endif

data/ext/data_redactor/tags.h

@@ -0,0 +1,24 @@
+#ifndef DATA_REDACTOR_TAGS_H
+#define DATA_REDACTOR_TAGS_H
+
+/*
+ * Tag bits. Each pattern belongs to exactly one tag. Callers can pass a
+ * bitmask to restrict which patterns run (only / except). The default mask
+ * (TAG_ALL) runs every pattern and matches the historical behaviour of
+ * `redact(text)` with no second argument.
+ */
+#define TAG_CREDENTIALS  (1 << 0)
+#define TAG_FINANCIAL    (1 << 1)
+#define TAG_TAX_ID       (1 << 2)
+#define TAG_NATIONAL_ID  (1 << 3)
+#define TAG_CONTACT      (1 << 4)
+#define TAG_NETWORK      (1 << 5)
+#define TAG_TRAVEL       (1 << 6)
+#define TAG_OTHER        (1 << 7)
+#define TAG_CUSTOM       (1 << 8)
+#define TAG_BUILTIN_ALL  (TAG_CREDENTIALS | TAG_FINANCIAL | TAG_TAX_ID | \
+                          TAG_NATIONAL_ID | TAG_CONTACT | TAG_NETWORK | \
+                          TAG_TRAVEL | TAG_OTHER)
+#define TAG_ALL          (TAG_BUILTIN_ALL | TAG_CUSTOM)
+
+#endif

data/lib/data_redactor/integrations/logger.rb

@@ -0,0 +1,42 @@
+require "logger"
+require "data_redactor"
+
+module DataRedactor
+  module Integrations
+    # Logger formatter that runs every log message through {DataRedactor.redact}
+    # before delegating to an inner formatter.
+    #
+    # @example Drop-in replacement for Ruby's default formatter
+    #   logger = Logger.new($stdout)
+    #   logger.formatter = DataRedactor::Integrations::Logger.new
+    #   logger.info("Auth failed for user alice@example.com")
+    #   # => "I, [...] -- : Auth failed for user [REDACTED]"
+    #
+    # @example Wrapping an existing formatter (e.g. Rails JSON logger)
+    #   logger.formatter = DataRedactor::Integrations::Logger.new(
+    #     inner: Rails.logger.formatter,
+    #     only:  [:credentials, :contact]
+    #   )
+    class Logger
+      # @param inner [#call, nil] formatter to wrap. Defaults to {::Logger::Formatter}.
+      # @param only [Symbol, String, Array, nil] forwarded to {DataRedactor.redact}.
+      # @param except [Symbol, String, Array, nil] forwarded to {DataRedactor.redact}.
+      # @param placeholder forwarded to {DataRedactor.redact}.
+      def initialize(inner: ::Logger::Formatter.new, only: nil, except: nil, placeholder: DataRedactor::PLACEHOLDER_DEFAULT)
+        @inner = inner
+        @only = only
+        @except = except
+        @placeholder = placeholder
+      end
+
+      # Formatter contract — called by Logger for every emitted line.
+      # Lets the inner formatter render whatever it likes (string, exception,
+      # arbitrary object) and scrubs the resulting line in one pass. Keeps the
+      # exception cause chain intact so downstream formatters still see it.
+      def call(severity, time, progname, msg)
+        line = @inner.call(severity, time, progname, msg)
+        DataRedactor.redact(line.to_s, only: @only, except: @except, placeholder: @placeholder)
+      end
+    end
+  end
+end

data/lib/data_redactor/integrations/rack.rb

@@ -0,0 +1,121 @@
+require "data_redactor"
+
+module DataRedactor
+  module Integrations
+    # Rack middleware that scrubs sensitive data from selectable surfaces of
+    # the response (and request headers, for downstream loggers to see scrubbed
+    # values).
+    #
+    # @example Both surfaces (default)
+    #   use DataRedactor::Integrations::Rack, scrub: [:body, :headers]
+    #
+    # @example Headers only — leave the response body untouched
+    #   use DataRedactor::Integrations::Rack, scrub: [:headers]
+    #
+    # ### Surfaces
+    #
+    # - `:body` — wraps the response body so emitted bytes pass through
+    #   {DataRedactor.redact} before reaching the client. Drops the
+    #   `Content-Length` header (the redacted body may have a different
+    #   byte length, and recomputing requires buffering).
+    # - `:headers` — scrubs response headers in place. Sensitive request
+    #   headers (`Authorization`, `Cookie`, `X-Api-Key`, etc.) are redacted in
+    #   the env hash so any downstream middleware that logs them sees scrubbed
+    #   values.
+    class Rack
+      DEFAULT_SCRUB = [:body, :headers].freeze
+
+      SENSITIVE_REQUEST_HEADERS = %w[
+        HTTP_AUTHORIZATION
+        HTTP_PROXY_AUTHORIZATION
+        HTTP_COOKIE
+        HTTP_X_API_KEY
+        HTTP_X_AUTH_TOKEN
+        HTTP_X_ACCESS_TOKEN
+      ].freeze
+
+      SENSITIVE_RESPONSE_HEADERS = %w[
+        Set-Cookie
+        Authorization
+        X-Api-Key
+        X-Auth-Token
+        X-Access-Token
+      ].freeze
+
+      # @param app [#call] the Rack app
+      # @param scrub [Array<Symbol>] which surfaces to redact. Subset of
+      #   `[:body, :headers]`. Defaults to `[:body, :headers]`.
+      # @param only forwarded to {DataRedactor.redact}
+      # @param except forwarded to {DataRedactor.redact}
+      # @param placeholder forwarded to {DataRedactor.redact}
+      def initialize(app, scrub: DEFAULT_SCRUB, only: nil, except: nil, placeholder: DataRedactor::PLACEHOLDER_DEFAULT)
+        @app = app
+        @scrub = Array(scrub).map(&:to_sym)
+        unknown = @scrub - [:body, :headers]
+        unless unknown.empty?
+          raise ArgumentError, "unknown scrub surface(s) #{unknown.inspect}; valid: [:body, :headers]"
+        end
+        @only = only
+        @except = except
+        @placeholder = placeholder
+      end
+
+      def call(env)
+        scrub_request_headers(env) if @scrub.include?(:headers)
+        status, headers, body = @app.call(env)
+        headers = scrub_response_headers(headers) if @scrub.include?(:headers)
+        if @scrub.include?(:body)
+          body, headers = wrap_body(body, headers)
+        end
+        [status, headers, body]
+      end
+
+      private
+
+      def redact(s)
+        DataRedactor.redact(s, only: @only, except: @except, placeholder: @placeholder)
+      end
+
+      def scrub_request_headers(env)
+        SENSITIVE_REQUEST_HEADERS.each do |key|
+          value = env[key]
+          env[key] = redact(value) if value.is_a?(String) && !value.empty?
+        end
+      end
+
+      def scrub_response_headers(headers)
+        # Rack 3 uses lower-case header names; Rack 2 uses Capitalized.
+        # Match case-insensitively against our known list.
+        sensitive_lc = SENSITIVE_RESPONSE_HEADERS.map(&:downcase)
+        headers.each_with_object({}) do |(key, value), out|
+          if sensitive_lc.include?(key.to_s.downcase)
+            out[key] = scrub_header_value(value)
+          else
+            out[key] = value
+          end
+        end
+      end
+
+      def scrub_header_value(value)
+        case value
+        when String then redact(value)
+        when Array  then value.map { |v| v.is_a?(String) ? redact(v) : v }
+        else value
+        end
+      end
+
+      def wrap_body(body, headers)
+        # Buffer the body, redact, return as a single-element array.
+        # Stripping Content-Length because the redacted body may differ in
+        # byte length; downstream servers will recompute or chunk-encode.
+        buffered = +""
+        body.each { |chunk| buffered << chunk.to_s }
+        body.close if body.respond_to?(:close)
+
+        scrubbed = redact(buffered)
+        new_headers = headers.reject { |k, _| k.to_s.downcase == "content-length" }
+        [[scrubbed], new_headers]
+      end
+    end
+  end
+end

data/lib/data_redactor/integrations/rails.rb

@@ -0,0 +1,38 @@
+require "data_redactor"
+
+module DataRedactor
+  module Integrations
+    # Rails `config.filter_parameters` adapter. Returns a `Proc` that Rails
+    # invokes with `(key, value)` for every leaf in the params tree; we redact
+    # the value in place when it is a String.
+    #
+    # @example
+    #   # config/initializers/filter_parameter_logging.rb
+    #   require "data_redactor/integrations/rails"
+    #   Rails.application.config.filter_parameters += [
+    #     DataRedactor::Integrations::Rails.filter
+    #   ]
+    #
+    # @example Restricting to specific tags
+    #   Rails.application.config.filter_parameters += [
+    #     DataRedactor::Integrations::Rails.filter(only: [:credentials, :financial])
+    #   ]
+    module Rails
+      module_function
+
+      # @param only forwarded to {DataRedactor.redact}
+      # @param except forwarded to {DataRedactor.redact}
+      # @param placeholder forwarded to {DataRedactor.redact}
+      # @return [Proc] a `(key, value)` proc compatible with `config.filter_parameters`
+      def filter(only: nil, except: nil, placeholder: DataRedactor::PLACEHOLDER_DEFAULT)
+        lambda do |_key, value|
+          next unless value.is_a?(String)
+          # Rails' Parameter Filter mutates the value in place. We can't
+          # reassign `value` here, so use String#replace.
+          redacted = DataRedactor.redact(value, only: only, except: except, placeholder: placeholder)
+          value.replace(redacted) if redacted != value
+        end
+      end
+    end
+  end
+end

data/lib/data_redactor/version.rb

@@ -1,3 +1,4 @@
 module DataRedactor
-  VERSION = "0.5.0"
+  # Current gem version. Follows {https://semver.org Semantic Versioning 2.0.0}.
+  VERSION = "0.7.0"
 end