fluent-plugin-masking 1.0.6 → 1.0.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5ba6a8f7cb4b592158ba29e44ad3408995b2e6170030277fc071c8d87558d636
-  data.tar.gz: bda9061abbb827e79162b0aaee0859b44034d2cee6dfcec448c1ca626ba86509
+  metadata.gz: 3829c2b34592e0818d551864f92a43d914285b899f517a36918b4f4ccd06efcc
+  data.tar.gz: 9a10456cdd7baef47fcad37a322fc497b5f7261612592822ee710887979da3dc
 SHA512:
-  metadata.gz: dc4635b29a99ff1d446b68f1a40937a9469d1919f0d65a14c81a03d3a7e124c9d2cb6ab8ecfe2d1ee40101b009a48d6ae2cf1c314fc23636dd56b7f67d9d58cf
-  data.tar.gz: 638dee8fc6e7c903cc692cdf5e9d691d1d8901af2390daad53a450e3980e02cdd295ecbcee9c43743c6348be24475b75b1a8881c398371042b747afcd94a26b7
+  metadata.gz: 9df328614e49ab9190ba647c28956c19d184471b6cfb332a8d9a5a279dd0f035e75ff17a71e7c51faf8c6d1f8aa2b6500755986c41f262569f05d68fbafc8352
+  data.tar.gz: '09ac4052c21d64b735ffc9b44aada2ecaf2cff678a3ca45de4eb1280940456c0c0cc493a3702b0c27d358bb07a045aad72e30f00f98070993eccb09da21efed6'

data/Gemfile.lock

@@ -1,8 +1,8 @@
 PATH
   remote: .
   specs:
-    fluent-plugin-masking (1.0.4)
-      fluentd (>= 0.14.0, < 2)
+    fluent-plugin-masking (1.0.6)
+      fluentd (>= 0.14.0)
 
 GEM
   remote: https://rubygems.org/

data/README.md

@@ -1 +1,83 @@
-fluent-plugin-masking
+# fluent-plugin-masking
+
+## Overview
+Fluentd filter plugin to mask sensitive or privacy records with `*******` in place of the original value. This data masking plugin protects data such as name, email, phonenumber, address, and any other field you would like to mask.
+
+## Requirements
+| fluent-plugin-masking    | fluentd    | ruby   |
+| ---------------------    | ---------- | ------ |
+| 1.0.x                    | 	>= v0.14.0 | >= 2.1 |
+
+
+## Installation
+Install with gem:
+
+`gem install fluent-plugin-masking`
+
+## Setup
+In order to setup this plugin, the parameter `fieldsToMaskFilePath` needs to be a valid path to a file containing a list of all the fields to mask. The file should have a unique field on each line. These fields **are** case-sensitive (`Name` != `name`).
+
+This is configured as shown below:
+```
+<filter "**">
+  @type masking
+  fieldsToMaskFilePath "/path/to/fields-to-mask-file"
+</filter>
+```
+
+Example fields-to-mask-file:
+```
+name
+email
+phone
+```
+
+
+## Quick Guide
+
+### Configuration:
+```
+# fluent.conf
+----------------------------------
+<source>
+  @type tail
+  path /tmp/test.log
+  pos_file /tmp/test.log.pos
+  tag maskme
+  format none
+</source>
+
+<filter "**">
+  @type masking
+  fieldsToMaskFilePath "/path/to/fields-to-mask-file"
+</filter>
+
+<match "**">
+  @type stdout
+</match>
+
+
+
+# /path/to/fields-to-mask-file
+----------------------------------
+first_name
+last_name
+address
+phone
+password
+email
+```
+
+### Result
+
+To run the above configuration, run the following commands:
+```
+fluentd -c fluent.conf
+echo '{ :body => "{\"first_name\":\"mickey\", \"type\":\"puggle\", \"last_name\":\"the-dog\", \"password\":\"d0g43u39\"}"}' > /tmp/test.log
+```
+
+This sample result is created from the above configuration file `fluent.conf`. As expected, the following fields configured to be masked are masked with `*******` in the output.
+
+```
+2019-09-15 16:12:50.359191000 +0300 maskme: {"message":"{ :body => \"{\\\"first_name\\\":\\\"*******\\\", \\\"type\\\":\\\"puggle\\\", \\\"last_name\\\":\\\"*******\\\", \\\"password\\\":\\\"*******\\\"}\"}"}
+```

data/fluent-plugin-masking.gemspec

@@ -9,9 +9,9 @@ Gem::Specification.new do |spec|
 
   spec.authors       = ["Shai Moria", "Niv Lipetz"]
   spec.email         = ["shai.moria@zooz.com", "niv.lipetz@zooz.com"]
-  spec.description   = "Fluentd Filter plugin to mask given fields in messages"
-  spec.summary       = "Fluentd Filter plugin to mask given fields in messages"
-  spec.homepage      = "https://github.com/zooz"
+  spec.description   = "Fluentd filter plugin to mask sensitive or privacy records in event messages"
+  spec.summary       = "Fluentd filter plugin to mask sensitive or privacy records with `*******` in place of the original value. This data masking plugin protects data such as name, email, phonenumber, address, and any other field you would like to mask."
+  spec.homepage      = "https://github.com/zooz/fluent-plugin-masking"
 
   spec.files         = `git ls-files`.split($\)
   spec.require_paths = ["lib"]
@@ -19,7 +19,7 @@ Gem::Specification.new do |spec|
 
   spec.required_ruby_version = '>= 2.1'
   
-  spec.add_runtime_dependency "fluentd", ">= 0.14.0", "< 2"
+  spec.add_runtime_dependency "fluentd", ">= 0.14.0"
   spec.add_development_dependency "bundler"
   spec.add_development_dependency "rake", "~> 12.0"
   spec.add_development_dependency "test-unit", ">= 3.1.0"

data/lib/fluent/plugin/filter_masking.rb

@@ -12,16 +12,14 @@ module Fluent
       end
 
       # returns the masked record
-      # error safe method - if any error occurs
-      # the original record is return
+      # error safe method - if any error occurs the original record is returned
       def maskRecord(record)
         maskedRecord = record
         
         begin
           recordStr = record.to_s
-          @fields_to_mask.each do | fieldToMask |
-            recordStr = recordStr.gsub(/(?::#{fieldToMask}=>")(.*?)(?:")/m, ":#{fieldToMask}=>\"#{MASK_STRING}\"") # mask element in hash object
-            recordStr = recordStr.gsub(/(\\+)"#{fieldToMask}\\+":\\+.+?((?=(})|,( *|)(\s|\\+)\")|(?=}"$))/m, "\\1\"#{fieldToMask}\\1\":\\1\"#{MASK_STRING}\\1\"") # mask element in json string
+          @fields_to_mask_regex.each do | fieldToMaskRegex, fieldToMaskRegexStringReplacement |
+            recordStr = recordStr.gsub(fieldToMaskRegex, fieldToMaskRegexStringReplacement) 
           end
 
           maskedRecord = strToHash(recordStr)
@@ -36,6 +34,7 @@ module Fluent
       def initialize
         super
         @fields_to_mask = []
+        @fields_to_mask_regex = {}
       end
 
       # this method only called ones (on startup time)
@@ -51,6 +50,14 @@ module Fluent
             value = value.gsub('\n', '') # remove line breakers
 
             @fields_to_mask.push(value)
+
+            hashObjectRegex = Regexp.new(/(?::#{value}=>")(.*?)(?:")/m) # mask element in hash object
+            hashObjectRegexStringReplacement = ":#{value}=>\"#{MASK_STRING}\""
+            @fields_to_mask_regex[hashObjectRegex] = hashObjectRegexStringReplacement
+
+            innerJSONStringRegex = Regexp.new(/(\\+)"#{value}\\+":\\+.+?((?=(})|,( *|)(\s|\\+)\")|(?=}"$))/m) # mask element in json string using capture groups that count the level of escaping inside the json string
+            innerJSONStringRegexStringReplacement = "\\1\"#{value}\\1\":\\1\"#{MASK_STRING}\\1\""
+            @fields_to_mask_regex[innerJSONStringRegex] = innerJSONStringRegexStringReplacement
           end
         end
 

data/lib/fluent/plugin/version.rb

@@ -1,3 +1,3 @@
 module FilterMasking
-    VERSION = "1.0.6"
+    VERSION = "1.0.7"
 end 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-masking
 version: !ruby/object:Gem::Version
-  version: 1.0.6
+  version: 1.0.7
 platform: ruby
 authors:
 - Shai Moria
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-08-21 00:00:00.000000000 Z
+date: 2019-09-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fluentd
@@ -18,9 +18,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.14.0
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -28,9 +25,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.14.0
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '2'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -87,7 +81,7 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: Fluentd Filter plugin to mask given fields in messages
+description: Fluentd filter plugin to mask sensitive or privacy records in event messages
 email:
 - shai.moria@zooz.com
 - niv.lipetz@zooz.com
@@ -106,7 +100,7 @@ files:
 - lib/fluent/plugin/version.rb
 - test/fields-to-mask
 - test/test_filter_masking.rb
-homepage: https://github.com/zooz
+homepage: https://github.com/zooz/fluent-plugin-masking
 licenses:
 - Apache-2.0
 metadata: {}
@@ -128,5 +122,7 @@ requirements: []
 rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
-summary: Fluentd Filter plugin to mask given fields in messages
+summary: Fluentd filter plugin to mask sensitive or privacy records with `*******`
+  in place of the original value. This data masking plugin protects data such as name,
+  email, phonenumber, address, and any other field you would like to mask.
 test_files: []