lhc 13.2.0 → 13.4.0.pre.pro1766.1

data/lib/lhc.rb

@@ -6,131 +6,142 @@ require 'active_support/core_ext/hash/keys'
 
 module LHC
   autoload :BasicMethodsConcern,
-    'lhc/concerns/lhc/basic_methods_concern'
+           'lhc/concerns/lhc/basic_methods_concern'
   autoload :ConfigurationConcern,
-    'lhc/concerns/lhc/configuration_concern'
+           'lhc/concerns/lhc/configuration_concern'
   autoload :FixInvalidEncodingConcern,
-    'lhc/concerns/lhc/fix_invalid_encoding_concern'
+           'lhc/concerns/lhc/fix_invalid_encoding_concern'
   autoload :FormatsConcern,
-    'lhc/concerns/lhc/formats_concern'
+           'lhc/concerns/lhc/formats_concern'
 
   include BasicMethodsConcern
   include ConfigurationConcern
   include FormatsConcern
 
   autoload :Auth,
-    'lhc/interceptors/auth'
+           'lhc/interceptors/auth'
   autoload :Caching,
-    'lhc/interceptors/caching'
+           'lhc/interceptors/caching'
   autoload :DefaultTimeout,
-    'lhc/interceptors/default_timeout'
+           'lhc/interceptors/default_timeout'
   autoload :Logging,
-    'lhc/interceptors/logging'
+           'lhc/interceptors/logging'
   autoload :Prometheus,
-    'lhc/interceptors/prometheus'
+           'lhc/interceptors/prometheus'
   autoload :Retry,
-    'lhc/interceptors/retry'
+           'lhc/interceptors/retry'
   autoload :Throttle,
-    'lhc/interceptors/throttle'
+           'lhc/interceptors/throttle'
 
   autoload :Config,
-    'lhc/config'
+           'lhc/config'
   autoload :Endpoint,
-    'lhc/endpoint'
+           'lhc/endpoint'
 
   autoload :Error,
-    'lhc/error'
+           'lhc/error'
   autoload :ClientError,
-    'lhc/errors/client_error'
+           'lhc/errors/client_error'
   autoload :BadRequest,
-    'lhc/errors/client_error'
+           'lhc/errors/client_error'
   autoload :Unauthorized,
-    'lhc/errors/client_error'
+           'lhc/errors/client_error'
   autoload :PaymentRequired,
-    'lhc/errors/client_error'
+           'lhc/errors/client_error'
   autoload :Forbidden,
-    'lhc/errors/client_error'
+           'lhc/errors/client_error'
   autoload :Forbidden,
-    'lhc/errors/client_error'
+           'lhc/errors/client_error'
   autoload :NotFound,
-    'lhc/errors/client_error'
+           'lhc/errors/client_error'
   autoload :MethodNotAllowed,
-    'lhc/errors/client_error'
+           'lhc/errors/client_error'
   autoload :NotAcceptable,
-    'lhc/errors/client_error'
+           'lhc/errors/client_error'
   autoload :ProxyAuthenticationRequired,
-    'lhc/errors/client_error'
+           'lhc/errors/client_error'
   autoload :RequestTimeout,
-    'lhc/errors/client_error'
+           'lhc/errors/client_error'
   autoload :Conflict,
-    'lhc/errors/client_error'
+           'lhc/errors/client_error'
   autoload :Gone,
-    'lhc/errors/client_error'
+           'lhc/errors/client_error'
   autoload :LengthRequired,
-    'lhc/errors/client_error'
+           'lhc/errors/client_error'
   autoload :PreconditionFailed,
-    'lhc/errors/client_error'
+           'lhc/errors/client_error'
   autoload :RequestEntityTooLarge,
-    'lhc/errors/client_error'
+           'lhc/errors/client_error'
   autoload :RequestUriToLong,
-    'lhc/errors/client_error'
+           'lhc/errors/client_error'
   autoload :UnsupportedMediaType,
-    'lhc/errors/client_error'
+           'lhc/errors/client_error'
   autoload :RequestedRangeNotSatisfiable,
-    'lhc/errors/client_error'
+           'lhc/errors/client_error'
   autoload :ExpectationFailed,
-    'lhc/errors/client_error'
+           'lhc/errors/client_error'
   autoload :UnprocessableEntity,
-    'lhc/errors/client_error'
+           'lhc/errors/client_error'
   autoload :Locked,
-    'lhc/errors/client_error'
+           'lhc/errors/client_error'
   autoload :FailedDependency,
-    'lhc/errors/client_error'
+           'lhc/errors/client_error'
   autoload :UpgradeRequired,
-    'lhc/errors/client_error'
+           'lhc/errors/client_error'
   autoload :ParserError,
-    'lhc/errors/parser_error'
+           'lhc/errors/parser_error'
   autoload :ServerError,
-    'lhc/errors/server_error'
+           'lhc/errors/server_error'
   autoload :InternalServerError,
-    'lhc/errors/server_error'
+           'lhc/errors/server_error'
   autoload :NotImplemented,
-    'lhc/errors/server_error'
+           'lhc/errors/server_error'
   autoload :BadGateway,
-    'lhc/errors/server_error'
+           'lhc/errors/server_error'
   autoload :ServiceUnavailable,
-    'lhc/errors/server_error'
+           'lhc/errors/server_error'
   autoload :GatewayTimeout,
-    'lhc/errors/server_error'
+           'lhc/errors/server_error'
   autoload :HttpVersionNotSupported,
-    'lhc/errors/server_error'
+           'lhc/errors/server_error'
   autoload :InsufficientStorage,
-    'lhc/errors/server_error'
+           'lhc/errors/server_error'
   autoload :NotExtended,
-    'lhc/errors/server_error'
+           'lhc/errors/server_error'
   autoload :Timeout,
-    'lhc/errors/timeout'
+           'lhc/errors/timeout'
   autoload :UnknownError,
-    'lhc/errors/unknown_error'
+           'lhc/errors/unknown_error'
+
+  autoload :Scrubber,
+           'lhc/scrubber'
+  autoload :AuthScrubber,
+           'lhc/scrubbers/auth_scrubber'
+  autoload :BodyScrubber,
+           'lhc/scrubbers/body_scrubber'
+  autoload :HeadersScrubber,
+           'lhc/scrubbers/headers_scrubber'
+  autoload :ParamsScrubber,
+           'lhc/scrubbers/params_scrubber'
 
   autoload :Interceptor,
-    'lhc/interceptor'
+           'lhc/interceptor'
   autoload :Interceptors,
-    'lhc/interceptors'
+           'lhc/interceptors'
   autoload :Formats,
-    'lhc/formats'
+           'lhc/formats'
   autoload :Format,
-    'lhc/format'
+           'lhc/format'
   autoload :Monitoring,
-    'lhc/interceptors/monitoring'
+           'lhc/interceptors/monitoring'
   autoload :Request,
-    'lhc/request'
+           'lhc/request'
   autoload :Response,
-    'lhc/response'
+           'lhc/response'
   autoload :Rollbar,
-    'lhc/interceptors/rollbar'
+           'lhc/interceptors/rollbar'
   autoload :Zipkin,
-    'lhc/interceptors/zipkin'
+           'lhc/interceptors/zipkin'
 
   require 'lhc/railtie' if defined?(Rails)
 end

data/spec/config/scrubs_spec.rb

@@ -0,0 +1,108 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe LHC do
+  it 'has a default value for scrubs' do
+    expect(LHC.config.scrubs[:auth]).to eq [:bearer, :basic]
+    expect(LHC.config.scrubs[:params]).to eq []
+    expect(LHC.config.scrubs[:headers]).to eq []
+    expect(LHC.config.scrubs[:body]).to eq ['password', 'password_confirmation']
+  end
+
+  describe 'auth' do
+    context 'when only bearer auth should get scrubbed' do
+      before(:each) do
+        LHC.configure do |c|
+          c.scrubs[:auth] = [:bearer]
+        end
+      end
+
+      it 'has only bearer auth in scrubs' do
+        expect(LHC.config.scrubs[:auth]).to eq([:bearer])
+        expect(LHC.config.scrubs[:params]).to eq []
+        expect(LHC.config.scrubs[:headers]).to eq []
+        expect(LHC.config.scrubs[:body]).to eq ['password', 'password_confirmation']
+      end
+    end
+  end
+
+  context 'params' do
+    context 'when additional param "api_key" should be scrubbed' do
+      before(:each) do
+        LHC.configure do |c|
+          c.scrubs[:params] << 'api_key'
+        end
+      end
+
+      it 'has "api_key" in scrubs' do
+        expect(LHC.config.scrubs[:auth]).to eq [:bearer, :basic]
+        expect(LHC.config.scrubs[:params]).to eq ['api_key']
+        expect(LHC.config.scrubs[:headers]).to eq []
+        expect(LHC.config.scrubs[:body]).to eq ['password', 'password_confirmation']
+      end
+    end
+  end
+
+  context 'headers' do
+    context 'when additional header "private_key" should be scrubbed' do
+      before(:each) do
+        LHC.configure do |c|
+          c.scrubs[:headers] << 'private_key'
+        end
+      end
+
+      it 'has "private_key" in scrubs' do
+        expect(LHC.config.scrubs[:auth]).to eq [:bearer, :basic]
+        expect(LHC.config.scrubs[:params]).to eq []
+        expect(LHC.config.scrubs[:headers]).to eq ['private_key']
+        expect(LHC.config.scrubs[:body]).to eq ['password', 'password_confirmation']
+      end
+    end
+  end
+
+  context 'body' do
+    context 'when only password should get scrubbed' do
+      before(:each) do
+        LHC.configure do |c|
+          c.scrubs[:body] = ['password']
+        end
+      end
+
+      it 'has password in scrubs' do
+        expect(LHC.config.scrubs[:auth]).to eq [:bearer, :basic]
+        expect(LHC.config.scrubs[:params]).to eq []
+        expect(LHC.config.scrubs[:headers]).to eq []
+        expect(LHC.config.scrubs[:body]).to eq(['password'])
+      end
+    end
+
+    context 'when "user_token" should be scrubbed' do
+      before(:each) do
+        LHC.configure do |c|
+          c.scrubs[:body] << 'user_token'
+        end
+      end
+
+      it 'has user_token in scrubs' do
+        expect(LHC.config.scrubs[:auth]).to eq [:bearer, :basic]
+        expect(LHC.config.scrubs[:params]).to eq []
+        expect(LHC.config.scrubs[:headers]).to eq []
+        expect(LHC.config.scrubs[:body]).to eq(['password', 'password_confirmation', 'user_token'])
+      end
+    end
+  end
+
+  context 'when nothing should be scrubbed' do
+    before(:each) do
+      LHC.configure do |c|
+        c.scrubs = {}
+      end
+    end
+
+    it 'does not have scrubs' do
+      expect(LHC.config.scrubs.blank?).to be true
+      expect(LHC.config.scrubs[:auth]).to be nil
+    end
+  end
+end

data/spec/error/to_s_spec.rb

@@ -48,10 +48,10 @@ describe LHC::Error do
         double('LHC::Request',
                method: 'GET',
                url: 'http://example.com/sessions',
-               headers: { 'Bearer Token' => "aaaaaaaa-bbbb-cccc-dddd-eeee" },
-               options: { followlocation: true,
-                          auth: { bearer: "aaaaaaaa-bbbb-cccc-dddd-eeee" },
-                          params: { limit: 20 }, url: "http://example.com/sessions" })
+               scrubbed_headers: { 'Bearer Token' => LHC::Scrubber::SCRUB_DISPLAY },
+               scrubbed_options: { followlocation: true,
+                                   auth: { bearer: LHC::Scrubber::SCRUB_DISPLAY },
+                                   params: { limit: 20 }, url: "http://example.com/sessions" })
       end
 
       let(:response) do
@@ -72,8 +72,8 @@ describe LHC::Error do
       it 'produces correct debug output' do
         expect(subject.to_s.split("\n")).to eq(<<-MSG.strip_heredoc.split("\n"))
           GET http://example.com/sessions
-          Options: {:followlocation=>true, :auth=>{:bearer=>"aaaaaaaa-bbbb-cccc-dddd-eeee"}, :params=>{:limit=>20}, :url=>"http://example.com/sessions"}
-          Headers: {"Bearer Token"=>"aaaaaaaa-bbbb-cccc-dddd-eeee"}
+          Options: {:followlocation=>true, :auth=>{:bearer=>"#{LHC::Scrubber::SCRUB_DISPLAY}"}, :params=>{:limit=>20}, :url=>"http://example.com/sessions"}
+          Headers: {"Bearer Token"=>"#{LHC::Scrubber::SCRUB_DISPLAY}"}
           Response Code: 500 (internal_error)
           Response Options: {:return_code=>:internal_error, :response_headers=>""}
           {"status":500,"message":"undefined"}

data/spec/formats/multipart_spec.rb

@@ -13,7 +13,7 @@ describe LHC do
     it 'formats requests to be multipart/form-data' do
       stub_request(:post, 'http://local.ch/') do |request|
         raise 'Content-Type header wrong' unless request.headers['Content-Type'] == 'multipart/form-data'
-        raise 'Body wrongly formatted' unless request.body.match(/file=%23%3CActionDispatch%3A%3AHttp%3A%3AUploadedFile%3A.*%3E&type=Image/)
+        raise 'Body wrongly formatted' unless request.body.match?(/file=%23%3CActionDispatch%3A%3AHttp%3A%3AUploadedFile%3A.*%3E&type=Image/)
       end.to_return(status: 200, body: body, headers: { 'Location' => location })
       response = LHC.multipart.post(
         'http://local.ch',

data/spec/interceptors/caching/multilevel_cache_spec.rb

@@ -63,7 +63,7 @@ describe LHC::Caching do
     context 'found in central cache' do
       it 'serves it from central cache if found there' do
         expect(redis_cache).to receive(:fetch).and_return(nil,
-                                                            body: '<h1>Hi there</h1>', code: 200, headers: nil, return_code: nil, mock: :webmock)
+                                                          body: '<h1>Hi there</h1>', code: 200, headers: nil, return_code: nil, mock: :webmock)
         expect(redis_cache).to receive(:write).and_return(true)
         expect(Rails.cache).to receive(:fetch).and_call_original
         expect(Rails.cache).to receive(:write).and_call_original

data/spec/interceptors/define_spec.rb

@@ -7,6 +7,7 @@ describe LHC do
     before(:each) do
       class SomeInterceptor < LHC::Interceptor
       end
+
       class AnotherInterceptor < LHC::Interceptor
       end
     end

data/spec/interceptors/logging/main_spec.rb

@@ -8,7 +8,7 @@ describe LHC::Logging do
   before(:each) do
     LHC.config.interceptors = [LHC::Logging]
     LHC::Logging.logger = logger
-    stub_request(:get, 'http://local.ch').to_return(status: 200)
+    stub_request(:get, /http:\/\/local.ch.*/).to_return(status: 200)
   end
 
   it 'does log information before and after every request made with LHC' do
@@ -34,4 +34,24 @@ describe LHC::Logging do
       )
     end
   end
+
+  context 'sensitive data' do
+    before :each do
+      LHC.config.scrubs[:params] << 'api_key'
+      LHC.config.scrubs[:headers] << 'private_key'
+      LHC.get('http://local.ch', params: { api_key: '123-abc' }, headers: { private_key: 'abc-123' })
+    end
+
+    it 'does log not log sensitive params information before every request made with LHC' do
+      expect(logger).to have_received(:info).once.with(
+        a_string_including("Params={:api_key=>\"#{LHC::Scrubber::SCRUB_DISPLAY}\"}")
+      )
+    end
+
+    it 'does log not log sensitive headers information before every request made with LHC' do
+      expect(logger).to have_received(:info).once.with(
+        a_string_including(":private_key=>\"#{LHC::Scrubber::SCRUB_DISPLAY}\"")
+      )
+    end
+  end
 end

data/spec/interceptors/rollbar/main_spec.rb

@@ -36,22 +36,34 @@ describe LHC::Rollbar do
         )
     end
 
-    context 'additional params' do
-      it 'does report errors to rollbar with additional data' do
-        stub_request(:get, 'http://local.ch')
-          .to_return(status: 400)
-        expect(-> { LHC.get('http://local.ch', rollbar: { additional: 'data' }) })
-          .to raise_error LHC::BadRequest
-        expect(::Rollbar).to have_received(:warning)
-          .with(
-            'Status: 400 URL: http://local.ch',
-            hash_including(
-              response: anything,
-              request: anything,
-              additional: 'data'
-            )
+    it 'does report errors to rollbar with additional data' do
+      stub_request(:get, 'http://local.ch')
+        .to_return(status: 400)
+      expect(-> { LHC.get('http://local.ch', rollbar: { additional: 'data' }) })
+        .to raise_error LHC::BadRequest
+      expect(::Rollbar).to have_received(:warning)
+        .with(
+          'Status: 400 URL: http://local.ch',
+          hash_including(
+            response: anything,
+            request: anything,
+            additional: 'data'
           )
-      end
+        )
+    end
+
+    it 'scrubs sensitive data' do
+      LHC.config.scrubs[:params] << 'api_key'
+      LHC.config.scrubs[:headers] << 'private_key'
+      stub_request(:get, 'http://local.ch?api_key=123-abc').to_return(status: 400)
+      expect(-> { LHC.get('http://local.ch', params: { api_key: '123-abc' }, headers: { private_key: 'abc-123' }) })
+        .to raise_error LHC::BadRequest
+      expect(::Rollbar).to have_received(:warning)
+        .with(
+          'Status: 400 URL: http://local.ch',
+          response: hash_including(body: anything, code: anything, headers: anything, time: anything, timeout?: anything),
+          request: hash_including(url: anything, method: anything, headers: hash_including(private_key: LHC::Scrubber::SCRUB_DISPLAY), params: { api_key: LHC::Scrubber::SCRUB_DISPLAY })
+        )
     end
   end
 end

data/spec/request/scrubbed_headers_spec.rb

@@ -0,0 +1,101 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe LHC::Request do
+  let(:headers) { { private_key: 'xyz-123' } }
+  let(:response) { LHC.get(:local, headers: headers) }
+  let(:auth) { {} }
+
+  before :each do
+    LHC.config.endpoint(:local, 'http://local.ch', auth: auth)
+    stub_request(:get, 'http://local.ch').with(headers: headers)
+  end
+
+  it 'scrubs "private_key"' do
+    LHC.config.scrubs[:headers] << 'private_key'
+    expect(response.request.scrubbed_headers).to include(private_key: LHC::Scrubber::SCRUB_DISPLAY)
+  end
+
+  it 'does not add a new attribute when a non existing header should be scrubbed' do
+    LHC.config.scrubs[:headers] << 'anything'
+    expect(response.request.scrubbed_headers).not_to include('anything' => LHC::Scrubber::SCRUB_DISPLAY)
+  end
+
+  context 'when strings instead of symbols are provided' do
+    let(:headers) { { 'private_key' => 'xyz-123' } }
+
+    it 'scrubs "private_key"' do
+      LHC.config.scrubs[:headers] << 'private_key'
+      expect(response.request.scrubbed_headers).to include('private_key' => LHC::Scrubber::SCRUB_DISPLAY)
+    end
+  end
+
+  context 'other authentication strategy' do
+    let(:api_key) { '123456' }
+    let(:authorization_header) { { 'Authorization' => "Apikey #{api_key}" } }
+    let(:headers) { authorization_header }
+
+    it 'provides srubbed Authorization header' do
+      LHC.config.scrubs[:headers] << 'Authorization'
+      expect(response.request.scrubbed_headers).to include('Authorization' => LHC::Scrubber::SCRUB_DISPLAY)
+      expect(response.request.headers).to include(authorization_header)
+    end
+  end
+
+  describe 'auth' do
+    before :each do
+      LHC.config.interceptors = [LHC::Auth]
+      stub_request(:get, 'http://local.ch').with(headers: authorization_header)
+    end
+
+    let(:request) do
+      response = LHC.get(:local)
+      response.request
+    end
+
+    context 'bearer authentication' do
+      let(:bearer_token) { '123456' }
+      let(:authorization_header) { { 'Authorization' => "Bearer #{bearer_token}" } }
+      let(:auth) { { bearer: -> { bearer_token } } }
+
+      it 'provides srubbed request headers' do
+        expect(request.scrubbed_headers).to include('Authorization' => "Bearer #{LHC::Scrubber::SCRUB_DISPLAY}")
+        expect(request.headers).to include(authorization_header)
+      end
+
+      context 'when nothing should get scrubbed' do
+        before :each do
+          LHC.config.scrubs = {}
+        end
+
+        it 'does not filter beaerer auth' do
+          expect(request.scrubbed_headers).to include(authorization_header)
+        end
+      end
+    end
+
+    context 'basic authentication' do
+      let(:username) { 'steve' }
+      let(:password) { 'abcdefg' }
+      let(:credentials_base_64_codiert) { Base64.strict_encode64("#{username}:#{password}").chomp }
+      let(:authorization_header) { { 'Authorization' => "Basic #{credentials_base_64_codiert}" } }
+      let(:auth) { { basic: { username: username, password: password } } }
+
+      it 'provides srubbed request headers' do
+        expect(request.scrubbed_headers).to include('Authorization' => "Basic #{LHC::Scrubber::SCRUB_DISPLAY}")
+        expect(request.headers).to include(authorization_header)
+      end
+
+      context 'when nothing should get scrubbed' do
+        before :each do
+          LHC.config.scrubs = {}
+        end
+
+        it 'does not filter basic auth' do
+          expect(request.scrubbed_headers).to include(authorization_header)
+        end
+      end
+    end
+  end
+end