fluent-plugin-maskrx 0.0.1.beta1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 45025880984ced2282ac66208cc5966fedc32496
4
+ data.tar.gz: fd67a25b59aca551f1a55dd5eaec70f465dd330a
5
+ SHA512:
6
+ metadata.gz: d861b468466096d4b78c1ea844f6732e578bef7bc5aff7c337bfda86af937850dc8976b6ab830e58ee26b801d218b02840fddbe9a6835749b478120240d8aec8
7
+ data.tar.gz: fbef82c26eb680b4e25ea2614a0c2c478572b26863eeaf6fb99262c374d50d87c3a6f5c515eab3c5c464759c0ea3b472758f7b52812fbaa708a924386c62ec58
data/.gitignore ADDED
@@ -0,0 +1,2 @@
1
+ .bundle
2
+ Gemfile.lock
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source "http://rubygems.org"
2
+
3
+ # Specify your gem's dependencies in fluent-plugin-maskrx.gemspec
4
+ gemspec
data/LICENSE ADDED
@@ -0,0 +1,22 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2021 Joshua Mervine
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
22
+
data/README.md ADDED
@@ -0,0 +1,46 @@
1
+ # fluentd-plugin-maskrx
2
+
3
+ A simple Fluentd filter plugin to mask string events using a regex.
4
+
5
+ ### Configurations
6
+
7
+ | Block | Config | Default | Desc |
8
+ | ----- | ------ | ------- | ---- |
9
+ | mask | keys | nil | (Array) Keys to perform mask on, if none than all keys are filtered. |
10
+ | mask | pattern | nil | (Regexp) REQUIRED: Ruby Regexp matching one or more strings within a record key. |
11
+ | mask | mask | \*\*\*\*\*\*\*\* | (String) The mask string to be used in replacing the matched strings within the record. |
12
+
13
+ #### Example configuration
14
+
15
+ ```
16
+ <filter **>
17
+ @type maskrx
18
+
19
+ <mask>
20
+ pattern /password=([.[^ ]]+)(?: |$)/
21
+ mask xxxxx
22
+ </mask>
23
+ <mask>
24
+ keys token, accesskey
25
+ pattern /^.+$/
26
+ </mask>
27
+ </filter>
28
+ ```
29
+
30
+ ##### Example record
31
+ ```
32
+ {
33
+ "message":"This is a password=foobarbah",
34
+ "password":"password=foobarbah",
35
+ "token": "some-token"
36
+ }
37
+ ```
38
+
39
+ ##### Example output
40
+ ```
41
+ {
42
+ "message":"This is a password=xxxxx",
43
+ "password":"password=foobarbah",
44
+ "token": "some-token"
45
+ }
46
+ ```
data/Rakefile ADDED
@@ -0,0 +1,9 @@
1
+ require "bundler/gem_tasks"
2
+ require "rake/testtask"
3
+ Rake::TestTask.new(:test) do |test|
4
+ test.libs << 'lib' << 'test'
5
+ test.pattern = 'test/**/test_*.rb'
6
+ test.verbose = true
7
+ end
8
+
9
+ task :default => :test
@@ -0,0 +1,25 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+
5
+ Gem::Specification.new do |spec|
6
+ spec.name = "fluent-plugin-maskrx"
7
+ spec.version = "0.0.1.beta1"
8
+ spec.authors = ["Joshua Mervine"]
9
+ spec.email = ["joshua@mervine.net"]
10
+ spec.summary = %q{Fluentd filter plugin to mask strings within records.}
11
+ spec.homepage = "https://github.com/jmervine/fluent-plugin-maskrx"
12
+ spec.license = "MIT"
13
+
14
+ spec.files = `git ls-files`.split($/)
15
+ spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
16
+ spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
17
+ spec.require_paths = ["lib"]
18
+
19
+ spec.add_development_dependency "bundler"
20
+ spec.add_development_dependency "rake"
21
+ spec.add_development_dependency "pry"
22
+ spec.add_development_dependency "test-unit", "~> 3"
23
+ spec.add_runtime_dependency "fluentd", [">= 0.14.0", "< 2"]
24
+ end
25
+
@@ -0,0 +1,57 @@
1
+ require 'fluent/plugin/filter'
2
+
3
+ module Fluent::Plugin
4
+ class MaskRxFilter < Filter
5
+ Fluent::Plugin.register_filter('maskrx', self)
6
+
7
+ config_section :mask, param_name: :mask_config_list, required: true, multi: true do
8
+ config_param :keys, :array, default: nil
9
+ config_param :pattern, :regexp, default: nil
10
+ config_param :mask, :string, default: '********'
11
+ end
12
+
13
+ def initialize
14
+ super
15
+ end
16
+
17
+ def configure(conf)
18
+ super
19
+ end
20
+
21
+ def filter(_, _, record)
22
+ @mask_config_list.each do |config|
23
+ raise Fluent::ConfigError, "pattern is required" if config.pattern.nil?
24
+
25
+ record = mask_record(config, record)
26
+ end
27
+
28
+ record
29
+ end
30
+
31
+ protected
32
+ def mask_record(config, record)
33
+ keys = (config.keys.nil? ? record.keys : config.keys)
34
+
35
+ keys.each do |key|
36
+ record[key] = mask_key_value(config.pattern, config.mask, record[key]) unless record[key].nil?
37
+ end
38
+
39
+ return record
40
+ end
41
+
42
+ def mask_key_value(pattern, mask, value)
43
+ match = value.match(pattern)
44
+
45
+ return value unless match
46
+
47
+ match = match.to_a
48
+ match = match.to_a.drop(1) if match.size > 1
49
+
50
+ match.each do |m|
51
+ value.gsub!(m, mask)
52
+ end
53
+
54
+ return value
55
+ end
56
+ end
57
+ end
data/test/helper.rb ADDED
@@ -0,0 +1,8 @@
1
+ require 'bundler/setup'
2
+ require 'test/unit'
3
+ require 'pry'
4
+
5
+ $LOAD_PATH.unshift(File.join(__dir__, '..', 'lib'))
6
+ $LOAD_PATH.unshift(__dir__)
7
+ require 'fluent/test'
8
+ require 'fluent/test/helpers'
@@ -0,0 +1,69 @@
1
+ require 'helper'
2
+ require 'fluent/test/driver/filter'
3
+ require 'fluent/plugin/filter_maskrx'
4
+
5
+ class MaskRxFilterTest < Test::Unit::TestCase
6
+ CONFIG = %[
7
+ <mask>
8
+ pattern /password=([.[^ ]]+)(?: |$)/
9
+ mask xxxxx
10
+ </mask>
11
+ <mask>
12
+ keys token, accesskey
13
+ pattern /^.+$/
14
+ </mask>
15
+ ]
16
+
17
+ def setup
18
+ omit_unless(Fluent.const_defined?(:Filter))
19
+ Fluent::Test.setup
20
+ @time = Fluent::Engine.now
21
+
22
+ @filtered = filter([{
23
+ "ident" => "foo",
24
+ "message" => "Loop iteration 5488, example password=th!s1sap@$$w0rd and it should be masked.",
25
+ "password" => "password=th!s1sap@$$w0rd",
26
+ "token" => "this-is-a-token",
27
+ "accesskey" => "this-is-an-access_key"
28
+ }]).first
29
+ end
30
+
31
+ def create_driver(conf=CONFIG)
32
+ Fluent::Test::Driver::Filter.new(Fluent::Plugin::MaskRxFilter).configure(conf)
33
+ end
34
+
35
+ def filter(messages, conf=CONFIG)
36
+ d = create_driver(conf)
37
+
38
+ d.run(default_tag: 'test', start: true, shutdown: false) do
39
+ messages.each do |message|
40
+ d.feed(message)
41
+ end
42
+ end
43
+
44
+ d.filtered_records
45
+ end
46
+
47
+ sub_test_case 'configuration' do
48
+ test 'empty config' do
49
+ assert_raise(Fluent::ConfigError) do
50
+ create_driver('')
51
+ end
52
+ end
53
+ end
54
+
55
+ sub_test_case 'masking' do
56
+ test 'without keys' do
57
+ assert_equal 'password=xxxxx', @filtered["password"]
58
+
59
+ assert_equal \
60
+ 'Loop iteration 5488, example password=xxxxx and it should be masked.', \
61
+ @filtered["message"]
62
+ end
63
+
64
+ test 'with keys' do
65
+ assert_equal '********', @filtered["token"]
66
+ assert_equal '********', @filtered["accesskey"]
67
+ end
68
+ end
69
+ end
metadata ADDED
@@ -0,0 +1,131 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: fluent-plugin-maskrx
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1.beta1
5
+ platform: ruby
6
+ authors:
7
+ - Joshua Mervine
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2021-09-15 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: rake
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: pry
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: test-unit
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '3'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '3'
69
+ - !ruby/object:Gem::Dependency
70
+ name: fluentd
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - ">="
74
+ - !ruby/object:Gem::Version
75
+ version: 0.14.0
76
+ - - "<"
77
+ - !ruby/object:Gem::Version
78
+ version: '2'
79
+ type: :runtime
80
+ prerelease: false
81
+ version_requirements: !ruby/object:Gem::Requirement
82
+ requirements:
83
+ - - ">="
84
+ - !ruby/object:Gem::Version
85
+ version: 0.14.0
86
+ - - "<"
87
+ - !ruby/object:Gem::Version
88
+ version: '2'
89
+ description:
90
+ email:
91
+ - joshua@mervine.net
92
+ executables: []
93
+ extensions: []
94
+ extra_rdoc_files: []
95
+ files:
96
+ - ".gitignore"
97
+ - Gemfile
98
+ - LICENSE
99
+ - README.md
100
+ - Rakefile
101
+ - filter-plugin-maskrx.gemspec
102
+ - lib/fluent/plugin/filter_maskrx.rb
103
+ - test/helper.rb
104
+ - test/plugin/test_filter_maskrx.rb
105
+ homepage: https://github.com/jmervine/fluent-plugin-maskrx
106
+ licenses:
107
+ - MIT
108
+ metadata: {}
109
+ post_install_message:
110
+ rdoc_options: []
111
+ require_paths:
112
+ - lib
113
+ required_ruby_version: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - ">="
116
+ - !ruby/object:Gem::Version
117
+ version: '0'
118
+ required_rubygems_version: !ruby/object:Gem::Requirement
119
+ requirements:
120
+ - - ">"
121
+ - !ruby/object:Gem::Version
122
+ version: 1.3.1
123
+ requirements: []
124
+ rubyforge_project:
125
+ rubygems_version: 2.5.2
126
+ signing_key:
127
+ specification_version: 4
128
+ summary: Fluentd filter plugin to mask strings within records.
129
+ test_files:
130
+ - test/helper.rb
131
+ - test/plugin/test_filter_maskrx.rb