logjam_agent 0.38.2 → 0.38.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 623b528c086e5359f9824c6ed231207340d9abc8fb1046f2763200404e9c3ee9
-  data.tar.gz: 0d7de9ffac6e355314388c15c9e6fb0d18f1c5ad723dce7c9b19ef64a864fa1c
+  metadata.gz: 6c18943a93c4707c1d5c8aa2b92925ac997fbd98fc08f9c4c58f9eb485c98f02
+  data.tar.gz: e38d8c87ca688037a860a3b4af69d54f255f575d6cd3d5ca8b31e8bb0ff1639b
 SHA512:
-  metadata.gz: 24d13d8931fc1a3ff1ec13a0617f941798719ccb9cec724d2934f0b80fc7365027029996b867194b60d780589fbfc7b8f391102d16cca28b7b9a5f6fda2668ae
-  data.tar.gz: c130018a95950bb0dfe32afe866f9ce891685ed37edd845b96f76fbe0c97b869bbcb08ba185a9b7f028b3eb9ff98a0a2a7f360a4292efcdb6d840b01a0e0c29e
+  metadata.gz: 1f9eead24427fed2fac91181599f75a87a5389b913b5a9a6042b4ebcfb27ffa7af213f76127182d7d05078bde22cbf3e431f414b86ca27ef8490175e761da60c
+  data.tar.gz: f2a10234aea2f2402da52686c9500e2591d852d9757d267032fda58366650aead11b621eb4d0681819acfdfebd3c0d6010329e60758644dbada17f4106c6654b

data/lib/logjam_agent/obfuscation.rb

@@ -0,0 +1,40 @@
+module LogjamAgent
+  module Obfuscation
+
+    mattr_accessor :obfuscate_ips
+    self.obfuscate_ips = false
+
+    # TODO: ipv6 obfuscation
+    def ip_obfuscator(ip)
+      obfuscate_ips ? ip.to_s.sub(/\d+\z/, 'XXX') : ip
+    end
+
+    mattr_accessor :obfuscated_cookies
+    self.obfuscated_cookies = [/_session\z/]
+
+    def cookie_obfuscator
+      @cookie_obfuscator ||= ParameterFilter.new(obfuscated_cookies)
+    end
+
+    begin
+      # rails 6.1 and higher
+      require "active_support/parameter_filter"
+      ParameterFilter = ::ActiveSupport::ParameterFilter
+    rescue LoadError
+      # rails 6.0 and older
+      require "action_dispatch/http/parameter_filter"
+      ParameterFilter = ::ActionDispatch::Http::ParameterFilter
+    end
+
+    KEY_RE = '[^&;=\s]+'
+    VAL_RE = '[^&;=]+'
+    PAIR_RE = %r{(#{KEY_RE})=(#{VAL_RE})}
+
+    def filter_pairs(str, filter)
+      str.gsub(PAIR_RE) do |_|
+        filter.filter($1 => $2).first.join("=")
+      end
+    end
+
+  end
+end

data/lib/logjam_agent/rack/logger.rb

@@ -216,8 +216,7 @@ module LogjamAgent
       CONTENT_LENGTH = 'CONTENT_LENGTH'
       COOKIE = 'HTTP_COOKIE'
 
-      KV_RE   = '[^&;=]+'
-      PAIR_RE = %r{(#{KV_RE})=(#{KV_RE})}
+      include Obfuscation
 
       def extract_headers(request, filter)
         headers = request.env.reject{|k,v| k =~ HIDDEN_VARIABLES }
@@ -225,15 +224,11 @@ module LogjamAgent
         headers = filter.filter(headers)
 
         if referer = headers[REFERER]
-          headers[REFERER] = referer.gsub(PAIR_RE) do |_|
-            filter.filter($1 => $2).first.join("=")
-          end
+          headers[REFERER] = filter_pairs(referer, filter)
         end
 
-        if (cookie = headers[COOKIE]) && LogjamAgent.obfuscated_cookies.present?
-          headers[COOKIE] = cookie.gsub(PAIR_RE) do |_|
-            LogjamAgent.cookie_obfuscator.filter($1 => $2).first.join("=")
-          end
+        if (cookie = headers[COOKIE]) && obfuscated_cookies.present?
+          headers[COOKIE] = filter_pairs(cookie, cookie_obfuscator)
         end
 
         headers.keys.each do |k|

data/lib/logjam_agent/version.rb

@@ -1,3 +1,3 @@
 module LogjamAgent
-  VERSION = "0.38.2"
+  VERSION = "0.38.3"
 end

data/lib/logjam_agent.rb

@@ -10,6 +10,7 @@ end
 
 require "logjam_agent/version"
 require "logjam_agent/util"
+require "logjam_agent/obfuscation"
 require "logjam_agent/zmq_forwarder"
 require "logjam_agent/forwarders"
 require "logjam_agent/request"
@@ -77,26 +78,7 @@ module LogjamAgent
   mattr_accessor :ensure_ping_at_exit
   self.ensure_ping_at_exit = true
 
-  mattr_accessor :obfuscate_ips
-  self.obfuscate_ips = false
-
-  # TODO: ipv6 obfuscation
-  def self.ip_obfuscator(ip)
-    obfuscate_ips ? ip.to_s.sub(/\d+\z/, 'XXX') : ip
-  end
-
-  mattr_accessor :obfuscated_cookies
-  self.obfuscated_cookies = [/_session\z/]
-
-  def self.cookie_obfuscator
-    @cookie_obfuscator ||=
-      if defined?(ActiveSupport::ParameterFilter)
-        ActiveSupport::ParameterFilter.new(obfuscated_cookies)
-      else
-        ActionDispatch::Http::ParameterFilter.new(obfuscated_cookies)
-      end
-  end
-
+  extend Obfuscation
   extend RequestHandling
   extend SelectiveLogging
 

data/test/obfuscator_test.rb

@@ -0,0 +1,28 @@
+require_relative "test_helper.rb"
+
+module LogjamAgent
+  class ObfuscatorTest < MiniTest::Test
+    include Obfuscation
+
+    test "obfuscates session cookie by default" do
+      filter = LogjamAgent.cookie_obfuscator
+      assert_equal "_session=[FILTERED]", filter_pairs("_session=data", filter)
+      assert_equal "my_session=[FILTERED]", filter_pairs("my_session=mdata", filter)
+      assert_equal "blabber=1; _session=[FILTERED]", filter_pairs("blabber=1; _session=data", filter)
+      assert_equal "blabber=1; _session=[FILTERED]; blubber=2", filter_pairs("blabber=1; _session=data; blubber=2", filter)
+    end
+
+    test "obfuscates with complex regex" do
+      filter = ParameterFilter.new([/(login|_session)\z/])
+      assert_equal "_session=[FILTERED]; login=[FILTERED]", filter_pairs("_session=my_session; login=foo", filter)
+      assert_equal "_session=[FILTERED]; my_login=[FILTERED]", filter_pairs("_session=my_session; my_login=foo", filter)
+    end
+
+    test "obfuscates with exact matches" do
+      filter = ParameterFilter.new([/\A(login|.*_session)\z/])
+      assert_equal "_session=[FILTERED]; login=[FILTERED]", filter_pairs("_session=my_session; login=foo", filter)
+      assert_equal "_session=[FILTERED]; my_login=foo", filter_pairs("_session=my_session; my_login=foo", filter)
+      assert_equal "my_session=[FILTERED]; my_login=foo", filter_pairs("my_session=my_session; my_login=foo", filter)
+    end
+  end
+end

data/test/sinatra_app.rb

@@ -1,12 +1,15 @@
 $:.unshift File.expand_path('../../lib', __FILE__)
 
 require 'logjam_agent/sinatra'
+require 'sinatra/cookies'
 
 class SinatraTestApp < Sinatra::Base
   register LogjamAgent::Sinatra
 
   use LogjamAgent::Sinatra::Middleware
 
+  helpers Sinatra::Cookies
+
   configure do
     set :root, File.expand_path('../..', __FILE__)
     set :environment, :test
@@ -24,6 +27,8 @@ class SinatraTestApp < Sinatra::Base
   end
 
   get '/index' do
+    cookies[:foo] = 'bar'
+    cookies[:frerks] = "no micro"
     logger.info 'Hello World!'
     'Hello World!'
   end

data/test/sinatra_classic_app.rb

@@ -1,6 +1,7 @@
 $:.unshift File.expand_path('../../lib', __FILE__)
 
 require 'logjam_agent/sinatra'
+require 'sinatra/cookies'
 
 use LogjamAgent::Sinatra::Middleware
 
@@ -27,5 +28,7 @@ end
 get '/index' do
   action_name "Simple#index"
   logger.info 'Hello World!'
+  cookies[:foo] = 'bar'
+  cookies[:frerks] = "no micro"
   'Hello World!'
 end

data/test/sinatra_classic_test.rb

@@ -12,7 +12,10 @@ module LogjamAgent
     end
 
     def test_root
-      get '/index?mumu=1&password=5'
+      cookie_jar = ::Rack::Test::CookieJar.new
+      cookie_jar['foo'] = 'bar'
+      cookie_jar['baz'] = 'gni'
+      get '/index?mumu=1&password=5', {}, 'HTTP_COOKIE' => cookie_jar.for(nil)
       assert_equal 'Hello World!', last_response.body
     end
 

data/test/sinatra_test.rb

@@ -24,7 +24,10 @@ module LogjamAgent
     end
 
     def test_root
-      get '/index?mumu=1&password=5'
+      cookie_jar = ::Rack::Test::CookieJar.new
+      cookie_jar['foo'] = 'bar'
+      cookie_jar['baz'] = 'gni'
+      get '/index?mumu=1&password=5', {}, 'HTTP_COOKIE' => cookie_jar.for(nil)
       assert_equal 'Hello World!', last_response.body
       assert_equal 200, last_response.status
 
@@ -49,6 +52,8 @@ module LogjamAgent
       assert_equal method, "GET"
       assert_equal url, "/index?mumu=1&password=[FILTERED]"
       assert_equal(query_parameters, { "mumu" => "1", "password" => "[FILTERED]" })
+      assert_match(/baz=gni/, request_info["headers"]["Cookie"])
+      assert_match(/foo=\[FILTERED\]/, request_info["headers"]["Cookie"])
     end
 
   end

data/test/test_helper.rb

@@ -20,6 +20,9 @@ require "logjam_agent/receiver"
 # for Sinatra
 ENV['RACK_ENV'] = "test"
 
+# Obfuscate the foo cookie.
+LogjamAgent.obfuscated_cookies = [/\A(foo|.*_session)\z/]
+
 class MockLogDev
   attr_reader :lines
   def initialize

metadata

@@ -1,183 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: logjam_agent
 version: !ruby/object:Gem::Version
-  version: 0.38.2
+  version: 0.38.3
 platform: ruby
 authors:
 - Stefan Kaes
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-12-02 00:00:00.000000000 Z
+date: 2023-03-20 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: i18n
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: snappy
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: lz4-ruby
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: oj
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: byebug
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: minitest
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: mocha
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: sinatra
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rack-test
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: appraisal
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: simplecov
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
@@ -252,6 +84,7 @@ files:
 - lib/logjam_agent/logging_attributes.rb
 - lib/logjam_agent/middleware.rb
 - lib/logjam_agent/monkey_patches/ffi-rzmq-patch.rb
+- lib/logjam_agent/obfuscation.rb
 - lib/logjam_agent/rack/logger.rb
 - lib/logjam_agent/rack/rails_support.rb
 - lib/logjam_agent/rack/sinatra_request.rb
@@ -266,6 +99,7 @@ files:
 - lib/logjam_agent/version.rb
 - lib/logjam_agent/zmq_forwarder.rb
 - test/json_logging_test.rb
+- test/obfuscator_test.rb
 - test/request_test.rb
 - test/selective_logging_test.rb
 - test/sinatra_app.rb
@@ -300,6 +134,7 @@ specification_version: 4
 summary: Logjam client library to be used with logjam
 test_files:
 - test/json_logging_test.rb
+- test/obfuscator_test.rb
 - test/request_test.rb
 - test/selective_logging_test.rb
 - test/sinatra_app.rb