hash_redactor 0.3.0 → 0.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/README.md +21 -1
- data/lib/hash_redactor/hash_redactor.rb +37 -20
- data/lib/hash_redactor/version.rb +1 -1
- metadata +16 -16
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: eca69bf2b5f130a0afe3ef33193d4ed55c98ca48
|
4
|
+
data.tar.gz: f7e4edb6b92df00dda255708107ee0de3a0de30d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0893ea5ff0f2b8baa7d5e3d68a46ef5c526a21e696d0c57efd99fda7087e68235f7b5a801ca096c1ed1e3703d870d82b8706d8c22af9f5774596dd7c75f02ccd
|
7
|
+
data.tar.gz: c713797930216d03b2a137f021782194a42b19cb34c3d60e37eaf125795b9da4753831d8e4b44f22cb59adc56408a4036b87b2383f317607572a2ad86ffe4d35
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,10 @@
|
|
1
1
|
# hash_redactor #
|
2
2
|
|
3
|
+
## 0.3.1 ##
|
4
|
+
* Fixed: nil values caused encryption to fail
|
5
|
+
* Added: digest_empty to improve performance on empty strings
|
6
|
+
* Changed: Improved performance when encrypt is passed an empty string
|
7
|
+
|
3
8
|
##0.3.0 ##
|
4
9
|
* Added: Whitelist mode (@chrisjensen)
|
5
10
|
* Fixed: redact + decrypt loop specs should check result is not empty (@chrisjensen)
|
data/README.md
CHANGED
@@ -123,7 +123,8 @@ Default options are:
|
|
123
123
|
encode: true,
|
124
124
|
encode_iv: true,
|
125
125
|
default_encoding: 'm',
|
126
|
-
filter_mode: :blacklist
|
126
|
+
filter_mode: :blacklist,
|
127
|
+
digest_empty: true
|
127
128
|
```
|
128
129
|
|
129
130
|
### :digest_salt
|
@@ -185,6 +186,25 @@ result[:age] # nil (because it wasn't explicitly whitelisted)
|
|
185
186
|
*Note:* To prevent accidental deletion of digest information during repeated loading and unloading data, the digest of all values is implicitly assumed to be :keep.
|
186
187
|
eg If your redact hash includes `:email => :digest`, it is assumed to also contain `:email_digest => :keep`
|
187
188
|
|
189
|
+
### digest_empty
|
190
|
+
Determines if the empty string or nil should be digested, defaults to true for backwards compatibility.
|
191
|
+
|
192
|
+
```
|
193
|
+
data = { empty: '', not_a_thing: nil }
|
194
|
+
|
195
|
+
redactor = HashRedactor::HashRedactor.new({
|
196
|
+
:empty => :digest, :not_a_thing => :digest
|
197
|
+
})
|
198
|
+
|
199
|
+
result = redactor.redact(data)
|
200
|
+
result[:empty_digest] # some digest
|
201
|
+
result[:not_a_thing_digest] # some digest
|
202
|
+
|
203
|
+
redactor.redact(data, digest_empty: false)
|
204
|
+
result[:empty_digest] # ''
|
205
|
+
result[:not_a_thing_digest] # nil
|
206
|
+
```
|
207
|
+
|
188
208
|
## Development
|
189
209
|
|
190
210
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run `bin/console` for an interactive prompt that will allow you to experiment.
|
@@ -18,7 +18,8 @@ module HashRedactor
|
|
18
18
|
encode: true,
|
19
19
|
encode_iv: true,
|
20
20
|
default_encoding: 'm',
|
21
|
-
filter_mode: :blacklist
|
21
|
+
filter_mode: :blacklist,
|
22
|
+
digest_empty: true
|
22
23
|
}
|
23
24
|
end
|
24
25
|
|
@@ -78,8 +79,13 @@ module HashRedactor
|
|
78
79
|
def digest(hash, hash_key, options)
|
79
80
|
dig_key = digest_key hash_key
|
80
81
|
|
81
|
-
|
82
|
-
|
82
|
+
# Don't digest the value if the user wants empty values to be untouched
|
83
|
+
if ((hash[hash_key].to_s != '') || options[:digest_empty])
|
84
|
+
hash[dig_key] = Digest::SHA256.base64digest(
|
85
|
+
hash[hash_key].to_s + options[:digest_salt])
|
86
|
+
else
|
87
|
+
hash[dig_key] = hash[hash_key]
|
88
|
+
end
|
83
89
|
end
|
84
90
|
|
85
91
|
def encrypt(hash, hash_key, options)
|
@@ -92,15 +98,21 @@ module HashRedactor
|
|
92
98
|
data_key = data_key.to_sym
|
93
99
|
iv_key = iv_key.to_sym
|
94
100
|
end
|
95
|
-
|
96
|
-
|
97
|
-
|
101
|
+
|
102
|
+
# Don't try to encrypt nil
|
103
|
+
if hash[hash_key].nil?
|
104
|
+
encrypted_value = nil
|
105
|
+
iv = nil
|
106
|
+
else
|
107
|
+
crypt_key = options[:encryption_key]
|
108
|
+
iv = SecureRandom.random_bytes(12)
|
98
109
|
|
99
|
-
|
100
|
-
|
110
|
+
encrypted_value = EncryptorInterface.encrypt(:data,
|
111
|
+
hash[hash_key], iv: iv, key: crypt_key)
|
101
112
|
|
102
|
-
|
103
|
-
|
113
|
+
encrypted_value = [encrypted_value].pack(options[:encode]) if options[:encode]
|
114
|
+
iv = [iv].pack(options[:encode_iv]) if options[:encode_iv]
|
115
|
+
end
|
104
116
|
|
105
117
|
hash[data_key] = encrypted_value
|
106
118
|
hash[iv_key] = iv
|
@@ -136,21 +148,26 @@ module HashRedactor
|
|
136
148
|
end
|
137
149
|
|
138
150
|
if (result.has_key? data_key)
|
139
|
-
|
140
|
-
|
151
|
+
if result[data_key].nil?
|
152
|
+
decrypted_value = nil
|
153
|
+
else
|
154
|
+
iv = result[iv_key]
|
155
|
+
crypt_key = options[:encryption_key]
|
141
156
|
|
142
|
-
|
157
|
+
encrypted_value = result[data_key]
|
143
158
|
|
144
|
-
|
145
|
-
|
146
|
-
|
159
|
+
# Decode if necessary
|
160
|
+
iv = iv.unpack(options[:encode_iv]).first if options[:encode_iv]
|
161
|
+
encrypted_value = encrypted_value.unpack(options[:encode]).first if options[:encode]
|
147
162
|
|
148
|
-
|
149
|
-
|
163
|
+
decrypted_value = EncryptorInterface.decrypt(:data, encrypted_value,
|
164
|
+
iv: iv, key: crypt_key)
|
165
|
+
|
166
|
+
result.delete data_key
|
167
|
+
result.delete iv_key
|
168
|
+
end
|
150
169
|
|
151
170
|
result[hash_key] = decrypted_value
|
152
|
-
result.delete data_key
|
153
|
-
result.delete iv_key
|
154
171
|
end
|
155
172
|
end
|
156
173
|
|
metadata
CHANGED
@@ -1,69 +1,69 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: hash_redactor
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Chris Jensen
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-07-
|
11
|
+
date: 2016-07-27 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: attr_encrypted
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- - ~>
|
17
|
+
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
19
|
version: 3.0.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- - ~>
|
24
|
+
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: 3.0.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: rake
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
|
-
- - ~>
|
31
|
+
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
33
|
version: '10.0'
|
34
34
|
type: :development
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
|
-
- - ~>
|
38
|
+
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: '10.0'
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: rspec
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
|
-
- - ~>
|
45
|
+
- - "~>"
|
46
46
|
- !ruby/object:Gem::Version
|
47
47
|
version: '2.14'
|
48
48
|
type: :development
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
|
-
- - ~>
|
52
|
+
- - "~>"
|
53
53
|
- !ruby/object:Gem::Version
|
54
54
|
version: '2.14'
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
56
|
name: codeclimate-test-reporter
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
58
58
|
requirements:
|
59
|
-
- -
|
59
|
+
- - ">="
|
60
60
|
- !ruby/object:Gem::Version
|
61
61
|
version: '0'
|
62
62
|
type: :development
|
63
63
|
prerelease: false
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
65
65
|
requirements:
|
66
|
-
- -
|
66
|
+
- - ">="
|
67
67
|
- !ruby/object:Gem::Version
|
68
68
|
version: '0'
|
69
69
|
description: Removes, digests or encrypts selected values in a ruby hash
|
@@ -73,9 +73,9 @@ executables: []
|
|
73
73
|
extensions: []
|
74
74
|
extra_rdoc_files: []
|
75
75
|
files:
|
76
|
-
- .gitignore
|
77
|
-
- .rspec
|
78
|
-
- .travis.yml
|
76
|
+
- ".gitignore"
|
77
|
+
- ".rspec"
|
78
|
+
- ".travis.yml"
|
79
79
|
- CHANGELOG.md
|
80
80
|
- CODE_OF_CONDUCT.md
|
81
81
|
- Gemfile
|
@@ -98,17 +98,17 @@ require_paths:
|
|
98
98
|
- lib
|
99
99
|
required_ruby_version: !ruby/object:Gem::Requirement
|
100
100
|
requirements:
|
101
|
-
- -
|
101
|
+
- - ">="
|
102
102
|
- !ruby/object:Gem::Version
|
103
103
|
version: '0'
|
104
104
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
105
105
|
requirements:
|
106
|
-
- -
|
106
|
+
- - ">="
|
107
107
|
- !ruby/object:Gem::Version
|
108
108
|
version: '0'
|
109
109
|
requirements: []
|
110
110
|
rubyforge_project:
|
111
|
-
rubygems_version: 2.4.
|
111
|
+
rubygems_version: 2.4.8
|
112
112
|
signing_key:
|
113
113
|
specification_version: 4
|
114
114
|
summary: Redact specified values in a hash
|