logasm-jruby 1.2.0

data/spec/preprocessors/blacklist_spec.rb

@@ -0,0 +1,131 @@
+require 'spec_helper'
+require_relative '../../lib/logasm/preprocessors/blacklist'
+
+describe Logasm::Preprocessors::Blacklist do
+  subject(:processed_data) { described_class.new(config).process(data) }
+
+  let(:config) {{
+    fields: [{ key: 'field', action: action }]
+  }}
+
+  let(:action) {}
+  let(:data) {{
+    field: value,
+    data: {
+      field: 'secret'
+    },
+    array: [{field: 'secret'}]
+  }}
+
+  let(:value) { 'secret' }
+
+  context 'when action is unsupported' do
+    let(:action) { 'reverse' }
+
+    it 'throws exception' do
+      expect { processed_data }.to raise_exception(Logasm::Preprocessors::Blacklist::UnsupportedActionException)
+    end
+  end
+
+  context 'when action is "exclude"' do
+    let(:action) { 'exclude' }
+
+    it 'removes the field' do
+      expect(processed_data).not_to include(:field)
+    end
+
+    it 'removes nested field' do
+      expect(processed_data).not_to include_at_depth({field: 'secret'}, 1)
+    end
+
+    it 'removes nested in array field' do
+      expect(processed_data[:array]).not_to include({field: 'secret'})
+    end
+
+    context 'when field is deeply nested' do
+      let(:depth) { 10 }
+      let(:data) { data_with_nested_field({field: 'secret'}, depth) }
+
+      it 'removes deeply nested field' do
+        expect(processed_data).not_to include_at_depth({field: 'secret'}, depth)
+      end
+    end
+  end
+
+  context 'when action is "mask"' do
+    let(:action) { 'mask' }
+
+    it 'masks nested field' do
+      expect(processed_data).to include_at_depth({field: '*****'}, 1)
+    end
+
+    it 'masks nested in array field' do
+      expect(processed_data[:array]).to include({field: '*****'})
+    end
+
+    context 'when field is string' do
+      let(:value) { 'secret' }
+
+      it 'masks value with asterisks' do
+        expect(processed_data).to include(field: '*****')
+      end
+    end
+
+    context 'when field is number' do
+      let(:value) { 42 }
+
+      it 'masks number value' do
+        expect(processed_data).to include(field: '*****')
+      end
+    end
+
+    context 'when field is boolean' do
+      let(:value) { true }
+
+      it 'masks value with asterisks' do
+        expect(processed_data).to include(field: '*****')
+      end
+    end
+
+    context 'when field is array' do
+      let(:value) { [1,2,3,4] }
+
+      it 'masks value with asterisks' do
+        expect(processed_data).to include(field: '*****')
+      end
+    end
+
+    context 'when field is hash' do
+      let(:value) { {data: {}} }
+
+      it 'masks value with asterisks' do
+        expect(processed_data).to include(field: '*****')
+      end
+    end
+
+    context 'when field is deeply nested' do
+      let(:depth) { 10 }
+      let(:data) { data_with_nested_field({field: 'secret'}, depth) }
+
+      it 'masks deeply nested field' do
+        expect(processed_data).to include_at_depth({field: '*****'}, depth)
+      end
+    end
+  end
+
+  def data_with_nested_field(field, depth)
+    depth.times.inject(field) do |mem|
+      {}.merge(data: mem)
+    end
+  end
+
+  RSpec::Matchers.define :include_at_depth do |expected_hash, depth|
+    match do |actual|
+      nested_data = depth.times.inject(actual) do |mem|
+        mem[:data]
+      end
+
+      expect(nested_data).to include(expected_hash)
+    end
+  end
+end

data/spec/preprocessors/json_pointer_trie.rb

@@ -0,0 +1,36 @@
+require 'spec_helper'
+require 'logasm/preprocessors/json_pointer_trie'
+
+RSpec.describe Logasm::Preprocessors::JSONPointerTrie do
+  let(:trie) { described_class.new }
+
+  describe '#includes?' do
+    it 'returns true for empty prefix' do
+      expect(trie).to include('')
+    end
+
+    it 'returns true if trie contains requested prefix or value itself' do
+      trie.insert('/data/nested/key')
+
+      expect(trie).to include('/data')
+      expect(trie).to include('/data/nested')
+      expect(trie).to include('/data/nested/key')
+    end
+
+    it 'returns false if trie does not contain requested prefix or value' do
+      trie.insert('/data/nested/key')
+
+      expect(trie).to_not include('/bad_data')
+      expect(trie).to_not include('/data/bad_nested')
+      expect(trie).to_not include('/data/nested/bad_key')
+    end
+
+    it 'returns true if trie contains requested prefix under wildcard' do
+      trie.insert('/data/~/key')
+
+      expect(trie).to include('/data/arbitrary_key/key')
+      expect(trie).to include('/data/another_key/key')
+      expect(trie).to_not include('/data/arbitrary_key/bad_nested_key')
+    end
+  end
+end

data/spec/preprocessors/whitelist_spec.rb

@@ -0,0 +1,335 @@
+require 'spec_helper'
+require_relative '../../lib/logasm/preprocessors/whitelist'
+
+RSpec.describe Logasm::Preprocessors::Whitelist, 'when :action is :mask or omitted' do
+  subject(:processed_data) { described_class.new(config).process(data) }
+
+  let(:config) { { pointers: pointers } }
+  let(:pointers) { [] }
+  let(:data) do
+    {
+      field: 'secret',
+      data: {
+        field: 'secret'
+      },
+      array: [{ field: 'secret' }]
+    }
+  end
+
+  it 'masks all non-whitelisted fields' do
+    expect(processed_data).to eq(
+      field: '*****',
+      data: '*****',
+      array: '*****'
+    )
+  end
+
+  context 'when pointer has trailing slash' do
+    let(:pointers) { ['/field/'] }
+
+    it 'throws exception' do
+      expect { processed_data }.to raise_exception(Logasm::Preprocessors::Whitelist::InvalidPointerFormatException)
+    end
+  end
+
+  context 'with whitelisted field' do
+    let(:pointers) { ['/field'] }
+
+    it 'includes the field' do
+      expect(processed_data).to eq(
+        field: 'secret',
+        data: '*****',
+        array: '*****'
+      )
+    end
+  end
+
+  context 'with whitelisted nested field' do
+    let(:pointers) { ['/data/field'] }
+
+    it 'includes nested field' do
+      expect(processed_data).to eq(
+        field: '*****',
+        data: {
+          field: 'secret'
+        },
+        array: '*****'
+      )
+    end
+  end
+
+  context 'with whitelisted array element field' do
+    let(:pointers) { ['/array/0/field'] }
+
+    it 'includes array element' do
+      expect(processed_data).to eq(
+        field: '*****',
+        data: '*****',
+        array: [{ field: 'secret' }]
+      )
+    end
+  end
+
+  context 'with whitelisted hash' do
+    it 'includes all whitelisted hash elements' do
+      source = { foo: { bar: 'baz' } }
+      target = { foo: { bar: 'baz' } }
+      expect(process(['/foo/~'], source)).to eq(target)
+    end
+
+    it 'does not include nested elements' do
+      source = { foo: { bar: { baz: 'asd' } } }
+      target = { foo: { bar: { baz: '*****' } } }
+      expect(process(['/foo/~'], source)).to eq(target)
+    end
+  end
+
+  context 'with whitelisted array elements field with wildcard' do
+    let(:data) do
+      {
+        array: [
+          { field: 'data1', secret: 'secret1' },
+          { field: 'data2', secret: 'secret2' }
+        ]
+      }
+    end
+    let(:pointers) { ['/array/~/field'] }
+
+    it 'includes array elements field' do
+      expect(processed_data).to include(
+        array: [
+          { field: 'data1', secret: '*****' },
+          { field: 'data2', secret: '*****' }
+        ]
+      )
+    end
+  end
+
+  context 'with whitelisted string array elements with wildcard' do
+    let(:data) do
+      { array: %w[secret secret] }
+    end
+    let(:pointers) { ['/array/~'] }
+
+    it 'includes array elements' do
+      expect(processed_data).to include(array: %w[secret secret])
+    end
+  end
+
+  context 'with whitelisted string array elements in an array with wildcard' do
+    let(:data) do
+      {
+        nested: [{ array: %w[secret secret] }]
+      }
+    end
+    let(:pointers) { ['/nested/~/array/~'] }
+
+    it 'includes array elements' do
+      expect(processed_data).to include(nested: [{ array: %w[secret secret] }])
+    end
+  end
+
+
+  context 'with whitelisted array element' do
+    let(:pointers) { ['/array/0'] }
+
+    it 'masks array element' do
+      expect(processed_data).to include(array: [{ field: '*****' }])
+    end
+  end
+
+  context 'with whitelisted array' do
+    let(:pointers) { ['/array'] }
+
+    it 'masks array' do
+      expect(processed_data).to include(array: ['*****'])
+    end
+  end
+
+  context 'with whitelisted hash' do
+    let(:pointers) { ['/data'] }
+
+    it 'masks hash' do
+      expect(processed_data).to include(data: { field: '*****' })
+    end
+  end
+
+  context 'when boolean present' do
+    let(:data) { { bool: true } }
+
+    it 'masks it with asteriks' do
+      expect(processed_data).to eq(bool: '*****')
+    end
+  end
+
+  context 'when field has slash in the name' do
+    let(:data) do
+      { 'field_with_/' => 'secret' }
+    end
+    let(:pointers) { ['/field_with_~1'] }
+
+    it 'includes field' do
+      expect(processed_data).to include('field_with_/'=> 'secret')
+    end
+  end
+
+  context 'when field has tilde in the name' do
+    let(:data) do
+      { 'field_with_~' => 'secret' }
+    end
+    let(:pointers) { ['/field_with_~0'] }
+
+    it 'includes field' do
+      expect(processed_data).to include('field_with_~'=> 'secret')
+    end
+  end
+
+  context 'when field has tilde and 1' do
+    let(:data) do
+      { 'field_with_~1' => 'secret' }
+    end
+    let(:pointers) { ['/field_with_~01'] }
+
+    it 'includes field' do
+      expect(processed_data).to include('field_with_~1'=> 'secret')
+    end
+  end
+
+  def process(pointers, data)
+    described_class.new(pointers: pointers).process(data)
+  end
+end
+
+RSpec.describe Logasm::Preprocessors::Whitelist, 'when :action is :exclude or :prune' do
+  subject(:processed_data) { described_class.new(config).process(data) }
+
+  let(:config) { { pointers: pointers, action: :prune } }
+  let(:pointers) { [] }
+  let(:data) do
+    {
+      field: 'secret',
+      data: {
+        field: 'secret'
+      },
+      array: [{ field: 'secret' }, { field2: 'secret' }]
+    }
+  end
+
+  context 'when pointers is empty' do
+    it 'prunes all fields from the input' do
+      expect(processed_data).to eq({})
+    end
+  end
+
+  context 'with whitelisted field' do
+    let(:pointers) { ['/field'] }
+
+    it 'includes the field' do
+      expect(processed_data).to eq(field: 'secret')
+    end
+  end
+
+  context 'with whitelisted nested field' do
+    let(:pointers) { ['/data/field'] }
+
+    it 'includes nested field' do
+      expect(processed_data).to eq(data: { field: 'secret' })
+    end
+  end
+
+  context 'with whitelisted array element field' do
+    let(:pointers) { ['/array/0/field'] }
+
+    it 'includes array element' do
+      expect(processed_data).to eq(array: [{ field: 'secret' }])
+    end
+  end
+
+  context 'with whitelisted hash' do
+    it 'includes all whitelisted hash elements' do
+      source = { foo: { bar: 'baz' } }
+      target = { foo: { bar: 'baz' } }
+      expect(process(['/foo/~'], source)).to eq(target)
+    end
+
+    it 'does not include nested elements' do
+      source = { foo: { bar: { baz: 'asd' } } }
+      target = { foo: { bar: {} } }
+      expect(process(['/foo/~'], source)).to eq(target)
+    end
+  end
+
+  context 'with whitelisted array elements field with wildcard' do
+    let(:data) do
+      {
+        array: [
+          { field: 'data1', secret: 'secret1' },
+          { field: 'data2', secret: 'secret2' }
+        ]
+      }
+    end
+    let(:pointers) { ['/array/~/field'] }
+
+    it 'includes array elements field' do
+      expect(processed_data).to include(
+                                  array: [
+                                    { field: 'data1' },
+                                    { field: 'data2' }
+                                  ]
+                                )
+    end
+  end
+
+  context 'with whitelisted string array elements with wildcard' do
+    let(:data) do
+      { array: %w[secret1 secret2] }
+    end
+    let(:pointers) { ['/array/~'] }
+
+    it 'includes array elements' do
+      expect(processed_data).to include(array: %w[secret1 secret2])
+    end
+  end
+
+  context 'with whitelisted string array elements in an array with wildcard' do
+    let(:data) do
+      {
+        nested: [{ array: %w[secret1 secret2] }]
+      }
+    end
+    let(:pointers) { ['/nested/~/array/~'] }
+
+    it 'includes array elements' do
+      expect(processed_data).to include(nested: [{ array: %w[secret1 secret2] }])
+    end
+  end
+
+
+  context 'with whitelisted array element' do
+    let(:pointers) { ['/array/0'] }
+
+    it 'masks array element' do
+      expect(processed_data).to eq(array: [{}])
+    end
+  end
+
+  context 'with whitelisted array' do
+    let(:pointers) { ['/array'] }
+
+    it 'masks array' do
+      expect(processed_data).to include(array: [])
+    end
+  end
+
+  context 'with whitelisted hash' do
+    let(:pointers) { ['/data'] }
+
+    it 'masks hash' do
+      expect(processed_data).to include(data: {})
+    end
+  end
+
+  def process(pointers, data)
+    described_class.new(pointers: pointers, action: :prune).process(data)
+  end
+end