db_obfuscation 0.0.1

data/spec/db_obfuscation/config_spec.rb

@@ -0,0 +1,60 @@
+require 'spec_helper'
+require 'db_obfuscation/config'
+
+module DbObfuscation
+  describe Config do
+
+    it 'looks for database configuration file' do
+      dir = DbObfuscation.config_dir
+      expect(described_class.config_path).to eq(dir)
+    end
+
+    it 'takes database configuration file from users' do
+      described_class.config_path = '/var'
+      expect(described_class.config_path).to eq(Pathname.new('/var'))
+    end
+
+    context '.db_config' do
+      before do
+        config_path = DbObfuscation.config_dir
+        described_class.config_path = config_path
+      end
+
+      it 'loads the configuration file' do
+        db_config = { "database" => 'obfuscation_test' }
+        expect(described_class.db_config).to include db_config
+      end
+
+      it 'provides database information from the configuration file' do
+        db_config = described_class.db_config
+        expect(db_config['username']).to eq('ccUser')
+        expect(db_config['database']).to eq('obfuscation_test')
+      end
+    end
+
+    context '.truncation_patterns' do
+      it 'returns collection of truncation patterns' do
+        patterns = described_class.truncation_patterns
+        expect(patterns).to include(:truncation_table_1)
+      end
+    end
+
+    context '.whitelisted_tables' do
+      it 'returns collection of tables names' do
+        whitelisted_tables = described_class.whitelisted_tables
+        expect(whitelisted_tables).to include('whitelisted_table_1')
+      end
+    end
+
+    context '.table_strategies' do
+      it 'returns all the obfuscation strategies for tables' do
+        strategies = described_class.table_strategies
+        phone_masking_technique = strategies['table_1']['field_1']
+        expect(phone_masking_technique).to eq(:first_name_strategy)
+
+        address_masking_technique = strategies['table_2']['date_field']
+        expect(address_masking_technique).to eq(:date_strategy)
+      end
+    end
+  end
+end

data/spec/db_obfuscation/database_spec.rb

@@ -0,0 +1,10 @@
+require 'spec_helper'
+require 'db_obfuscation/database'
+
+module DbObfuscation
+  describe DbObfuscation do
+    it 'connects to database' do
+      expect(DB.adapter_scheme).to eq(:postgres)
+    end
+  end
+end

data/spec/db_obfuscation/filtering/column_spec.rb

@@ -0,0 +1,82 @@
+require 'spec_helper'
+require 'db_obfuscation/filtering/column'
+
+module DbObfuscation::Filtering
+  describe Column do
+    context '.columns_type' do
+      it 'returns the column and types for the table' do
+        column_types = {
+          id: :integer,
+          field_1: :string,
+          field_2: :string,
+          date_field: :date,
+          created_at: :datetime,
+          updated_at: :datetime,
+          boolean_field: :boolean,
+          integer_field: :integer
+        }
+
+        expect(described_class.columns_type('table_1')).to eq(column_types)
+      end
+    end
+
+    describe '.type?' do
+      let(:expected_column_type) { [:string] }
+      let(:column_type) { :string }
+
+      it 'returns true when types matches' do
+        column_type = :string
+        expect(described_class.type?(expected_column_type, column_type)).to eq true
+      end
+
+      it 'returns false when types does not match' do
+        column_type = :int
+        expect(described_class.type?(expected_column_type, column_type)).to eq false
+      end
+    end
+
+    describe '.polymorphic?' do
+      it 'returns true when the column name is polymorphic association column' do
+        column_name = 'column_name_type'
+        expect(described_class.polymorphic?(column_name)).to eq true
+      end
+
+      it 'returns false when the column name is not polymorphic association column' do
+        column_name = 'simple_column_name'
+        expect(described_class.polymorphic?(column_name)).to eq false
+      end
+    end
+
+    describe '.ending_in_id?' do
+      it 'returns true if the column name ends in "id"' do
+        column_name = 'simple_column_name_id'
+        expect(described_class.ending_in_id?(column_name)).to eq true
+      end
+
+      it 'returns false if the column name does not ends in "id"' do
+        column_name = 'simple_column_name'
+        expect(described_class.ending_in_id?(column_name)).to eq false
+      end
+    end
+
+    describe '.filter' do
+      it 'returns the column name if it meets all criterias' do
+        expect(described_class.filter('name','type','type')).to eq 'name'
+      end
+
+      context 'criterias' do
+        it 'filters out polymorphic association columns' do
+          expect(described_class.filter('polymorphic_type','type','type')).to be_nil
+        end
+
+        it 'filters out columns name ending in id' do
+          expect(described_class.filter('message_id','type','type')).to be_nil
+        end
+
+        it 'filters out columns with no matching types' do
+          expect(described_class.filter('message', :type, [:expected_type])).to be_nil
+        end
+      end
+    end
+  end
+end

data/spec/db_obfuscation/filtering/truncation_spec.rb

@@ -0,0 +1,41 @@
+require 'spec_helper'
+require 'db_obfuscation/filtering/truncation'
+
+module DbObfuscation
+  module Filtering
+    describe Truncation do
+      describe '.matches_patterns' do
+        it 'returns the tables that are the same as patterns' do
+          patterns = [:pattern_1, :pattern_2]
+          tables = [ :pattern_1, :pattern_2, :non_pattern_1, :pattern_3]
+          truncation_tables = described_class.matches_patterns(tables, patterns)
+          expect(truncation_tables).to match_array [:pattern_1, :pattern_2]
+        end
+
+        it 'returns all the tables that start with the pattern followed by an underscore' do
+          patterns = [:pattern_1, :pattern_2]
+          tables = [ :pattern_1,
+                     :pattern_2,
+                     :pattern_1_table,
+                     :non_pattern_1,
+                     :pattern_3,
+                     :pattern_1non_truncation_table]
+
+          tables = described_class.matches_patterns(tables, patterns)
+          expect(tables).to match_array [:pattern_1,
+                                         :pattern_2,
+                                         :pattern_1_table]
+
+        end
+
+        it 'does not have any duplicate table names' do
+          patterns = [:pattern_1, :pattern_1]
+          tables = [:pattern_1]
+
+          tables = described_class.matches_patterns(tables, patterns)
+          expect(tables).to match_array [:pattern_1]
+        end
+      end
+    end
+  end
+end

data/spec/db_obfuscation/filtering_spec.rb

@@ -0,0 +1,39 @@
+require 'spec_helper'
+require 'db_obfuscation/filtering'
+module DbObfuscation
+  describe Filtering do
+
+    describe 'obfuscation_config' do
+      it 'returns the obfuscation strategies for every table in the database' do
+        config = {
+          table_1: {
+            field_1: :first_name_strategy,
+            field_2: :default_strategy,
+            date_field: :date_strategy
+          },
+          table_2: {
+            field_1: :default_strategy,
+            date_field: :date_strategy
+          },
+          table_without_any_user_defined_obfuscation_strategies: {
+            field_1: :default_strategy,
+            field_2: :default_strategy
+          }
+        }
+
+        expect(described_class.obfuscation_config([:string])).to eq config
+      end
+
+      it 'includes table configuations without any user defined table strategies' do
+        config = described_class.obfuscation_config([:string])
+        expect(config.keys).to include(:table_without_any_user_defined_obfuscation_strategies)
+      end
+
+      it 'does not include configuration for table that does not have obfuscatable columns' do
+        config = described_class.obfuscation_config([:string])
+        expect(config.keys).to_not include(:table_without_any_obfuscatable_columns)
+        expect(config.keys).to include(:table_without_any_user_defined_obfuscation_strategies)
+      end
+    end
+  end
+end

data/spec/db_obfuscation/obfuscation_strategy_spec.rb

@@ -0,0 +1,43 @@
+require 'spec_helper'
+require 'db_obfuscation/obfuscation_strategy'
+
+module DbObfuscation
+  describe ObfuscationStrategy do
+    describe '.strategy' do
+      it "returns ssn_strategy when column name is 'ssn'" do
+        actual_strategy = described_class.strategy('ssn')
+        expect(actual_strategy).to eq :ssn_strategy
+      end
+
+      it "returns ssn_strategy when column name matches 'ssn'" do
+        actual_strategy = described_class.strategy('ssn_number')
+        expect(actual_strategy).to eq :ssn_strategy
+      end
+
+      it "returns email_strategy when column name is 'email'" do
+        actual_strategy = described_class.strategy('email')
+        expect(actual_strategy).to eq :email_strategy
+      end
+
+      it "returns email_strategy when column name matches 'email'" do
+        actual_strategy = described_class.strategy('contact_person_email')
+        expect(actual_strategy).to eq :email_strategy
+      end
+
+      it "returns first_name_strategy when column name is 'first_name'" do
+        actual_strategy = described_class.strategy('first_name')
+        expect(actual_strategy).to eq :first_name_strategy
+      end
+
+      it "returns last_name_strategy when column name is 'last_name'" do
+        actual_strategy = described_class.strategy('last_name')
+        expect(actual_strategy).to eq :last_name_strategy
+      end
+
+      it "returns name_strategy when column name matches 'name'" do
+        actual_strategy = described_class.strategy('name')
+        expect(actual_strategy).to eq :name_strategy
+      end
+    end
+  end
+end

data/spec/db_obfuscation/obfuscator_spec.rb

@@ -0,0 +1,150 @@
+require 'spec_helper'
+require 'db_obfuscation/obfuscator'
+
+module DbObfuscation
+  describe Obfuscator do
+    context 'medicaid recipent identification number' do
+      it 'uses faker numerify' do
+        expect(FFaker).to receive(:numerify).with('############')
+        described_class.obfuscate(:medicaid_id_strategy)
+      end
+
+      it 'generates random 12 digits number' do
+        m_id = described_class.obfuscate(:medicaid_id_strategy)
+        expect(m_id.chars.size).to eq(12)
+      end
+    end
+
+    it 'obfuscates school strategy with a fake school name' do
+      expect(FFaker::Education).to receive(:school)
+      described_class.obfuscate(:school_strategy)
+    end
+
+    context 'unique strategy' do
+      it 'provides unique strings' do
+        expect(FFaker::Name).to receive(:first_name)#.and_return 'whatever'
+        expect(FFaker).to receive(:letterify).with('??????????')
+        expect(FFaker::Name).to receive(:last_name)
+        described_class.obfuscate(:unique_name_strategy)
+      end
+
+      it 'provides names comprised of first, random middle and last names' do
+        allow(FFaker::Name).to receive(:first_name).and_return('First')
+        allow(FFaker).to receive(:letterify).with('??????????').and_return('abc')
+        allow(FFaker::Name).to receive(:last_name).and_return('Last')
+        name = 'First abc Last'
+
+        expect(described_class.obfuscate(:unique_name_strategy)).to eq(name)
+      end
+    end
+
+    it 'obfuscates gender as unknown' do
+      expect(described_class.obfuscate(:gender_strategy)).to eq 'Unknown'
+    end
+
+    it 'obfuscates default strategy as a random word' do
+      expect(FFaker::Lorem).to receive(:word).and_return('fake_word')
+      obfuscated_fake_word = described_class.obfuscate(
+        :default_strategy)
+      expect(obfuscated_fake_word).to eq 'fake_word'
+    end
+
+    it 'obfuscates name strategy as fake name' do
+      expect(FFaker::Name).to receive(:name).and_return('fake_name')
+      obfuscated_fake_name = described_class.obfuscate(
+        :name_strategy)
+      expect(obfuscated_fake_name).to eq 'fake_name'
+    end
+
+    it 'obfuscates first_name strategy as fake first name' do
+      expect(FFaker::Name).to receive(:first_name).and_return('fake_first_name')
+      obfuscated_fake_first_name = described_class.obfuscate(
+        :first_name_strategy)
+      expect(obfuscated_fake_first_name).to eq 'fake_first_name'
+    end
+
+    it 'obfuscates last_name strategy as fake last name' do
+      expect(FFaker::Name).to receive(:last_name).and_return('fake_last_name')
+      obfuscated_fake_last_name = described_class.obfuscate(
+        :last_name_strategy)
+      expect(obfuscated_fake_last_name).to eq 'fake_last_name'
+    end
+
+    it 'obfuscates address strategy as fake address with city/state/zip' do
+      expect(FFaker::Address).to receive(:street_address).
+        and_return('fake_street_address')
+      expect(FFaker::AddressUS).to receive(:zip_code).and_return('10000')
+      expect(FFaker::Address).to receive(:city).and_return('New York')
+      expect(FFaker::AddressUS).to receive(:state_abbr).and_return('NY')
+      obfuscated_fake_address = described_class.obfuscate(
+        :address_strategy)
+      expect(obfuscated_fake_address).
+        to eq 'fake_street_address New York NY 10000'
+    end
+
+    it 'obfuscates ssn strategy as fake ssn' do
+      expect(FFaker::SSN).to receive(:ssn).and_return('123-456-7890')
+      obfuscated_fake_ssn = described_class.obfuscate(
+        :ssn_strategy)
+      expect(obfuscated_fake_ssn).to eq '123-456-7890'
+    end
+
+    it 'obfuscates email strategy as fake email' do
+      expect(FFaker::Internet).to receive(:safe_email).
+        and_return('fake_email@fake_email.com')
+      obfuscated_fake_email = described_class.obfuscate(
+        :email_strategy)
+      expect(obfuscated_fake_email).to eq 'fake_email@fake_email.com'
+    end
+
+    it 'obfuscsates phone number strategy as fake phone number' do
+      expect(FFaker::PhoneNumber).to receive(:phone_number).
+        and_return('123-456-7890')
+      obfuscated_fake_phone_number = described_class.obfuscate(
+        :phone_number_strategy)
+      expect(obfuscated_fake_phone_number).to eq '123-456-7890'
+    end
+
+    it 'obfuscates nil strategy as nil value' do
+      obfuscated_string = described_class.obfuscate(
+        :nil_strategy)
+      expect(obfuscated_string).to eq nil
+    end
+
+    it 'obfuscates sentence strategy as fake sentence' do
+      expect(FFaker::Lorem).to receive(:sentence).
+        and_return('this is a fake sentence')
+      obfuscated_string = described_class.obfuscate(
+        :sentence_strategy)
+      expect(obfuscated_string).to eq 'this is a fake sentence'
+    end
+
+    it 'obfuscates paragraph strategy as fake paragraph' do
+      expect(FFaker::Lorem).to receive(:paragraph).
+        and_return('this is a fake paragraph')
+      obfuscated_string = described_class.obfuscate(
+        :paragraph_strategy)
+      expect(obfuscated_string).to eq 'this is a fake paragraph'
+    end
+
+    it 'obfuscates driving license strategy as fake driving license' do
+      expect(FFaker::Identification).to receive(:drivers_license).
+        and_return('123-456-7890')
+      obfuscated_string = described_class.obfuscate(
+        :driving_license_strategy)
+      expect(obfuscated_string).to eq '123-456-7890'
+    end
+
+    it 'the date strategy returns random number of days' do
+      expect(described_class.obfuscate(:date_strategy)).to be_between(31,240)
+    end
+
+    it 'obfuscates suffix strategy as fake suffix' do
+      expect(FFaker::Name).to receive(:suffix).
+        and_return('Jr')
+      obfuscated_string = described_class.obfuscate(
+        :suffix_strategy)
+      expect(obfuscated_string).to eq 'Jr'
+    end
+  end
+end

data/spec/db_obfuscation/query_builder_spec.rb

@@ -0,0 +1,259 @@
+require 'spec_helper'
+require 'db_obfuscation/query_builder'
+
+module DbObfuscation
+  describe QueryBuilder do
+    describe '.multi_update_sql' do
+      let(:sql_query) do
+        <<-SQL.gsub(/\s{2,}/,' ')
+        UPDATE "table_1"
+        SET "field_1" = CASE
+          WHEN "id" = '1' AND "field_1" IS NOT NULL
+            AND "field_1" != '' THEN 'field_1_1'
+          WHEN "id" = '2' AND "field_1" IS NOT NULL
+            AND "field_1" != '' THEN 'field_1_2'
+          WHEN "id" = '3' AND "field_1" IS NOT NULL
+            AND "field_1" != '' THEN 'field_1_3'
+          ELSE
+            "field_1"
+        END,
+        "field_2" = CASE
+          WHEN "id" = '1' AND "field_2" IS NOT NULL
+            AND "field_2" != '' THEN 'field_2_1'
+          WHEN "id" = '2' AND "field_2" IS NOT NULL
+            AND "field_2" != '' THEN 'field_2_2'
+          WHEN "id" = '3' AND "field_2" IS NOT NULL
+            AND "field_2" != '' THEN 'field_2_3'
+          ELSE
+            "field_2"
+        END
+        WHERE "id" IN ('1','2','3')
+        SQL
+      end
+
+      it 'build sql query for multiple row updates' do
+        columns_and_values = [
+          { field_1: "'field_1_1'", field_2: "'field_2_1'", id: 1 },
+          { field_1: "'field_1_2'", field_2: "'field_2_2'", id: 2 },
+          { field_1: "'field_1_3'", field_2: "'field_2_3'", id: 3 },
+        ]
+
+        expect(described_class.multi_update_sql(
+          :table_1, columns_and_values)).to eq sql_query.strip
+      end
+
+      it 'handles single row update' do
+        sql_query = <<-SQL.gsub(/\s{2,}/,' ')
+          UPDATE "table_1"
+          SET "field_1" = CASE
+            WHEN "id" = '1' AND "field_1" IS NOT NULL
+              AND "field_1" != '' THEN 'field_1_1'
+            ELSE
+              "field_1"
+          END,
+          "field_2" = CASE
+            WHEN "id" = '1' AND "field_2" IS NOT NULL
+              AND "field_2" != '' THEN 'field_2_1'
+            ELSE
+              "field_2"
+          END
+          WHERE "id" IN ('1')
+        SQL
+        columns_and_values = [
+          { field_1: "'field_1_1'", field_2: "'field_2_1'", id: 1 },
+        ]
+        expect(described_class.multi_update_sql(
+          :table_1,columns_and_values)).to eq sql_query.strip
+      end
+    end
+
+    describe '.where_sql' do
+      it 'generates where sql query' do
+        sql_query = "WHERE \"id\" IN ('1','2')"
+        columns_and_values = [
+          { first_name: 'first1', last_name: 'last1', id: 1 },
+          { first_name: 'first2', last_name: 'last2', id: 2 }]
+        expect(described_class.where_sql(columns_and_values)).to eq sql_query
+      end
+
+      it 'generates sql query based on the user supplied constraints' do
+        sql_query = "WHERE \"name\" IN ('1','2')"
+        columns_and_values = [
+          { first_name: "'first1'", last_name: "'last1'", name: 1 },
+          { first_name: "'first2'", last_name: "'last2'", name: 2 }]
+        expect(described_class.where_sql(columns_and_values)).to eq sql_query
+      end
+    end
+
+    describe '.case_sql' do
+      let(:sql) do
+        <<-SQL.gsub(/\s{2,}/,' ')
+        SET "first_name" = CASE
+          WHEN "id" = '1' AND "first_name" IS NOT NULL
+            AND "first_name" != '' THEN 'first1'
+          WHEN "id" = '2' AND "first_name" IS NOT NULL
+            AND "first_name" != '' THEN 'first2'
+          ELSE
+            "first_name"
+        END,
+        "last_name" = CASE
+          WHEN "id" = '1' AND "last_name" IS NOT NULL
+            AND "last_name" != '' THEN 'last1'
+          WHEN "id" = '2' AND "last_name" IS NOT NULL
+            AND "last_name" != '' THEN 'last2'
+          ELSE
+            "last_name"
+        END
+        SQL
+      end
+      let(:columns)  do
+        [
+          { first_name: "'first1'", last_name: "'last1'", id: 1 },
+          { first_name: "'first2'", last_name: "'last2'", id: 2 }
+        ]
+      end
+
+      it 'generates case sql for multiple columns' do
+        expect(described_class.case_sql(columns,[])).to eq sql.strip
+      end
+
+      it 'generates case sql for single column' do
+        sql = <<-SQL.gsub(/\s{2,}/,' ')
+        SET "first_name" = CASE
+        WHEN "id" = '1' AND "first_name" IS NOT NULL
+          AND "first_name" != '' THEN 'first1'
+        ELSE
+          "first_name"
+        END,
+        "last_name" = CASE
+        WHEN "id" = '1' AND "last_name" IS NOT NULL
+          AND "last_name" != '' THEN 'last1'
+        ELSE
+          "last_name"
+        END
+        SQL
+        columns = [{ first_name: "'first1'", last_name: "'last1'", id: 1 }]
+        expect(described_class.case_sql(columns,[])).to eq sql.strip
+      end
+
+      it 'generates case sql for values with quotes in them' do
+        sql = <<-SQL.gsub(/\s{2,}/,' ')
+        SET "first_name" = CASE
+        WHEN "id" = '1' AND "first_name" IS NOT NULL
+          AND "first_name" != '' THEN 'd''mello'
+        ELSE
+          "first_name"
+        END,
+        "last_name" = CASE
+        WHEN "id" = '1' AND "last_name" IS NOT NULL
+          AND "last_name" != '' THEN 'd''angelo'
+        ELSE
+          "last_name"
+        END
+        SQL
+        columns = [{ first_name: "'d''mello'", last_name: "'d''angelo'", id: 1 }]
+        expect(described_class.case_sql(columns,[])).to eq sql.strip
+      end
+
+      context 'when there is date column' do
+        let(:sql) do
+          <<-SQL.gsub(/\s{2,}/,' ')
+        SET "first_name" = CASE
+          WHEN "id" = '1' AND "first_name" IS NOT NULL
+            AND "first_name" != '' THEN 'first1'
+          WHEN "id" = '2' AND "first_name" IS NOT NULL
+            AND "first_name" != '' THEN 'first2'
+          ELSE
+            "first_name"
+        END,
+        "date_of_birth" = CASE
+          WHEN "id" = '1' AND "date_of_birth" IS NOT NULL
+            THEN "date_of_birth" + INTERVAL '31 DAYS'
+          WHEN "id" = '2' AND "date_of_birth" IS NOT NULL
+            THEN "date_of_birth" + INTERVAL '31 DAYS'
+          ELSE
+            "date_of_birth"
+        END
+          SQL
+        end
+        let(:columns)  do
+          [
+            { first_name: "'first1'", date_of_birth: "31", id: 1 },
+            { first_name: "'first2'", date_of_birth: "31", id: 2 }
+          ]
+        end
+
+        it 'does not include the not empty constraint' do
+          date_columns = [:date_of_birth, :date_of_death]
+          expect(described_class.case_sql(columns, date_columns)).to eq sql.strip
+        end
+      end
+    end
+
+    describe '.update_sql' do
+      sql_query = <<-SQL.gsub(/\s{2,}/,' ')
+      UPDATE users
+      SET first_name='fake first name',
+        last_name='fake last name'
+      WHERE id=1;
+      SQL
+
+      it 'returns the sql statement for updating a single row' do
+        obfuscated_columns = { first_name: "'fake first name'",
+                               last_name: "'fake last name'" }
+        expect(described_class.update_sql(:users, 1 , obfuscated_columns)).
+          to eq sql_query.strip
+      end
+
+      it 'updates date field using interval' do
+        sql_query = <<-SQL.gsub(/\s{2,}/,' ')
+      UPDATE users
+      SET first_name='fake first name',
+        last_name='fake last name',
+        date_of_birth=date_of_birth + INTERVAL '31 DAYS'
+      WHERE id=1;
+        SQL
+        obfuscated_columns = { first_name: "'fake first name'",
+                               last_name: "'fake last name'",
+                               date_of_birth: "31"}
+        date_columns = [:date_of_birth]
+        expect(described_class.update_sql(:users,
+                                          1,
+                                          obfuscated_columns,
+                                          date_columns)).
+                                         to eq sql_query.strip
+      end
+    end
+
+    describe '.column_sql' do
+      it 'returns the sql statement for updating the column values' do
+        sql_query = <<-SQL.gsub(/\s{2,}/,' ')
+        SET
+        first_name='fake first name',
+        last_name='fake last name'
+        SQL
+        obfuscated_columns = { first_name: "'fake first name'",
+                               last_name: "'fake last name'" }
+        date_columns = [:date_of_birth]
+        expect(described_class.column_sql(obfuscated_columns, date_columns)).
+          to eq sql_query.strip
+      end
+
+      it 'updates date fields using interval method' do
+        sql_query = <<-SQL.gsub(/\s{2,}/,' ')
+        SET
+        first_name='fake first name',
+        last_name='fake last name',
+        date_of_birth=date_of_birth + INTERVAL '31 DAYS'
+        SQL
+        obfuscated_columns = { first_name: "'fake first name'",
+                               last_name: "'fake last name'",
+                               date_of_birth: "31"}
+        date_columns = [:date_of_birth]
+        expect(described_class.column_sql(obfuscated_columns, date_columns)).
+          to eq sql_query.strip
+      end
+    end
+  end
+end
+