logstop 0.2.4 → 0.2.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5ac4acd49c15d9cc5eaaf632ab3550c3b5e148e4b4fd07c5a40375ba39ca86ff
-  data.tar.gz: 9e3427aeb3921f9be61fbfb1d9e27f949ff1b9c9d4d023e01696397a34aeb06c
+  metadata.gz: 270d72c3e5f7b204ba2cacce902adf8593dc6d5cab26d4470182aa41b14f3b5b
+  data.tar.gz: 8d5608be8b5b507e8cd640ee0303731b0608a25affed828a0ece5e3b13424afe
 SHA512:
-  metadata.gz: 5b9c8532cec3764daaaf4fb159db1df4c33961510984336e33f93fc3817fedd02f9082e384857e0c61b29b0f025679eee52b1d2911bca3f0b4e13f2322ffef48
-  data.tar.gz: e6e84e9b97efba86d7b2f879522bae3289662e4fe637337b04b95d36d420e69735147185a64c6bfd305fd3368c758148fa0cdc87a06b50f613cbb8f2902f05d1
+  metadata.gz: c4fc28afee3a1c604bf1af432ef8563bebba765f2e1f47dd44c6d6c0b335b3be28698432b8a1ff57eb707e27f396a841f67efb7adba46cc028d9388421db4eef
+  data.tar.gz: 30b74692def2afe3ab7a48cc4235eafbc79660aa98ad3adf4e73ce7adf0c82873b62f42ffc196610e2f61f3acbf5c0bc03aed3c7bb428fd51744db8e2b6a33db

data/CHANGELOG.md

@@ -1,27 +1,43 @@
-## 0.2.4 [unreleased]
+## 0.2.8 (2021-11-30)
+
+- Added support for disabling default rules
+
+## 0.2.7 (2021-02-08)
+
+- Fixed filtering for URL-encoded emails with `+`
+
+## 0.2.6 (2020-04-10)
+
+- Reduced allocations
+
+## 0.2.5 (2019-10-27)
+
+- Fixed filtering UUIDs
+
+## 0.2.4 (2018-12-11)
 
 - Added `scubber` option for custom rules
 - Scrub URL-encoded data
 
-## 0.2.3
+## 0.2.3 (2018-05-16)
 
 - Fixed tagged logging
 
-## 0.2.2
+## 0.2.2 (2018-05-15)
 
 - Added `guard` method
 
-## 0.2.1
+## 0.2.1 (2018-05-15)
 
 - Fix for log broadcaster in Rails console
 - Fix for URL password filtering
 
-## 0.2.0
+## 0.2.0 (2018-04-03)
 
 - Less aggressive filtering on numbers
 - Filter passwords in URLs
 - Added `Logstop.scrub` method
 
-## 0.1.0
+## 0.1.0 (2018-03-31)
 
 - First release

data/LICENSE.txt

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2018 Andrew Kane
+Copyright (c) 2018-2021 Andrew Kane
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -15,15 +15,15 @@ By default, scrubs:
 - Social Security numbers (SSNs)
 - passwords in URLs
 
-Works with all types of logging - Ruby, ActiveRecord, ActiveJob, and more
+Works with all types of logging - Ruby, Active Record, Active Job, and more
 
 ```
 User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."email" = ?  [["email", "[FILTERED]"]]
 ```
 
-Works even when sensitive data is URL-encoded
+Works even when sensitive data is URL-encoded with plus encoding
 
-[![Build Status](https://travis-ci.org/ankane/logstop.svg?branch=master)](https://travis-ci.org/ankane/logstop)
+[![Build Status](https://github.com/ankane/logstop/workflows/build/badge.svg?branch=master)](https://github.com/ankane/logstop/actions)
 
 ## Installation
 
@@ -49,13 +49,13 @@ Logstop.guard(Rails.logger)
 
 ## Options
 
-To scrub IP addresses, use:
+To scrub IP addresses (IPv4), use:
 
 ```ruby
 Logstop.guard(logger, ip: true)
 ```
 
-Add custom rules with: [master]
+Add custom rules with:
 
 ```ruby
 scrubber = lambda do |msg|
@@ -65,6 +65,18 @@ end
 Logstop.guard(logger, scrubber: scrubber)
 ```
 
+Disable default rules with:
+
+```ruby
+Logstop.guard(logger,
+  email: false,
+  phone: false,
+  credit_card: false,
+  ssn: false,
+  url_password: false
+)
+```
+
 To scrub outside of logging, use:
 
 ```ruby
@@ -75,13 +87,15 @@ It supports the same options as `guard`.
 
 ## Notes
 
-This should be used in addition to `config.filtered_parameters`, not as a replacement.
+This should be used in addition to `config.filter_parameters`, not as a replacement.
 
-To scrub existing log files, check out [scrubadub](https://github.com/datascopeanalytics/scrubadub).
+Learn more about [securing sensitive data in Rails](https://ankane.org/sensitive-data-rails).
 
-To anonymize IP addresses, check out [IP Anonymizer](https://github.com/ankane/ip_anonymizer).
+Also:
 
-Learn more about [securing sensitive data in Rails](https://ankane.org/sensitive-data-rails).
+- To scrub existing log files, check out [scrubadub](https://github.com/datascopeanalytics/scrubadub)
+- To anonymize IP addresses, check out [IP Anonymizer](https://github.com/ankane/ip_anonymizer)
+- To scan for unencrypted personal data in your database, check out [pdscan](https://github.com/ankane/pdscan)
 
 ## Resources
 
@@ -100,11 +114,11 @@ Everyone is encouraged to help improve this project. Here are a few ways you can
 - Write, clarify, or fix documentation
 - Suggest or add new features
 
-To get started with development and testing:
+To get started with development:
 
 ```sh
 git clone https://github.com/ankane/logstop.git
 cd logstop
 bundle install
-rake test
+bundle exec rake test
 ```

data/lib/logstop/formatter.rb

@@ -2,14 +2,28 @@ require "logger"
 
 module Logstop
   class Formatter < ::Logger::Formatter
-    def initialize(formatter = nil, ip: false, scrubber: nil)
+    def initialize(formatter = nil, url_password: true, email: true, credit_card: true, phone: true, ssn: true, ip: false, scrubber: nil)
       @formatter = formatter || ::Logger::Formatter.new
+      @url_password = url_password
+      @email = email
+      @credit_card = credit_card
+      @phone = phone
+      @ssn = ssn
       @ip = ip
       @scrubber = scrubber
     end
 
     def call(severity, timestamp, progname, msg)
-      Logstop.scrub(@formatter.call(severity, timestamp, progname, msg), ip: @ip, scrubber: @scrubber)
+      Logstop.scrub(
+        @formatter.call(severity, timestamp, progname, msg),
+        url_password: @url_password,
+        email: @email,
+        credit_card: @credit_card,
+        phone: @phone,
+        ssn: @ssn,
+        ip: @ip,
+        scrubber: @scrubber
+      )
     end
 
     # for tagged logging

data/lib/logstop/version.rb

@@ -1,3 +1,3 @@
 module Logstop
-  VERSION = "0.2.4"
+  VERSION = "0.2.8"
 end

data/lib/logstop.rb

@@ -4,27 +4,29 @@ require "logstop/version"
 
 module Logstop
   FILTERED_STR = "[FILTERED]".freeze
-  FILTERED_URL_STR = "\\1[FILTERED]@".freeze
+  FILTERED_URL_STR = "\\1[FILTERED]\\2".freeze
 
-  CREDIT_CARD_REGEX = /\b\d{4}[\s+-]?\d{4}[\s+-]?\d{4}[\s+-]?\d{4}\b/
-  EMAIL_REGEX = /\b[\w][\w+.-]+(@|%40)[a-z\d-]+(\.[a-z\d-]+)*\.[a-z]+\b/i
+  CREDIT_CARD_REGEX = /\b[3456]\d{15}\b/
+  CREDIT_CARD_REGEX_DELIMITERS = /\b[3456]\d{3}[\s+-]\d{4}[\s+-]\d{4}[\s+-]\d{4}\b/
+  EMAIL_REGEX = /\b[\w]([\w+.-]|%2B)+(?:@|%40)[a-z\d-]+(?:\.[a-z\d-]+)*\.[a-z]+\b/i
   IP_REGEX = /\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b/
-  PHONE_REGEX = /\b(\+\d{1,2}\s)?\(?\d{3}\)?[\s+.-]\d{3}[\s+.-]\d{4}\b/
+  PHONE_REGEX = /\b(?:\+\d{1,2}\s)?\(?\d{3}\)?[\s+.-]\d{3}[\s+.-]\d{4}\b/
   SSN_REGEX = /\b\d{3}[\s+-]\d{2}[\s+-]\d{4}\b/
-  URL_PASSWORD_REGEX = /((\/\/|%2F%2F)\S+(:|%3A))\S+(@|%40)/
+  URL_PASSWORD_REGEX = /((?:\/\/|%2F%2F)\S+(?::|%3A))\S+(@|%40)/
 
-  def self.scrub(msg, ip: false, scrubber: nil)
-    msg = msg.to_s
+  def self.scrub(msg, url_password: true, email: true, credit_card: true, phone: true, ssn: true, ip: false, scrubber: nil)
+    msg = msg.to_s.dup
 
     # order filters are applied is important
-    msg = msg
-      .gsub(URL_PASSWORD_REGEX, FILTERED_URL_STR)
-      .gsub(EMAIL_REGEX, FILTERED_STR)
-      .gsub(CREDIT_CARD_REGEX, FILTERED_STR)
-      .gsub(PHONE_REGEX, FILTERED_STR)
-      .gsub(SSN_REGEX, FILTERED_STR)
-
-    msg = msg.gsub(IP_REGEX, FILTERED_STR) if ip
+    msg.gsub!(URL_PASSWORD_REGEX, FILTERED_URL_STR) if url_password
+    msg.gsub!(EMAIL_REGEX, FILTERED_STR) if email
+    if credit_card
+      msg.gsub!(CREDIT_CARD_REGEX, FILTERED_STR)
+      msg.gsub!(CREDIT_CARD_REGEX_DELIMITERS, FILTERED_STR)
+    end
+    msg.gsub!(PHONE_REGEX, FILTERED_STR) if phone
+    msg.gsub!(SSN_REGEX, FILTERED_STR) if ssn
+    msg.gsub!(IP_REGEX, FILTERED_STR) if ip
 
     msg = scrubber.call(msg) if scrubber
 

metadata

@@ -1,101 +1,17 @@
 --- !ruby/object:Gem::Specification
 name: logstop
 version: !ruby/object:Gem::Version
-  version: 0.2.4
+  version: 0.2.8
 platform: ruby
 authors:
 - Andrew Kane
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-12-11 00:00:00.000000000 Z
-dependencies:
-- !ruby/object:Gem::Dependency
-  name: activesupport
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: benchmark-ips
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: memory_profiler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: minitest
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-description: 
-email: andrew@chartkick.com
+date: 2021-11-30 00:00:00.000000000 Z
+dependencies: []
+description:
+email: andrew@ankane.org
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -111,7 +27,7 @@ homepage: https://github.com/ankane/logstop
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -126,9 +42,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
-signing_key: 
+rubygems_version: 3.2.32
+signing_key:
 specification_version: 4
 summary: Keep personally identifiable information (PII) out of your logs
 test_files: []