logstop 0.2.6 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +14 -0
- data/LICENSE.txt +1 -1
- data/README.md +25 -7
- data/lib/logstop/formatter.rb +18 -2
- data/lib/logstop/version.rb +1 -1
- data/lib/logstop.rb +19 -12
- metadata +11 -95
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a53f7c35dc4fa281960cb1d890c9bfc2f884b2624ecd9939946d000b5cedac7f
|
|
4
|
+
data.tar.gz: 2efd9b35e4d069224e8093d54c78101e40265191b8d588a6ac79694e41638da7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5ee9bd48289258b6678492aa84da9777c8ee579416736dddf91b86f5cb57bdd0db64ba7402e1b83b4d4992437f87be467714ba1d397a5e4a7e656bf1746b731b
|
|
7
|
+
data.tar.gz: cf5c437b6bdb8819b9a717f307b53cdf0225ae86df78c270c919993deb36afd3493dc2b9734508a99eebafd28797ac5c3abfd7c08e979384f3d3559c00206ce6
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,17 @@
|
|
|
1
|
+
## 0.3.0 (2022-09-06)
|
|
2
|
+
|
|
3
|
+
- Added support for international phone numbers
|
|
4
|
+
- Added support for MAC addresses
|
|
5
|
+
- Dropped support for Ruby < 2.7
|
|
6
|
+
|
|
7
|
+
## 0.2.8 (2021-11-30)
|
|
8
|
+
|
|
9
|
+
- Added support for disabling default rules
|
|
10
|
+
|
|
11
|
+
## 0.2.7 (2021-02-08)
|
|
12
|
+
|
|
13
|
+
- Fixed filtering for URL-encoded emails with `+`
|
|
14
|
+
|
|
1
15
|
## 0.2.6 (2020-04-10)
|
|
2
16
|
|
|
3
17
|
- Reduced allocations
|
data/LICENSE.txt
CHANGED
data/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# Logstop
|
|
2
2
|
|
|
3
|
-
:fire: Keep
|
|
3
|
+
:fire: Keep personal data out of your logs
|
|
4
4
|
|
|
5
5
|
```ruby
|
|
6
6
|
logger.info "Hi test@example.org!"
|
|
@@ -15,22 +15,22 @@ By default, scrubs:
|
|
|
15
15
|
- Social Security numbers (SSNs)
|
|
16
16
|
- passwords in URLs
|
|
17
17
|
|
|
18
|
-
Works with all types of logging - Ruby,
|
|
18
|
+
Works with all types of logging - Ruby, Active Record, Active Job, and more
|
|
19
19
|
|
|
20
20
|
```
|
|
21
21
|
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."email" = ? [["email", "[FILTERED]"]]
|
|
22
22
|
```
|
|
23
23
|
|
|
24
|
-
Works even when sensitive data is URL-encoded
|
|
24
|
+
Works even when sensitive data is URL-encoded with plus encoding
|
|
25
25
|
|
|
26
|
-
[](https://github.com/ankane/logstop/actions)
|
|
27
27
|
|
|
28
28
|
## Installation
|
|
29
29
|
|
|
30
30
|
Add this line to your application’s Gemfile:
|
|
31
31
|
|
|
32
32
|
```ruby
|
|
33
|
-
gem
|
|
33
|
+
gem "logstop"
|
|
34
34
|
```
|
|
35
35
|
|
|
36
36
|
And add it to your logger:
|
|
@@ -49,12 +49,18 @@ Logstop.guard(Rails.logger)
|
|
|
49
49
|
|
|
50
50
|
## Options
|
|
51
51
|
|
|
52
|
-
To scrub IP addresses, use:
|
|
52
|
+
To scrub IP addresses (IPv4), use:
|
|
53
53
|
|
|
54
54
|
```ruby
|
|
55
55
|
Logstop.guard(logger, ip: true)
|
|
56
56
|
```
|
|
57
57
|
|
|
58
|
+
To scrub MAC addresses, use: [unreleased]
|
|
59
|
+
|
|
60
|
+
```ruby
|
|
61
|
+
Logstop.guard(logger, mac: true)
|
|
62
|
+
```
|
|
63
|
+
|
|
58
64
|
Add custom rules with:
|
|
59
65
|
|
|
60
66
|
```ruby
|
|
@@ -65,6 +71,18 @@ end
|
|
|
65
71
|
Logstop.guard(logger, scrubber: scrubber)
|
|
66
72
|
```
|
|
67
73
|
|
|
74
|
+
Disable default rules with:
|
|
75
|
+
|
|
76
|
+
```ruby
|
|
77
|
+
Logstop.guard(logger,
|
|
78
|
+
email: false,
|
|
79
|
+
phone: false,
|
|
80
|
+
credit_card: false,
|
|
81
|
+
ssn: false,
|
|
82
|
+
url_password: false
|
|
83
|
+
)
|
|
84
|
+
```
|
|
85
|
+
|
|
68
86
|
To scrub outside of logging, use:
|
|
69
87
|
|
|
70
88
|
```ruby
|
|
@@ -75,7 +93,7 @@ It supports the same options as `guard`.
|
|
|
75
93
|
|
|
76
94
|
## Notes
|
|
77
95
|
|
|
78
|
-
This should be used in addition to `config.
|
|
96
|
+
This should be used in addition to `config.filter_parameters`, not as a replacement.
|
|
79
97
|
|
|
80
98
|
Learn more about [securing sensitive data in Rails](https://ankane.org/sensitive-data-rails).
|
|
81
99
|
|
data/lib/logstop/formatter.rb
CHANGED
|
@@ -2,14 +2,30 @@ require "logger"
|
|
|
2
2
|
|
|
3
3
|
module Logstop
|
|
4
4
|
class Formatter < ::Logger::Formatter
|
|
5
|
-
def initialize(formatter = nil, ip: false, scrubber: nil)
|
|
5
|
+
def initialize(formatter = nil, url_password: true, email: true, credit_card: true, phone: true, ssn: true, ip: false, mac: false, scrubber: nil)
|
|
6
6
|
@formatter = formatter || ::Logger::Formatter.new
|
|
7
|
+
@url_password = url_password
|
|
8
|
+
@email = email
|
|
9
|
+
@credit_card = credit_card
|
|
10
|
+
@phone = phone
|
|
11
|
+
@ssn = ssn
|
|
7
12
|
@ip = ip
|
|
13
|
+
@mac = mac
|
|
8
14
|
@scrubber = scrubber
|
|
9
15
|
end
|
|
10
16
|
|
|
11
17
|
def call(severity, timestamp, progname, msg)
|
|
12
|
-
Logstop.scrub(
|
|
18
|
+
Logstop.scrub(
|
|
19
|
+
@formatter.call(severity, timestamp, progname, msg),
|
|
20
|
+
url_password: @url_password,
|
|
21
|
+
email: @email,
|
|
22
|
+
credit_card: @credit_card,
|
|
23
|
+
phone: @phone,
|
|
24
|
+
ssn: @ssn,
|
|
25
|
+
ip: @ip,
|
|
26
|
+
mac: @mac,
|
|
27
|
+
scrubber: @scrubber
|
|
28
|
+
)
|
|
13
29
|
end
|
|
14
30
|
|
|
15
31
|
# for tagged logging
|
data/lib/logstop/version.rb
CHANGED
data/lib/logstop.rb
CHANGED
|
@@ -4,28 +4,35 @@ require "logstop/version"
|
|
|
4
4
|
|
|
5
5
|
module Logstop
|
|
6
6
|
FILTERED_STR = "[FILTERED]".freeze
|
|
7
|
-
FILTERED_URL_STR = "\\1[FILTERED]
|
|
7
|
+
FILTERED_URL_STR = "\\1[FILTERED]\\2".freeze
|
|
8
8
|
|
|
9
9
|
CREDIT_CARD_REGEX = /\b[3456]\d{15}\b/
|
|
10
10
|
CREDIT_CARD_REGEX_DELIMITERS = /\b[3456]\d{3}[\s+-]\d{4}[\s+-]\d{4}[\s+-]\d{4}\b/
|
|
11
|
-
EMAIL_REGEX = /\b[\w][\w+.-]+(
|
|
11
|
+
EMAIL_REGEX = /\b[\w]([\w+.-]|%2B)+(?:@|%40)[a-z\d-]+(?:\.[a-z\d-]+)*\.[a-z]+\b/i
|
|
12
12
|
IP_REGEX = /\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b/
|
|
13
|
-
PHONE_REGEX = /\b(
|
|
13
|
+
PHONE_REGEX = /\b(?:\+\d{1,2}\s)?\(?\d{3}\)?[\s+.-]\d{3}[\s+.-]\d{4}\b/
|
|
14
|
+
E164_PHONE_REGEX = /(?:\+|%2B)[1-9]\d{6,14}\b/
|
|
14
15
|
SSN_REGEX = /\b\d{3}[\s+-]\d{2}[\s+-]\d{4}\b/
|
|
15
|
-
URL_PASSWORD_REGEX = /((
|
|
16
|
+
URL_PASSWORD_REGEX = /((?:\/\/|%2F%2F)\S+(?::|%3A))\S+(@|%40)/
|
|
17
|
+
MAC_REGEX = /\b[0-9a-f]{2}(?:(?::|%3A)[0-9a-f]{2}){5}\b/i
|
|
16
18
|
|
|
17
|
-
def self.scrub(msg, ip: false, scrubber: nil)
|
|
19
|
+
def self.scrub(msg, url_password: true, email: true, credit_card: true, phone: true, ssn: true, ip: false, mac: false, scrubber: nil)
|
|
18
20
|
msg = msg.to_s.dup
|
|
19
21
|
|
|
20
22
|
# order filters are applied is important
|
|
21
|
-
msg.gsub!(URL_PASSWORD_REGEX, FILTERED_URL_STR)
|
|
22
|
-
msg.gsub!(EMAIL_REGEX, FILTERED_STR)
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
23
|
+
msg.gsub!(URL_PASSWORD_REGEX, FILTERED_URL_STR) if url_password
|
|
24
|
+
msg.gsub!(EMAIL_REGEX, FILTERED_STR) if email
|
|
25
|
+
if credit_card
|
|
26
|
+
msg.gsub!(CREDIT_CARD_REGEX, FILTERED_STR)
|
|
27
|
+
msg.gsub!(CREDIT_CARD_REGEX_DELIMITERS, FILTERED_STR)
|
|
28
|
+
end
|
|
29
|
+
if phone
|
|
30
|
+
msg.gsub!(E164_PHONE_REGEX, FILTERED_STR)
|
|
31
|
+
msg.gsub!(PHONE_REGEX, FILTERED_STR)
|
|
32
|
+
end
|
|
33
|
+
msg.gsub!(SSN_REGEX, FILTERED_STR) if ssn
|
|
28
34
|
msg.gsub!(IP_REGEX, FILTERED_STR) if ip
|
|
35
|
+
msg.gsub!(MAC_REGEX, FILTERED_STR) if mac
|
|
29
36
|
|
|
30
37
|
msg = scrubber.call(msg) if scrubber
|
|
31
38
|
|
metadata
CHANGED
|
@@ -1,101 +1,17 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstop
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrew Kane
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
12
|
-
dependencies:
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
requirement: !ruby/object:Gem::Requirement
|
|
16
|
-
requirements:
|
|
17
|
-
- - ">="
|
|
18
|
-
- !ruby/object:Gem::Version
|
|
19
|
-
version: '0'
|
|
20
|
-
type: :development
|
|
21
|
-
prerelease: false
|
|
22
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
-
requirements:
|
|
24
|
-
- - ">="
|
|
25
|
-
- !ruby/object:Gem::Version
|
|
26
|
-
version: '0'
|
|
27
|
-
- !ruby/object:Gem::Dependency
|
|
28
|
-
name: benchmark-ips
|
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
|
30
|
-
requirements:
|
|
31
|
-
- - ">="
|
|
32
|
-
- !ruby/object:Gem::Version
|
|
33
|
-
version: '0'
|
|
34
|
-
type: :development
|
|
35
|
-
prerelease: false
|
|
36
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
-
requirements:
|
|
38
|
-
- - ">="
|
|
39
|
-
- !ruby/object:Gem::Version
|
|
40
|
-
version: '0'
|
|
41
|
-
- !ruby/object:Gem::Dependency
|
|
42
|
-
name: bundler
|
|
43
|
-
requirement: !ruby/object:Gem::Requirement
|
|
44
|
-
requirements:
|
|
45
|
-
- - ">="
|
|
46
|
-
- !ruby/object:Gem::Version
|
|
47
|
-
version: '0'
|
|
48
|
-
type: :development
|
|
49
|
-
prerelease: false
|
|
50
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
-
requirements:
|
|
52
|
-
- - ">="
|
|
53
|
-
- !ruby/object:Gem::Version
|
|
54
|
-
version: '0'
|
|
55
|
-
- !ruby/object:Gem::Dependency
|
|
56
|
-
name: memory_profiler
|
|
57
|
-
requirement: !ruby/object:Gem::Requirement
|
|
58
|
-
requirements:
|
|
59
|
-
- - ">="
|
|
60
|
-
- !ruby/object:Gem::Version
|
|
61
|
-
version: '0'
|
|
62
|
-
type: :development
|
|
63
|
-
prerelease: false
|
|
64
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
65
|
-
requirements:
|
|
66
|
-
- - ">="
|
|
67
|
-
- !ruby/object:Gem::Version
|
|
68
|
-
version: '0'
|
|
69
|
-
- !ruby/object:Gem::Dependency
|
|
70
|
-
name: minitest
|
|
71
|
-
requirement: !ruby/object:Gem::Requirement
|
|
72
|
-
requirements:
|
|
73
|
-
- - ">="
|
|
74
|
-
- !ruby/object:Gem::Version
|
|
75
|
-
version: '0'
|
|
76
|
-
type: :development
|
|
77
|
-
prerelease: false
|
|
78
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
79
|
-
requirements:
|
|
80
|
-
- - ">="
|
|
81
|
-
- !ruby/object:Gem::Version
|
|
82
|
-
version: '0'
|
|
83
|
-
- !ruby/object:Gem::Dependency
|
|
84
|
-
name: rake
|
|
85
|
-
requirement: !ruby/object:Gem::Requirement
|
|
86
|
-
requirements:
|
|
87
|
-
- - ">="
|
|
88
|
-
- !ruby/object:Gem::Version
|
|
89
|
-
version: '0'
|
|
90
|
-
type: :development
|
|
91
|
-
prerelease: false
|
|
92
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
93
|
-
requirements:
|
|
94
|
-
- - ">="
|
|
95
|
-
- !ruby/object:Gem::Version
|
|
96
|
-
version: '0'
|
|
97
|
-
description:
|
|
98
|
-
email: andrew@chartkick.com
|
|
11
|
+
date: 2022-09-06 00:00:00.000000000 Z
|
|
12
|
+
dependencies: []
|
|
13
|
+
description:
|
|
14
|
+
email: andrew@ankane.org
|
|
99
15
|
executables: []
|
|
100
16
|
extensions: []
|
|
101
17
|
extra_rdoc_files: []
|
|
@@ -111,7 +27,7 @@ homepage: https://github.com/ankane/logstop
|
|
|
111
27
|
licenses:
|
|
112
28
|
- MIT
|
|
113
29
|
metadata: {}
|
|
114
|
-
post_install_message:
|
|
30
|
+
post_install_message:
|
|
115
31
|
rdoc_options: []
|
|
116
32
|
require_paths:
|
|
117
33
|
- lib
|
|
@@ -119,15 +35,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
119
35
|
requirements:
|
|
120
36
|
- - ">="
|
|
121
37
|
- !ruby/object:Gem::Version
|
|
122
|
-
version: '2.
|
|
38
|
+
version: '2.7'
|
|
123
39
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
124
40
|
requirements:
|
|
125
41
|
- - ">="
|
|
126
42
|
- !ruby/object:Gem::Version
|
|
127
43
|
version: '0'
|
|
128
44
|
requirements: []
|
|
129
|
-
rubygems_version: 3.
|
|
130
|
-
signing_key:
|
|
45
|
+
rubygems_version: 3.3.7
|
|
46
|
+
signing_key:
|
|
131
47
|
specification_version: 4
|
|
132
|
-
summary: Keep
|
|
48
|
+
summary: Keep personal data out of your logs
|
|
133
49
|
test_files: []
|