hash_redactor 0.3.0 → 0.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/README.md +21 -1
- data/lib/hash_redactor/hash_redactor.rb +37 -20
- data/lib/hash_redactor/version.rb +1 -1
- metadata +16 -16
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: eca69bf2b5f130a0afe3ef33193d4ed55c98ca48
|
|
4
|
+
data.tar.gz: f7e4edb6b92df00dda255708107ee0de3a0de30d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0893ea5ff0f2b8baa7d5e3d68a46ef5c526a21e696d0c57efd99fda7087e68235f7b5a801ca096c1ed1e3703d870d82b8706d8c22af9f5774596dd7c75f02ccd
|
|
7
|
+
data.tar.gz: c713797930216d03b2a137f021782194a42b19cb34c3d60e37eaf125795b9da4753831d8e4b44f22cb59adc56408a4036b87b2383f317607572a2ad86ffe4d35
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,10 @@
|
|
|
1
1
|
# hash_redactor #
|
|
2
2
|
|
|
3
|
+
## 0.3.1 ##
|
|
4
|
+
* Fixed: nil values caused encryption to fail
|
|
5
|
+
* Added: digest_empty to improve performance on empty strings
|
|
6
|
+
* Changed: Improved performance when encrypt is passed an empty string
|
|
7
|
+
|
|
3
8
|
##0.3.0 ##
|
|
4
9
|
* Added: Whitelist mode (@chrisjensen)
|
|
5
10
|
* Fixed: redact + decrypt loop specs should check result is not empty (@chrisjensen)
|
data/README.md
CHANGED
|
@@ -123,7 +123,8 @@ Default options are:
|
|
|
123
123
|
encode: true,
|
|
124
124
|
encode_iv: true,
|
|
125
125
|
default_encoding: 'm',
|
|
126
|
-
filter_mode: :blacklist
|
|
126
|
+
filter_mode: :blacklist,
|
|
127
|
+
digest_empty: true
|
|
127
128
|
```
|
|
128
129
|
|
|
129
130
|
### :digest_salt
|
|
@@ -185,6 +186,25 @@ result[:age] # nil (because it wasn't explicitly whitelisted)
|
|
|
185
186
|
*Note:* To prevent accidental deletion of digest information during repeated loading and unloading data, the digest of all values is implicitly assumed to be :keep.
|
|
186
187
|
eg If your redact hash includes `:email => :digest`, it is assumed to also contain `:email_digest => :keep`
|
|
187
188
|
|
|
189
|
+
### digest_empty
|
|
190
|
+
Determines if the empty string or nil should be digested, defaults to true for backwards compatibility.
|
|
191
|
+
|
|
192
|
+
```
|
|
193
|
+
data = { empty: '', not_a_thing: nil }
|
|
194
|
+
|
|
195
|
+
redactor = HashRedactor::HashRedactor.new({
|
|
196
|
+
:empty => :digest, :not_a_thing => :digest
|
|
197
|
+
})
|
|
198
|
+
|
|
199
|
+
result = redactor.redact(data)
|
|
200
|
+
result[:empty_digest] # some digest
|
|
201
|
+
result[:not_a_thing_digest] # some digest
|
|
202
|
+
|
|
203
|
+
redactor.redact(data, digest_empty: false)
|
|
204
|
+
result[:empty_digest] # ''
|
|
205
|
+
result[:not_a_thing_digest] # nil
|
|
206
|
+
```
|
|
207
|
+
|
|
188
208
|
## Development
|
|
189
209
|
|
|
190
210
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run `bin/console` for an interactive prompt that will allow you to experiment.
|
|
@@ -18,7 +18,8 @@ module HashRedactor
|
|
|
18
18
|
encode: true,
|
|
19
19
|
encode_iv: true,
|
|
20
20
|
default_encoding: 'm',
|
|
21
|
-
filter_mode: :blacklist
|
|
21
|
+
filter_mode: :blacklist,
|
|
22
|
+
digest_empty: true
|
|
22
23
|
}
|
|
23
24
|
end
|
|
24
25
|
|
|
@@ -78,8 +79,13 @@ module HashRedactor
|
|
|
78
79
|
def digest(hash, hash_key, options)
|
|
79
80
|
dig_key = digest_key hash_key
|
|
80
81
|
|
|
81
|
-
|
|
82
|
-
|
|
82
|
+
# Don't digest the value if the user wants empty values to be untouched
|
|
83
|
+
if ((hash[hash_key].to_s != '') || options[:digest_empty])
|
|
84
|
+
hash[dig_key] = Digest::SHA256.base64digest(
|
|
85
|
+
hash[hash_key].to_s + options[:digest_salt])
|
|
86
|
+
else
|
|
87
|
+
hash[dig_key] = hash[hash_key]
|
|
88
|
+
end
|
|
83
89
|
end
|
|
84
90
|
|
|
85
91
|
def encrypt(hash, hash_key, options)
|
|
@@ -92,15 +98,21 @@ module HashRedactor
|
|
|
92
98
|
data_key = data_key.to_sym
|
|
93
99
|
iv_key = iv_key.to_sym
|
|
94
100
|
end
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
101
|
+
|
|
102
|
+
# Don't try to encrypt nil
|
|
103
|
+
if hash[hash_key].nil?
|
|
104
|
+
encrypted_value = nil
|
|
105
|
+
iv = nil
|
|
106
|
+
else
|
|
107
|
+
crypt_key = options[:encryption_key]
|
|
108
|
+
iv = SecureRandom.random_bytes(12)
|
|
98
109
|
|
|
99
|
-
|
|
100
|
-
|
|
110
|
+
encrypted_value = EncryptorInterface.encrypt(:data,
|
|
111
|
+
hash[hash_key], iv: iv, key: crypt_key)
|
|
101
112
|
|
|
102
|
-
|
|
103
|
-
|
|
113
|
+
encrypted_value = [encrypted_value].pack(options[:encode]) if options[:encode]
|
|
114
|
+
iv = [iv].pack(options[:encode_iv]) if options[:encode_iv]
|
|
115
|
+
end
|
|
104
116
|
|
|
105
117
|
hash[data_key] = encrypted_value
|
|
106
118
|
hash[iv_key] = iv
|
|
@@ -136,21 +148,26 @@ module HashRedactor
|
|
|
136
148
|
end
|
|
137
149
|
|
|
138
150
|
if (result.has_key? data_key)
|
|
139
|
-
|
|
140
|
-
|
|
151
|
+
if result[data_key].nil?
|
|
152
|
+
decrypted_value = nil
|
|
153
|
+
else
|
|
154
|
+
iv = result[iv_key]
|
|
155
|
+
crypt_key = options[:encryption_key]
|
|
141
156
|
|
|
142
|
-
|
|
157
|
+
encrypted_value = result[data_key]
|
|
143
158
|
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
159
|
+
# Decode if necessary
|
|
160
|
+
iv = iv.unpack(options[:encode_iv]).first if options[:encode_iv]
|
|
161
|
+
encrypted_value = encrypted_value.unpack(options[:encode]).first if options[:encode]
|
|
147
162
|
|
|
148
|
-
|
|
149
|
-
|
|
163
|
+
decrypted_value = EncryptorInterface.decrypt(:data, encrypted_value,
|
|
164
|
+
iv: iv, key: crypt_key)
|
|
165
|
+
|
|
166
|
+
result.delete data_key
|
|
167
|
+
result.delete iv_key
|
|
168
|
+
end
|
|
150
169
|
|
|
151
170
|
result[hash_key] = decrypted_value
|
|
152
|
-
result.delete data_key
|
|
153
|
-
result.delete iv_key
|
|
154
171
|
end
|
|
155
172
|
end
|
|
156
173
|
|
metadata
CHANGED
|
@@ -1,69 +1,69 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: hash_redactor
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chris Jensen
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-07-
|
|
11
|
+
date: 2016-07-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: attr_encrypted
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - ~>
|
|
17
|
+
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
19
|
version: 3.0.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
|
-
- - ~>
|
|
24
|
+
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
26
|
version: 3.0.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: rake
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
|
-
- - ~>
|
|
31
|
+
- - "~>"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
33
|
version: '10.0'
|
|
34
34
|
type: :development
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
|
-
- - ~>
|
|
38
|
+
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '10.0'
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: rspec
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
44
44
|
requirements:
|
|
45
|
-
- - ~>
|
|
45
|
+
- - "~>"
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
47
|
version: '2.14'
|
|
48
48
|
type: :development
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
|
-
- - ~>
|
|
52
|
+
- - "~>"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
54
|
version: '2.14'
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
56
|
name: codeclimate-test-reporter
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
58
58
|
requirements:
|
|
59
|
-
- -
|
|
59
|
+
- - ">="
|
|
60
60
|
- !ruby/object:Gem::Version
|
|
61
61
|
version: '0'
|
|
62
62
|
type: :development
|
|
63
63
|
prerelease: false
|
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
65
65
|
requirements:
|
|
66
|
-
- -
|
|
66
|
+
- - ">="
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
68
|
version: '0'
|
|
69
69
|
description: Removes, digests or encrypts selected values in a ruby hash
|
|
@@ -73,9 +73,9 @@ executables: []
|
|
|
73
73
|
extensions: []
|
|
74
74
|
extra_rdoc_files: []
|
|
75
75
|
files:
|
|
76
|
-
- .gitignore
|
|
77
|
-
- .rspec
|
|
78
|
-
- .travis.yml
|
|
76
|
+
- ".gitignore"
|
|
77
|
+
- ".rspec"
|
|
78
|
+
- ".travis.yml"
|
|
79
79
|
- CHANGELOG.md
|
|
80
80
|
- CODE_OF_CONDUCT.md
|
|
81
81
|
- Gemfile
|
|
@@ -98,17 +98,17 @@ require_paths:
|
|
|
98
98
|
- lib
|
|
99
99
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
100
100
|
requirements:
|
|
101
|
-
- -
|
|
101
|
+
- - ">="
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
103
|
version: '0'
|
|
104
104
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
105
105
|
requirements:
|
|
106
|
-
- -
|
|
106
|
+
- - ">="
|
|
107
107
|
- !ruby/object:Gem::Version
|
|
108
108
|
version: '0'
|
|
109
109
|
requirements: []
|
|
110
110
|
rubyforge_project:
|
|
111
|
-
rubygems_version: 2.4.
|
|
111
|
+
rubygems_version: 2.4.8
|
|
112
112
|
signing_key:
|
|
113
113
|
specification_version: 4
|
|
114
114
|
summary: Redact specified values in a hash
|