fluent-plugin-masking 1.0.7 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3829c2b34592e0818d551864f92a43d914285b899f517a36918b4f4ccd06efcc
-  data.tar.gz: 9a10456cdd7baef47fcad37a322fc497b5f7261612592822ee710887979da3dc
+  metadata.gz: 3c1d03c89c4b186938fab7c7f41e0217c443dc93c0b4d74fd59a0afe34de7493
+  data.tar.gz: de2fb0a278fdeb128773f96ad1be8ea0e895b611febff6b0fd57ae89668a0ff6
 SHA512:
-  metadata.gz: 9df328614e49ab9190ba647c28956c19d184471b6cfb332a8d9a5a279dd0f035e75ff17a71e7c51faf8c6d1f8aa2b6500755986c41f262569f05d68fbafc8352
-  data.tar.gz: '09ac4052c21d64b735ffc9b44aada2ecaf2cff678a3ca45de4eb1280940456c0c0cc493a3702b0c27d358bb07a045aad72e30f00f98070993eccb09da21efed6'
+  metadata.gz: 0712e0f59cd1e3d89282772285cd7632a242a1cba129e3c8a42836b0381079698faa536ac24be69768751f91c81155a0d4ff65824d914754e4bf8b175b6aa5eb
+  data.tar.gz: 7c43897e4a4a9a5c5c9cbdf10398efcfe333bc770d0e2c46f6d086ab16cc3c514e934c59210ab213468608c3ec59da6c389bb744b2d27be7409d3ca5df980e0f

data/.circleci/config.yml

@@ -0,0 +1,29 @@
+version: 2.1
+orbs:
+  ruby: circleci/ruby@0.1.2 
+  
+executors:
+  v2-5-0:
+    docker:
+      - image: circleci/ruby:2.5.0
+
+jobs:
+  tests:
+    parameters:
+      ruby-version:
+        type: executor
+    executor: << parameters.ruby-version >>
+    steps:
+      - checkout
+      - run: gem install bundler
+      - run: bundle install
+      - run: ruby -r ./test/*.rb
+
+workflows:
+  tests:
+    jobs:
+      - tests:
+          matrix:
+            parameters:
+              ruby-version: [v2-5-0]
+

data/.gitignore

@@ -1,4 +1,6 @@
 .bundle/
 vendor/
 *.gem
-.idea/
+.idea/
+Gemfile.lock
+Rakefile

data/README.md

@@ -1,12 +1,14 @@
 # fluent-plugin-masking
 
+[![Known Vulnerabilities](https://snyk.io//test/github/PayU/fluent-plugin-masking/badge.svg?targetFile=Gemfile.lock)](https://snyk.io//test/github/PayU/fluent-plugin-masking?targetFile=Gemfile.lock) [![Build Status](https://travis-ci.com/PayU/fluent-plugin-masking.svg?branch=master)](https://travis-ci.com/PayU/fluent-plugin-masking)
+
 ## Overview
 Fluentd filter plugin to mask sensitive or privacy records with `*******` in place of the original value. This data masking plugin protects data such as name, email, phonenumber, address, and any other field you would like to mask.
 
 ## Requirements
 | fluent-plugin-masking    | fluentd    | ruby   |
 | ---------------------    | ---------- | ------ |
-| 1.0.x                    | 	>= v0.14.0 | >= 2.1 |
+| 1.2.x                    | 	>= v0.14.0 | >= 2.5 |
 
 
 ## Installation
@@ -17,11 +19,15 @@ Install with gem:
 ## Setup
 In order to setup this plugin, the parameter `fieldsToMaskFilePath` needs to be a valid path to a file containing a list of all the fields to mask. The file should have a unique field on each line. These fields **are** case-sensitive (`Name` != `name`).
 
+In addition, there's an optional parameter called `fieldsToExcludeJSONPaths` which receives as input a comma separated string of JSON fields that should be excluded in the masking procedure. Nested JSON fields are supported by `dot notation` (i.e: `path.to.excluded.field.in.record.nestedExcludedField`)
+The JSON fields that are excluded are comma separated.  
+This can be used for logs of registration services or audit log entries which do not need to be masked.  
 This is configured as shown below:
 ```
 <filter "**">
   @type masking
   fieldsToMaskFilePath "/path/to/fields-to-mask-file"
+  fieldsToExcludeJSONPaths "excludedField,exclude.path.nestedExcludedField"
 </filter>
 ```
 
@@ -29,10 +35,9 @@ Example fields-to-mask-file:
 ```
 name
 email
-phone
+phone/i # the '/i' suffix will make sure phone field will be case insensitive
 ```
 
-
 ## Quick Guide
 
 ### Configuration:
@@ -50,6 +55,7 @@ phone
 <filter "**">
   @type masking
   fieldsToMaskFilePath "/path/to/fields-to-mask-file"
+  fieldsToExcludeJSONPaths "excludedField,exclude.path.nestedExcludedField"
 </filter>
 
 <match "**">
@@ -80,4 +86,22 @@ This sample result is created from the above configuration file `fluent.conf`. A
 
 ```
 2019-09-15 16:12:50.359191000 +0300 maskme: {"message":"{ :body => \"{\\\"first_name\\\":\\\"*******\\\", \\\"type\\\":\\\"puggle\\\", \\\"last_name\\\":\\\"*******\\\", \\\"password\\\":\\\"*******\\\"}\"}"}
-```
+```
+
+A sample with exclude in use:
+```
+fluentd -c fluent.conf
+echo '{ :body => "{\"first_name\":\"mickey\", \"type\":\"puggle\", \"last_name\":\"the-dog\", \"password\":\"d0g43u39\"}", "excludeMaskFields"=>"first_name,last_name"}' > /tmp/test.log
+```
+
+```
+2019-12-01 14:25:53.385681000 +0300 maskme: {"message":"{ :body => \"{\\\"first_name\\\":\\\"mickey\\\", \\\"type\\\":\\\"puggle\\\", \\\"last_name\\\":\\\"the-dog\\\", \\\"password\\\":\\\"*******\\\"}\"}"}
+```
+
+
+### Run Unit Tests
+```
+gem install bundler
+bundle install
+ruby -r ./test/*.rb
+```

data/fluent-plugin-masking.gemspec

@@ -11,17 +11,16 @@ Gem::Specification.new do |spec|
   spec.email         = ["shai.moria@zooz.com", "niv.lipetz@zooz.com"]
   spec.description   = "Fluentd filter plugin to mask sensitive or privacy records in event messages"
   spec.summary       = "Fluentd filter plugin to mask sensitive or privacy records with `*******` in place of the original value. This data masking plugin protects data such as name, email, phonenumber, address, and any other field you would like to mask."
-  spec.homepage      = "https://github.com/zooz/fluent-plugin-masking"
+  spec.homepage      = "https://github.com/PayU/fluent-plugin-masking"
 
   spec.files         = `git ls-files`.split($\)
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
   spec.license = "Apache-2.0"
 
-  spec.required_ruby_version = '>= 2.1'
+  spec.required_ruby_version = '>= 2.5.0'
   
   spec.add_runtime_dependency "fluentd", ">= 0.14.0"
-  spec.add_development_dependency "bundler"
-  spec.add_development_dependency "rake", "~> 12.0"
   spec.add_development_dependency "test-unit", ">= 3.1.0"
   spec.add_development_dependency "test-unit-rr"
 end

data/lib/fluent/plugin/filter_masking.rb

@@ -1,8 +1,10 @@
 require 'fluent/filter'
+require_relative './helpers.rb'
 
 module Fluent
   module Plugin
     class MaskingFilter < Filter
+      include Helpers
       Fluent::Plugin.register_filter("masking", self) # for "@type masking" in configuration
 
       MASK_STRING = "*******"
@@ -15,11 +17,23 @@ module Fluent
       # error safe method - if any error occurs the original record is returned
       def maskRecord(record)
         maskedRecord = record
-        
+        excludedFields = []
+        begin
+          @fieldsToExcludeJSONPathsArray.each do | field |
+            field_value = myDig(record, field)
+            if field_value != nil
+              excludedFields = excludedFields + field_value.split(',')
+            end
+          end
+        rescue Exception => e
+          $log.error "Failed to find mask exclude record: #{e}"
+        end
         begin
           recordStr = record.to_s
           @fields_to_mask_regex.each do | fieldToMaskRegex, fieldToMaskRegexStringReplacement |
-            recordStr = recordStr.gsub(fieldToMaskRegex, fieldToMaskRegexStringReplacement) 
+            if !(excludedFields.include? @fields_to_mask_keys[fieldToMaskRegex])
+              recordStr = recordStr.gsub(fieldToMaskRegex, fieldToMaskRegexStringReplacement) 
+            end
           end
 
           maskedRecord = strToHash(recordStr)
@@ -35,29 +49,54 @@ module Fluent
         super
         @fields_to_mask = []
         @fields_to_mask_regex = {}
+        @fields_to_mask_keys = {}
+        @fieldsToExcludeJSONPathsArray = []
       end
 
       # this method only called ones (on startup time)
       def configure(conf)
         super
         fieldsToMaskFilePath = conf['fieldsToMaskFilePath']
+        fieldsToExcludeJSONPaths = conf['fieldsToExcludeJSONPaths']
+
+        if fieldsToExcludeJSONPaths != nil && fieldsToExcludeJSONPaths.size() > 0 
+          fieldsToExcludeJSONPaths.split(",").each do | field |
+            # To save splits we'll save the path as an array
+            splitArray = field.split(".")
+            symArray = []
+            splitArray.each do | pathPortion |
+              symArray.push(pathPortion.to_sym)
+            end
+            @fieldsToExcludeJSONPathsArray.push(symArray)
+          end
+        end
 
         File.open(fieldsToMaskFilePath, "r") do |f|
           f.each_line do |line|
-
             value = line.to_s # make sure it's string
             value = value.gsub(/\s+/, "") # remove spaces
             value = value.gsub('\n', '') # remove line breakers
 
+            if value.end_with? "/i"
+              # case insensitive
+              value = value.delete_suffix('/i')
+              hashObjectRegex = Regexp.new(/(?::#{value}=>")(.*?)(?:")/mi)
+              innerJSONStringRegex = Regexp.new(/(\\+)"#{value}\\+"\s*:\s*(\\+|\{).+?((?=(})|,( *|)(\s|\\+)\"(}*))|(?=}"$)|("}(?!\"|\\)))/mi)
+            else
+              # case sensitive
+              hashObjectRegex = Regexp.new(/(?::#{value}=>")(.*?)(?:")/m)
+              innerJSONStringRegex = Regexp.new(/(\\+)"#{value}\\+"\s*:\s*(\\+|\{).+?((?=(})|,( *|)(\s|\\+)\"(}*))|(?=}"$)|("}(?!\"|\\)))/m)
+            end
+
             @fields_to_mask.push(value)
 
-            hashObjectRegex = Regexp.new(/(?::#{value}=>")(.*?)(?:")/m) # mask element in hash object
             hashObjectRegexStringReplacement = ":#{value}=>\"#{MASK_STRING}\""
             @fields_to_mask_regex[hashObjectRegex] = hashObjectRegexStringReplacement
+            @fields_to_mask_keys[hashObjectRegex] = value
 
-            innerJSONStringRegex = Regexp.new(/(\\+)"#{value}\\+":\\+.+?((?=(})|,( *|)(\s|\\+)\")|(?=}"$))/m) # mask element in json string using capture groups that count the level of escaping inside the json string
             innerJSONStringRegexStringReplacement = "\\1\"#{value}\\1\":\\1\"#{MASK_STRING}\\1\""
             @fields_to_mask_regex[innerJSONStringRegex] = innerJSONStringRegexStringReplacement
+            @fields_to_mask_keys[innerJSONStringRegex] = value
           end
         end
 

data/lib/fluent/plugin/helpers.rb

@@ -0,0 +1,17 @@
+module Helpers
+  def myDig(input, path)
+    curr = input
+    for segment in path do
+      if curr != nil && curr.is_a?(Hash)
+        if curr[segment] == nil # segment is not a symbol
+          curr = curr[segment.to_s] # segment as string
+        else
+          curr = curr[segment] # segment as symbol
+        end
+      else
+        return nil
+      end
+    end
+    curr
+  end
+end

data/lib/fluent/plugin/version.rb

@@ -1,3 +1,3 @@
 module FilterMasking
-    VERSION = "1.0.7"
-end 
+    VERSION = "1.2.0"
+end

data/test/fields-to-mask

@@ -3,4 +3,5 @@ first_name
 last_name
 street
 number
-password
+password
+json_str_field

data/test/fields-to-mask-insensitive

@@ -0,0 +1,5 @@
+email/i
+first_name
+last_name/i
+street/i
+number

data/test/test_filter_masking.rb

@@ -1,5 +1,3 @@
-# test/plugin/test_filter_your_own.rb
-
 require "test-unit"
 require "fluent/test"
 require "fluent/test/driver/filter"
@@ -17,6 +15,17 @@ class YourOwnFilterTest < Test::Unit::TestCase
   # default configuration for tests
   CONFIG = %[
     fieldsToMaskFilePath test/fields-to-mask
+    fieldsToExcludeJSONPaths excludedField,exclude.path.nestedExcludedField
+  ]
+
+  # configuration for tests without exclude parameter
+  CONFIG_NO_EXCLUDE = %[
+    fieldsToMaskFilePath test/fields-to-mask
+  ]
+
+  # configuration for tests with case insensitive fields
+  CONFIG_CASE_INSENSITIVE = %[
+    fieldsToMaskFilePath test/fields-to-mask-insensitive
   ]
 
   def create_driver(conf = CONFIG)
@@ -33,9 +42,9 @@ class YourOwnFilterTest < Test::Unit::TestCase
     d.filtered_records
   end
 
-  sub_test_case 'plugin will mask all fields that need masking' do
+  sub_test_case 'plugin will mask all fields that need masking - case sensitive fields' do
     test 'mask field in hash object' do
-      conf = CONFIG
+      conf = CONFIG_NO_EXCLUDE
       messages = [
         {:not_masked_field=>"mickey-the-dog", :email=>"mickey-the-dog@zooz.com"}
       ]
@@ -93,5 +102,136 @@ class YourOwnFilterTest < Test::Unit::TestCase
       filtered_records = filter(conf, messages)
       assert_equal(expected, filtered_records)
     end
+    test 'mask field in hash object with exclude' do
+      conf = CONFIG
+      messages = [
+        {:not_masked_field=>"mickey-the-dog", :email=>"mickey-the-dog@zooz.com", :first_name=>"Micky", :excludedField=>"first_name"}
+      ]
+      expected = [
+        {:not_masked_field=>"mickey-the-dog", :email=>MASK_STRING, :first_name=>"Micky", :excludedField=>"first_name"}
+      ]
+      filtered_records = filter(conf, messages)
+      assert_equal(expected, filtered_records)
+    end
+    test 'mask field in hash object with nested exclude' do
+      conf = CONFIG
+      messages = [
+        {:not_masked_field=>"mickey-the-dog", :last_name=>"the dog", :email=>"mickey-the-dog@zooz.com", :first_name=>"Micky",  :exclude=>{:path=>{:nestedExcludedField=>"first_name,last_name"}}}
+      ]
+      expected = [
+        {:not_masked_field=>"mickey-the-dog", :last_name=>"the dog", :email=>MASK_STRING, :first_name=>"Micky", :exclude=>{:path=>{:nestedExcludedField=>"first_name,last_name"}}}
+      ]
+      filtered_records = filter(conf, messages)
+      assert_equal(expected, filtered_records)
+    end
+
+    test 'mask field in hash object with base and nested exclude' do
+      conf = CONFIG
+      messages = [
+        {:not_masked_field=>"mickey-the-dog", :last_name=>"the dog", :email=>"mickey-the-dog@zooz.com", :first_name=>"Micky", :excludedField=>"first_name", :exclude=>{:path=>{:nestedExcludedField=>"last_name"}}}
+      ]
+      expected = [
+        {:not_masked_field=>"mickey-the-dog", :last_name=>"the dog", :email=>MASK_STRING, :first_name=>"Micky", :excludedField=>"first_name", :exclude=>{:path=>{:nestedExcludedField=>"last_name"}}}
+      ]
+      filtered_records = filter(conf, messages)
+      assert_equal(expected, filtered_records)
+    end
+
+    test 'mask field in json string with exclude' do
+      conf = CONFIG
+      messages = [
+        { :body => "{\"first_name\":\"mickey\",\"last_name\":\"the-dog\", \"type\":\"puggle\"}", :excludedField=>"first_name" }
+      ]
+      expected = [
+        { :body => "{\"first_name\":\"mickey\",\"last_name\":\"*******\", \"type\":\"puggle\"}", :excludedField=>"first_name" }
+      ]
+      filtered_records = filter(conf, messages)
+      assert_equal(expected, filtered_records)
+    end
+
+    test 'mask field which is inner json string field (should mask the whole object)' do
+      conf = CONFIG
+      messages = [
+        {
+          :body => { 
+            :action_name => "some_action", 
+            :action_type => "some type",
+            :request => {
+              :body_str => "{\"str_field\":\"mickey\",\"json_str_field\": {\"id\":\"ed8a8378-3235-4923-b802-7700167d1870\"},\"not_mask\":\"some_value\"}"
+            }
+          },
+          :timestamp => "2020-06-08T16:00:57.341Z"
+        }
+      ]
+
+      expected = [
+        {
+          :body => { 
+            :action_name => "some_action", 
+            :action_type => "some type",
+            :request => {
+              :body_str => "{\"str_field\":\"mickey\",\"json_str_field\":\"*******\",\"not_mask\":\"some_value\"}"
+            }
+          },
+          :timestamp => "2020-06-08T16:00:57.341Z"
+        }
+      ]
+
+      filtered_records = filter(conf, messages)
+      assert_equal(expected, filtered_records)
+    end
+  end
+
+  sub_test_case 'plugin will mask all fields that need masking - case INSENSITIVE fields' do
+
+    test 'mask field in hash object with camel case' do
+      conf = CONFIG_CASE_INSENSITIVE
+      messages = [
+        {:not_masked_field=>"mickey-the-dog", :Email=>"mickey-the-dog@zooz.com"}
+      ]
+      expected = [
+        {:not_masked_field=>"mickey-the-dog", :email=>MASK_STRING}
+      ]
+      filtered_records = filter(conf, messages)
+      assert_equal(expected, filtered_records)
+    end
+
+    test 'not mask field in hash object since case not match' do
+      conf = CONFIG_CASE_INSENSITIVE
+      messages = [
+        {:not_masked_field=>"mickey-the-dog", :FIRST_NAME=>"mickey-the-dog@zooz.com"}
+      ]
+      expected = [
+        {:not_masked_field=>"mickey-the-dog", :FIRST_NAME=>"mickey-the-dog@zooz.com"}
+      ]
+      filtered_records = filter(conf, messages)
+      assert_equal(expected, filtered_records)
+    end
+
+    test 'mask field in hash object with snakecase' do
+      conf = CONFIG_CASE_INSENSITIVE
+      messages = [
+        {:not_masked_field=>"mickey-the-dog", :LaSt_NaMe=>"mickey-the-dog@zooz.com"}
+      ]
+      expected = [
+        {:not_masked_field=>"mickey-the-dog", :last_name=>MASK_STRING}
+      ]
+      filtered_records = filter(conf, messages)
+      assert_equal(expected, filtered_records)
+    end
+
+    test 'mask case insensitive and case sensitive field in nested json escaped string' do
+      conf = CONFIG_CASE_INSENSITIVE
+      messages = [
+        { :body => "{\"firsT_naMe\":\"mickey\",\"last_name\":\"the-dog\",\"address\":\"{\\\"Street\":\\\"Austin\\\",\\\"number\":\\\"89\\\"}\", \"type\":\"puggle\"}" } 
+      ]
+      expected = [
+        { :body => "{\"firsT_naMe\":\"mickey\",\"last_name\":\"*******\",\"address\":\"{\\\"street\\\":\\\"*******\\\",\\\"number\\\":\\\"*******\\\"}\", \"type\":\"puggle\"}" }
+      ]
+      filtered_records = filter(conf, messages)
+      assert_equal(expected, filtered_records)
+    end
+
   end
+
 end

data/test/test_helpers.rb

@@ -0,0 +1,42 @@
+require "test/unit"
+require "./lib/fluent/plugin/helpers.rb"
+
+class HelpersTest < Test::Unit::TestCase
+  m = Class.new do
+    include Helpers 
+  end.new
+  sub_test_case "myDig function" do
+    test "Call function with nil" do
+      t = m.myDig(nil ,[:a])
+      assert_equal(t, nil)
+    end
+    test "Not found" do
+      t = m.myDig({:b => "t"},[:a])
+      assert_equal(t, nil)
+    end
+    test "Found symbol" do
+      t = m.myDig({:a => "t"},[:a])
+      assert_equal(t, "t")
+    end
+    test "Found string when given symbol" do
+      t = m.myDig({"a" => "t"},[:a])
+      assert_equal(t, "t")
+    end
+    test "Found symbol nested" do
+      t = m.myDig({:a => {:b => "t"}},[:a, :b])
+      assert_equal(t, "t")
+    end
+    test "Found string when given symbol nested" do
+      t = m.myDig({"a" => {"b" => "t"}},[:a, :b])
+      assert_equal(t, "t")
+    end
+    test "Found hybrid string/symbol when given symbol nested" do
+      t = m.myDig({"a" => {:b => "t"}},[:a, :b])
+      assert_equal(t, "t")
+    end
+    test "Does not dig in string" do
+      t = m.myDig({"a" => {:b => "t"}},[:a, :b, :c])
+      assert_equal(t, nil)
+    end
+  end
+end

metadata

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-masking
 version: !ruby/object:Gem::Version
-  version: 1.0.7
+  version: 1.2.0
 platform: ruby
 authors:
 - Shai Moria
 - Niv Lipetz
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-09-18 00:00:00.000000000 Z
+date: 2021-03-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fluentd
@@ -25,34 +25,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.14.0
-- !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '12.0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '12.0'
 - !ruby/object:Gem::Dependency
   name: test-unit
   requirement: !ruby/object:Gem::Requirement
@@ -89,22 +61,23 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".circleci/config.yml"
 - ".gitignore"
-- ".gitlab-ci.yml"
 - Gemfile
-- Gemfile.lock
 - README.md
-- Rakefile
 - fluent-plugin-masking.gemspec
 - lib/fluent/plugin/filter_masking.rb
+- lib/fluent/plugin/helpers.rb
 - lib/fluent/plugin/version.rb
 - test/fields-to-mask
+- test/fields-to-mask-insensitive
 - test/test_filter_masking.rb
-homepage: https://github.com/zooz/fluent-plugin-masking
+- test/test_helpers.rb
+homepage: https://github.com/PayU/fluent-plugin-masking
 licenses:
 - Apache-2.0
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -112,7 +85,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.1'
+      version: 2.5.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
@@ -120,9 +93,13 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.0.3
-signing_key: 
+signing_key:
 specification_version: 4
 summary: Fluentd filter plugin to mask sensitive or privacy records with `*******`
   in place of the original value. This data masking plugin protects data such as name,
   email, phonenumber, address, and any other field you would like to mask.
-test_files: []
+test_files:
+- test/fields-to-mask
+- test/fields-to-mask-insensitive
+- test/test_filter_masking.rb
+- test/test_helpers.rb

data/.gitlab-ci.yml

@@ -1,73 +0,0 @@
-image: ruby:2.6.3
-
-# Cache gems in between builds
-cache:
-  key: ${CI_COMMIT_REF_SLUG}
-  paths:
-    - vendor/ruby
-
-before_script:
-  - gem install bundler:2.0.2
-  - bundle install -j $(nproc) --path vendor  # Install dependencies into ./vendor/ruby
-
-stages:
-  - test
-  - release
-
-variables:
-  DOCKER_TLS_CERTDIR: ""
-
-unit-test:
-  tags:
-    - dcos-multi-runner
-  stage: test
-  script:
-    - bundle exec rake test
-  except:
-    - tags
-
-.release: &release
-  tags:
-    - dcos-multi-runner
-  stage: release
-  before_script:
-    - echo "Setup ssh inside the runner.."
-    - git config --global user.email $GITLAB_USER_EMAIL
-    - git config --global user.name $GITLAB_USER_LOGIN
-    - 'which ssh-agent || ( apk --update add openssh-client )'
-    - eval $(ssh-agent -s)
-    - ssh-add <(echo "$SSH_PRIVATE_KEY")
-    - mkdir -p ~/.ssh
-    - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
-    - echo "Clone the source code.."
-    - GIT_URL=$(echo $CI_PROJECT_URL | cut -d'/' -f3)
-    - git clone git@$GIT_URL:$CI_PROJECT_PATH.git
-    - cd $CI_PROJECT_NAME
-    - git reset --hard $CI_COMMIT_SHA
-  script: 
-    - mkdir -p ~/.gem
-    - 'echo -e "---\n:rubygems_api_key: $GEM_HOST_API_KEY" > ~/.gem/credentials && echo "created gem credentials"'
-    - chmod 0600 ~/.gem/credentials
-    - gem install gem-release
-    - gem bump fluent-plugin-masking --version $TYPE --file ./lib/fluent/plugin/version.rb --commit --push --tag
-    - gem build fluent-plugin-masking.gemspec
-    - export VERSION=$(cat ./lib/fluent/plugin/version.rb | grep VERSION | sed -ne 's/[^0-9]*\(\([0-9]\.\)\{0,4\}[0-9][^.]\).*/\1/p' | sed 's/"$//')
-    - gem push fluent-plugin-masking-$VERSION.gem
-  when: manual
-  only:
-    - master
-  
-release:patch:
-  extends: .release
-  variables:
-    TYPE: patch
-
-release:minor:
-  extends: .release
-  variables:
-    TYPE: minor
-
-release:major:
-  extends: .release
-  variables:
-    TYPE: major

data/Gemfile.lock

@@ -1,55 +0,0 @@
-PATH
-  remote: .
-  specs:
-    fluent-plugin-masking (1.0.6)
-      fluentd (>= 0.14.0)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    cool.io (1.5.4)
-    dig_rb (1.0.1)
-    fluentd (1.6.3)
-      cool.io (>= 1.4.5, < 2.0.0)
-      dig_rb (~> 1.0.0)
-      http_parser.rb (>= 0.5.1, < 0.7.0)
-      msgpack (>= 0.7.0, < 2.0.0)
-      serverengine (>= 2.0.4, < 3.0.0)
-      sigdump (~> 0.2.2)
-      strptime (>= 0.2.2, < 1.0.0)
-      tzinfo (~> 1.0)
-      tzinfo-data (~> 1.0)
-      yajl-ruby (~> 1.0)
-    http_parser.rb (0.6.0)
-    msgpack (1.3.1)
-    power_assert (1.1.5)
-    rake (12.3.3)
-    rr (1.2.1)
-    serverengine (2.1.1)
-      sigdump (~> 0.2.2)
-    sigdump (0.2.4)
-    strptime (0.2.3)
-    test-unit (3.3.3)
-      power_assert
-    test-unit-rr (1.0.5)
-      rr (>= 1.1.1)
-      test-unit (>= 2.5.2)
-    thread_safe (0.3.6)
-    tzinfo (1.2.5)
-      thread_safe (~> 0.1)
-    tzinfo-data (1.2019.2)
-      tzinfo (>= 1.0.0)
-    yajl-ruby (1.4.1)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  bundler
-  fluent-plugin-masking!
-  rake (~> 12.0)
-  test-unit (>= 3.1.0)
-  test-unit-rr
-
-BUNDLED WITH
-   2.0.2

data/Rakefile

@@ -1,7 +0,0 @@
-# in Rakefile
-require 'rake/testtask'
-  Rake::TestTask.new(:test) do |test|
-  test.libs << 'lib' << 'test'
-  test.pattern = 'test/**/test_*.rb'
-  test.verbose = true
-end