httpigeon 2.4.2 → 2.4.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 634475756f1a58d6586feccfcd2dd7bc9fcbf02fce50a3a9eca04b79d3cc5380
4
- data.tar.gz: b762c69ed489b18e50b818dea741c2584c15d409e5e61af51c5155a6a226bc41
3
+ metadata.gz: 0b8d669487635648819946f6e0dc0397d455a8c9e94f3910237f87b44ba83baa
4
+ data.tar.gz: c8d74069ffcbc45b04fbbce70fd773fe61de28ca0653c36373f22b025ed0616d
5
5
  SHA512:
6
- metadata.gz: 101f7f013bb4a0d0ef22139027e69b6778419afc0c6ab4ab415e5a8e20873b9814ecd25f25da3932207acf29f531dd76f22ddddbf11f94e675a3c15b6367d2e9
7
- data.tar.gz: 4dcdaedcb617d073dfc75ce7ef1c80a1199f78bb7cf0d244c87cb48ecaccba3170123311cb1b5667b1db20adcecab3921e5d67403ae6b815a9221b82c104c24c
6
+ metadata.gz: c1310fd845d9e301ef72f653f92d90df00c59437f8bd930ca028a30ba63901399ebe474acf107e4d120051e5d972b2dc8fa1c77be707a692ac3f6376465766b6
7
+ data.tar.gz: f32e7f66c863a1bec098504328e6321d4b41d3a3276517169c7735b6547c50fc26cb43ff802b6c4a6b180c0dce95139ccac335bb4dd55dad8f3527109c427329
data/CHANGELOG.md CHANGED
@@ -1,5 +1,19 @@
1
1
  # Changelog
2
2
 
3
+ ## [2.4.4](https://github.com/dailypay/httpigeon/compare/v2.4.3...v2.4.4) (2026-07-17)
4
+
5
+
6
+ ### Bug Fixes
7
+
8
+ * **ASV-4361:** close five log-redaction and dispatch findings ([#64](https://github.com/dailypay/httpigeon/issues/64)) ([ef56054](https://github.com/dailypay/httpigeon/commit/ef5605465787d5cea1cce6f39ffd96763502a968))
9
+
10
+ ## [2.4.3](https://github.com/dailypay/httpigeon/compare/v2.4.2...v2.4.3) (2026-05-01)
11
+
12
+
13
+ ### Bug Fixes
14
+
15
+ * **ASV-4003:** Fix default filter regex patterns ([#61](https://github.com/dailypay/httpigeon/issues/61)) ([8cb6d37](https://github.com/dailypay/httpigeon/commit/8cb6d37c0d441507f0c18b19ea1b406fca2b5d6b))
16
+
3
17
  ## [2.4.2](https://github.com/dailypay/httpigeon/compare/v2.4.1...v2.4.2) (2026-02-18)
4
18
 
5
19
 
@@ -48,15 +48,21 @@ module HTTPigeon
48
48
 
49
49
  if filter.present?
50
50
  replacement = filter.split('::')[1].presence
51
- v = replacement.present? ? replacement : redact_value(v)
52
- end
53
-
54
- if v.is_a?(Hash)
55
- [k, redact_hash(v)]
56
- elsif v.is_a?(Array)
57
- [k, v.map { |val| redact(val) }]
58
- else
51
+ # Replace collections wholesale; partial redaction leaks bytes of
52
+ # nested secrets.
53
+ v = if replacement.present?
54
+ replacement
55
+ elsif v.is_a?(Hash) || v.is_a?(Array)
56
+ HTTPigeon.redactor_string
57
+ else
58
+ redact_value(v)
59
+ end
59
60
  [k, v]
61
+ else
62
+ # Recurse through the dispatcher so nested values redact like
63
+ # top-level ones. This runs content/regex filters over string
64
+ # values too (e.g. secrets in JSON bodies).
65
+ [k, redact(v)]
60
66
  end
61
67
  end
62
68
  end
@@ -67,13 +73,23 @@ module HTTPigeon
67
73
 
68
74
  next unless pattern.match?(%r{^/.*/([guysim]*)$})
69
75
 
76
+ regex = regex_for(pattern)
77
+
70
78
  data = if replacement.present?
71
- data.gsub(regex_for(pattern), replacement)
79
+ # Block form keeps the replacement literal; the string form
80
+ # expands backreferences (\1, \&) and re-emits the secret.
81
+ data.gsub(regex) { replacement }
72
82
  else
73
- data.gsub(regex_for(pattern)) do |sub|
74
- captures = sub.match(regex_for(pattern))&.captures
75
-
76
- captures.present? ? captures[0] + redact_value(captures[1]) : sub
83
+ data.gsub(regex) do |sub|
84
+ captures = Regexp.last_match&.captures
85
+
86
+ # A zero-width capture yields nil; skip it rather than
87
+ # concatenating nil and raising TypeError.
88
+ if captures.present? && !captures[1].nil?
89
+ captures[0] + redact_value(captures[1])
90
+ else
91
+ sub
92
+ end
77
93
  end
78
94
  end
79
95
  end
@@ -84,12 +84,12 @@ module HTTPigeon
84
84
 
85
85
  raw_response = if HTTPigeon.mount_circuit_breaker
86
86
  fuse.execute(request_id: connection.headers[REQUEST_ID_HEADER]) do
87
- connection.send(method, path, payload) do |request|
87
+ connection.send(sym_method, path, payload) do |request|
88
88
  yield(request) if block_given?
89
89
  end
90
90
  end
91
91
  else
92
- connection.send(method, path, payload) do |request|
92
+ connection.send(sym_method, path, payload) do |request|
93
93
  yield(request) if block_given?
94
94
  end
95
95
  end
@@ -1,3 +1,3 @@
1
1
  module HTTPigeon
2
- VERSION = "2.4.2".freeze
2
+ VERSION = "2.4.4".freeze
3
3
  end
data/lib/httpigeon.rb CHANGED
@@ -12,11 +12,11 @@ module HTTPigeon
12
12
  extend self
13
13
 
14
14
  module FilterPatterns
15
- EMAIL = "/(?'key'(email_?(address|Address)?=))(?'value'(.*\\.[a-z]+))(&|$)/".freeze
16
- PASSWORD = "/(?'key'(pass_?(w|W)?ord=))(?'value'([^&$])*)/".freeze
17
- USERNAME = "/(?'key'(user_?(n|N)?ame=))(?'value'([^&$])*)/".freeze
18
- CLIENT_ID = "/(?'key'(client_?(id|Id)?=))(?'value'([^&$])*)/".freeze
19
- CLIENT_SECRET = "/(?'key'(client_?(s|S)?ecret=))(?'value'([^&$])*)/".freeze
15
+ EMAIL = "/(?'key'(email_?(address|Address)?=))(?'value'([^&\\n\\r]*\\.[a-z]+))(?=&|$)/".freeze
16
+ PASSWORD = "/(?'key'(pass_?(w|W)?ord=))(?'value'([^&\\n\\r])*)/".freeze
17
+ USERNAME = "/(?'key'(user_?(n|N)?ame=))(?'value'([^&\\n\\r])*)/".freeze
18
+ CLIENT_ID = "/(?'key'(client_?(id|Id)?=))(?'value'([^&\\n\\r])*)/".freeze
19
+ CLIENT_SECRET = "/(?'key'(client_?(s|S)?ecret=))(?'value'([^&\\n\\r])*)/".freeze
20
20
  end
21
21
 
22
22
  class InvalidConfigurationError < StandardError; end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: httpigeon
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.4.2
4
+ version: 2.4.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - 2k-joker
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2026-02-18 00:00:00.000000000 Z
11
+ date: 2026-07-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: faraday