pii_safe_schema 1.0.3

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 8bca88cff66431d4ed83b6f8e3956e40686d858b47beac08a0efe05eae5a8b42
+  data.tar.gz: 8ab4b451afbf182da050c29e6e4f8d9ea00cdd225940604b242530db6f8d3649
+SHA512:
+  metadata.gz: 5e2ddf4cbe30dbe6285581508e4d138de72acf42f031045879cf85f74a28501970f4bb7a3af3dc612e1d4eef248d94154c8c8149e6d3af79ac63b2766fdb24e6
+  data.tar.gz: 625c1edd58177ce1f79fada40a3e25bd1701133516ef73579b40496e81e4cdbaa97368f74cbec1d7098b0e8c23969d264cfc2b16ac140dbaa61a03b840b712cc

data/.circleci/config.yml

@@ -0,0 +1,118 @@
+version: 2
+
+defaults: &defaults
+  working_directory: /home/circleci/wealthsimple
+  docker:
+    - image: circleci/ruby:2.6.0
+    - image: circleci/postgres:9.5.9-alpine
+      environment:
+        POSTGRES_USER: circleci
+        POSTGRES_DB: pii_safe_schema_test
+
+# These are common snippets that are referenced in multiple workflows.
+references:
+  attach_code_workspace: &attach_code_workspace
+    attach_workspace:
+      at: /home/circleci/wealthsimple
+
+  restore_bundle_dependencies: &restore_bundle_dependencies
+    run:
+      name: Restore bundle dependencies from workspace
+      command: bundle --path vendor/bundle
+
+jobs:
+  checkout_and_bundle:
+    <<: *defaults
+    steps:
+      - checkout
+      - run:
+          command: bundle install --jobs=4 --retry=3 --path vendor/bundle
+      - persist_to_workspace:
+          root: .
+          paths: .
+
+  rspec:
+    <<: *defaults
+    steps:
+      - *attach_code_workspace
+      - *restore_bundle_dependencies
+      - run:
+          command: sudo apt install -y postgresql-client || true
+      - run:
+          command: bundle exec bundle-audit update && bundle exec bundle-audit check
+      - run:
+          command: bundle exec rspec
+
+  lint_check:
+    <<: *defaults
+    steps:
+      - *attach_code_workspace
+      - *restore_bundle_dependencies
+      - run:
+          command: bundle exec rubocop
+
+  vulnerability_check:
+    <<: *defaults
+    steps:
+      - *attach_code_workspace
+      - *restore_bundle_dependencies
+      - run:
+          command: bundle exec bundle-audit update && bundle exec bundle-audit check
+
+  release:
+    <<: *defaults
+    steps:
+      - add_ssh_keys:
+          fingerprints:
+            - "46:b5:cb:ee:57:dc:14:95:31:be:12:13:4f:11:94:a4"
+      - *attach_code_workspace
+      - *restore_bundle_dependencies
+      - run:
+          name: Release to rubygems.org
+          command: |
+            mkdir ~/.gem
+            echo ":rubygems_api_key: ${RUBYGEMS_API_KEY}" >> ~/.gem/credentials
+            chmod 600 ~/.gem/credentials
+            mkdir -p ~/.ssh
+            echo "github.com,192.30.253.112 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==" >> ~/.ssh/known_hosts
+            bundle exec rake release
+
+workflows:
+  version: 2
+  build_and_test:
+    jobs:
+      - checkout_and_bundle:
+          context: wealthsimple
+      - rspec:
+          requires:
+            - checkout_and_bundle
+      - lint_check:
+          requires:
+            - checkout_and_bundle
+      - vulnerability_check:
+          requires:
+            - checkout_and_bundle
+      - release:
+          context: wealthsimple
+          filters:
+            branches:
+              only: master
+          requires:
+          - rspec
+          - lint_check
+          - vulnerability_check
+
+  security-audit:
+    triggers:
+      - schedule:
+          # 11:45 am UTC: 6:45 am EST / 7:45 am EDT
+          cron: "45 11 * * *"
+          filters:
+            branches:
+              only: master
+    jobs:
+      - checkout_and_bundle:
+          context: wealthsimple
+      - vulnerability_check:
+          requires:
+            - checkout_and_bundle

data/.github/CODEOWNERS

@@ -0,0 +1 @@
+* @wealthsimple/security

data/.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,16 @@
+#### Why <!-- A short description of why this change is required -->
+
+
+
+#### What changed <!-- Summary of changes when modifying hundreds of lines -->
+
+
+
+<!--
+Consider adding the following sections:
+
+#### How I tested [ Bullets for test cases covered ]
+#### Next steps [ If your PR is part of a few or a WIP, give context to reviewers ]
+#### Screenshot [ An image is worth a thousand words ]
+#### Bug/Ticket tracker [ Unnecessary when prefixing branch with JIRA ticket, e.g. SECURITY-123-human-readable-thing ]
+-->

data/.gitignore

@@ -0,0 +1,7 @@
+/db/**/**
+.DS_Store
+coverage/
+pkg/
+
+.rspec_status
+Gemfile.lock

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,3 @@
+inherit_gem:
+  ws-style:
+    - default.yml

data/.ruby-version

@@ -0,0 +1 @@
+2.6.0

data/CHANGELOG.md

@@ -0,0 +1,62 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## 1.0.3
+### Fixed
+- bumping version to release to rubygems
+
+## 1.0.2
+### Fixed
+- fixed issue cutting tags/releasing
+
+## 1.0.1
+### Fixed
+- fixed release to rubygems
+
+## 1.0.0
+### Changed
+- Now hosted on rubygems
+
+## 0.4.4 - 2019-3-4
+### Fixed
+- encrypted data of any type should receive the null obfuscator, previously only encrypted sensitive data was receiving null_obfuscator
+
+## 0.4.3 - 2019-2-28
+### Fixed
+- catch ActiveRecord::NoDatabaseError for activation on new apps
+
+## 0.4.2 - 2019-2-23
+### Fixed
+- removed require 'pry' line that was breaking in prod.
+
+## 0.4.1 - 2019-2-15
+### Fixed
+- lack of space after curly brace in generated migration created lint errors
+
+## 0.4.0 - 2019-2-15
+### Added
+- Added null_obfuscator for encrypted columns
+- Added encryption check for sensitive data type
+
+## 0.3.0 - 2019-2-15
+### Added
+- Added annotations for address columns
+
+## 0.2.0 - 2019-2-15
+### Added
+- Added sensitive data columns like SIN, SSN, TIN
+
+## 0.1.1 - 2019-2-14
+### Fixed
+- CircleCi database issue fixed
+
+## 0.1.0 - 2019-2-14
+### Added
+- Colorize output in dev env and produce more descriptive message.
+
+## 0.0.1 - 2019-2-14
+### Added
+- Gem created

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gemspec

data/Guardfile

@@ -0,0 +1,35 @@
+# A sample Guardfile
+# More info at https://github.com/guard/guard#readme
+
+## Uncomment and set this to only include directories you want to watch
+# directories %w(app lib config test spec features) \
+#  .select{|d| Dir.exist?(d) ? d : UI.warning("Directory #{d} does not exist")}
+
+## Note: if you are using the `directories` clause above and you are not
+## watching the project directory ('.'), then you will want to move
+## the Guardfile to a watched dir and symlink it back, e.g.
+#
+#  $ mkdir config
+#  $ mv Guardfile config/
+#  $ ln -s config/Guardfile .
+#
+# and, you'll have to watch "config/Guardfile" instead of "Guardfile"
+
+guard :rspec, cmd: 'bundle exec rspec' do
+  require 'guard/rspec/dsl'
+  dsl = Guard::RSpec::Dsl.new(self)
+
+  # Feel free to open issues for suggestions and improvements
+
+  # RSpec files
+  rspec = dsl.rspec
+  watch(rspec.spec_helper) { rspec.spec_dir }
+  watch(rspec.spec_support) { rspec.spec_dir }
+  watch(rspec.spec_files)
+
+  # Ruby files
+  ruby = dsl.ruby
+  dsl.watch_spec_files_for(ruby.lib_files)
+
+  watch(/^(.+)\.rb$/) { |m| "spec/#{m[1]}_spec.rb" }
+end

data/README.md

@@ -0,0 +1,46 @@
+## PiiSafeSchema
+
+this gem serves a few functions:
+
+* Warning you when you might be missing an annotation on a column
+* auto generating your migrations for you
+* alerting the security team through datadog events if there are remaining unannotated columns
+
+
+
+### Getting Started
+
+`gem 'pii-safe-schema'`
+
+add the following to `application.rb`
+
+```
+config.after_initialize do
+  PiiSafeSchema.activate!
+end
+```
+
+if you want to ignore certain columns, add the following initializer:
+
+```
+# initializers/pii-safe-schema.rb
+
+PiiSafeSchema.configure do |config|
+  config.ignore = {
+    some_table:       :*,                       # ignore the whole table
+    some_other_table: [:column_1, :column_2]    # just those columns
+  }
+end
+```
+
+### Generating Comment Migrations
+
+`rake pii_safe_schema:generate_migrations`
+
+this will generate one migration file for each table that should be commented.
+it will create a comment field for each column that it warns you about when you start a rails server or console.
+
+
+
+
+

data/Rakefile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

data/lib/pii_safe_schema/annotations.rb

@@ -0,0 +1,87 @@
+module PiiSafeSchema
+  module Annotations
+    SENSITIVE_DATA_NAMES = %w[
+      sin social_insurance_number ssn social_security_number
+      tin tax_idenfification_number national_insurance_number mifid
+    ].freeze
+    COLUMNS = {
+      email: {
+        comment: {
+          pii: { obfuscate: 'email_obfuscator' },
+        },
+        regexp: /email/,
+      },
+      phone: {
+        comment: {
+          pii: { obfuscate: 'phone_obfuscator' },
+        },
+        regexp: /phone/,
+      },
+      ip_address: {
+        comment: {
+          pii: { obfuscate: 'ip_obfuscator' },
+        },
+        regexp: /ip_address/,
+      },
+      geolocation: {
+        comment: {
+          pii: { obfuscate: 'geo_obfuscator' },
+        },
+        regexp: /latitude|longitude/,
+      },
+      address: {
+        comment: {
+          pii: { obfuscate: 'null_obfuscator' },
+        },
+        regexp: /(^street|apt|apartment|unit_n)/,
+      },
+      postal_code: {
+        comment: {
+          pii: { obfuscate: 'postal_code_obfuscator' },
+        },
+        regexp: /(postal|zip)_code/,
+      },
+      name: {
+        comment: {
+          pii: { obfuscate: 'name_obfuscator' },
+        },
+        regexp: /(last|sur|full|^)_?(name)/,
+      },
+      sensitive_data: {
+        comment: {
+          pii: { tokenize: 'sha256_tokenizer' },
+        },
+        regexp: /(^|_)(#{SENSITIVE_DATA_NAMES.join("|")})(_|$)/,
+      },
+      encrypted_data: {
+        comment: {
+          pii: { obfuscate: 'null_obfuscator' },
+        },
+        regexp: /encrypted/,
+      },
+    }.freeze
+
+    def recommended_comment(column)
+      return COLUMNS[:encrypted_data][:comment] if apply_encrypted_recommendation?(column)
+
+      COLUMNS.each do |_type, info|
+        return info[:comment] if apply_recommendation?(column, info)
+      end
+      nil
+    end
+
+    def apply_recommendation?(column, pii_info)
+      !encrypted?(column) &&
+        pii_info[:regexp].match(column.name) &&
+        column.comment != pii_info[:comment].to_json
+    end
+
+    def encrypted?(column)
+      COLUMNS[:encrypted_data][:regexp].match(column.name)
+    end
+
+    def apply_encrypted_recommendation?(column)
+      encrypted?(column) && column.comment != COLUMNS[:encrypted_data][:comment].to_json
+    end
+  end
+end

data/lib/pii_safe_schema/configuration.rb

@@ -0,0 +1,59 @@
+module PiiSafeSchema
+  class Configuration
+    DEFAULT_IGNORE = {
+      schema_migrations: :*,
+      ar_internal_metadata: :*,
+    }.freeze
+
+    def initialize
+      @user_ignore = {}
+    end
+
+    def ignore=(ignore_params)
+      validate(ignore_params)
+      @user_ignore = ignore_params
+    end
+
+    def ignore
+      @user_ignore.merge(DEFAULT_IGNORE)
+    end
+
+    def ignore_tables
+      ignore.select { |_k, v| v.to_s == '*' }.keys.map(&:to_s)
+    end
+
+    def ignore_columns
+      ignore.select { |_k, v| v.is_a?(Array) }
+    end
+
+    private
+
+    def validate(ignore_params)
+      raise_config_error unless ignore_params.is_a?(Hash)
+
+      ignore_params.values.each do |ip|
+        raise_config_error unless valid_column_list?(ip) || ip == :*
+      end
+      true
+    end
+
+    def valid_column_list?(value)
+      value.is_a?(Array) && value.all? { |c| c.is_a?(Symbol) }
+    end
+
+    def raise_config_error
+      raise ConfigurationError, ConfigurationError.message
+    end
+  end
+
+  class ConfigurationError < StandardError
+    def self.message
+      <<~HEREDOC
+        ignore must be a hash where the values are
+        symbols or arrays of symbols.
+        e.g. ignore = { some_table: :* } ##ignore the whole some_table
+        or   ignore = { some_table: [:some_column, :some_other_column] }
+      HEREDOC
+    end
+  end
+end

data/lib/pii_safe_schema/migration_generator.rb

@@ -0,0 +1,53 @@
+module PiiSafeSchema
+  module MigrationGenerator
+    class << self
+      def generate_migrations(pii_columns)
+        pii_columns.group_by(&:table).map do |table, columns|
+          generate_migration_for(table, columns)
+        end
+      end
+
+      private
+
+      # rubocop:disable Metrics/AbcSize
+      def generate_migration_for(table, columns)
+        generator = ActiveRecord::Generators::MigrationGenerator.new(
+          ["change_comments_in_#{table}"],
+        )
+        generated_lines = generate_migration_lines(table, columns)
+        migration_file = generator.create_migration_file
+        file_lines = File.open(migration_file, 'r').read.split("\n")
+        change_line = file_lines.find_index { |i| /def change/.match(i) }
+        new_contents = file_lines[0..change_line] +
+                       generated_lines +
+                       file_lines[change_line + 1..-1]
+
+        File.open(migration_file, 'w') do |f|
+          f.write(new_contents.join("\n"))
+          f.write("\n")
+        end
+        migration_file
+      end
+      # rubocop:enable Metrics/AbcSize
+
+      def generate_migration_lines(table, columns)
+        migration_lines = columns.map do |c|
+          "#{' ' * (safety_assured? ? 6 : 4)}"\
+          "change_column :#{table}, :#{c.column.name}, :#{c.column.type}, "\
+          "comment: \'#{c.suggestion.to_json}\'"\
+        end
+        wrap_in_safety_assured(migration_lines)
+      end
+
+      def wrap_in_safety_assured(migration_lines)
+        return migration_lines unless safety_assured?
+
+        ["#{' ' * 4}safety_assured do", *migration_lines, "#{' ' * 4}end"]
+      end
+
+      def safety_assured?
+        defined?(StrongMigrations)
+      end
+    end
+  end
+end

data/lib/pii_safe_schema/notifiers/data_dog.rb

@@ -0,0 +1,31 @@
+module PiiSafeSchema
+  module Notify
+    module DataDog
+      KNOWN_CLIENTS = %w[DataDogClient Ws::Railway::Datadog].freeze
+
+      class << self
+        def deliver(pii_column)
+          return unless %w[staging production development].include?(Rails.env)
+          return if dog_client.nil?
+
+          dog_client.event('PII Annotation Warning',
+                           message(pii_column),
+                           msg_title: 'Unannotated PII Column',
+                           alert_type: 'warning')
+        end
+
+        private
+
+        def message(pii_column)
+          "column #{pii_column.table}.#{pii_column.column.name} is not annotated"
+        end
+
+        def dog_client
+          KNOWN_CLIENTS.each do |client|
+            return client.safe_constantize if defined?(client)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/pii_safe_schema/notifiers/std_out.rb

@@ -0,0 +1,30 @@
+require 'colorize'
+module PiiSafeSchema
+  module Notify
+    module StdOut
+      class << self
+        def deliver(pii_column)
+          Rails.logger.info(message(pii_column).red)
+        end
+
+        private
+
+        def message(pii_column)
+          <<~HEREDOC
+            ------------------------------------------------------------------------------------
+            Annotation recommended on column:
+            #{pii_column.table}.#{pii_column.column.name}: comment: \"#{pii_column.suggestion}\"
+
+            run `rake pii_safe_schema:generate_migrations`
+            to generate all necessary annotation migrations.
+
+            if this column does not contain PII, you can ignore it
+            in your PiiSafeSchema configs.
+            https://github.com/wealthsimple/pii-safe-schema/blob/master/README.md
+            ------------------------------------------------------------------------------------
+          HEREDOC
+        end
+      end
+    end
+  end
+end

data/lib/pii_safe_schema/notify.rb

@@ -0,0 +1,19 @@
+module PiiSafeSchema
+  module Notify
+    METHODS = %i[StdOut DataDog].freeze
+    def self.notify(column_or_columns)
+      column_or_columns.each { |c| deliver(c) } if column_or_columns.is_a?(Array)
+      deliver(c) if column_or_columns.is_a?(PiiSafeSchema::PiiColumn)
+    end
+
+    class << self
+      private
+
+      def deliver(pii_column)
+        METHODS.each do |m|
+          "PiiSafeSchema::Notify::#{m}".constantize.deliver(pii_column)
+        end
+      end
+    end
+  end
+end

data/lib/pii_safe_schema/pii_column.rb

@@ -0,0 +1,45 @@
+module PiiSafeSchema
+  class PiiColumn
+    extend PiiSafeSchema::Annotations
+    attr_reader :table, :column, :suggestion
+
+    def self.all
+      find_and_create
+    end
+
+    def initialize(table:, column:, suggestion:)
+      @table = table.to_sym
+      @column = column
+      @suggestion = suggestion
+    end
+
+    class << self
+      private
+
+      def find_and_create
+        relevant_tables.map do |table|
+          connection.columns(table).map do |column|
+            next if ignored_column?(table, column)
+
+            rec = recommended_comment(column)
+            rec ? new(table: table, column: column, suggestion: rec) : nil
+          end.compact
+        end.compact.flatten
+      end
+
+      def connection
+        ActiveRecord::Base.connection
+      end
+
+      def relevant_tables
+        connection.tables - PiiSafeSchema.configuration.ignore_tables
+      end
+
+      def ignored_column?(table, column)
+        PiiSafeSchema.configuration.
+          ignore_columns[table.to_sym]&.
+                     include?(column.name.to_sym)
+      end
+    end
+  end
+end

data/lib/pii_safe_schema/railtie.rb

@@ -0,0 +1,9 @@
+require 'active_record/railtie'
+
+module PiiSafeSchema
+  class Railtie < ::Rails::Railtie
+    rake_tasks do
+      load 'tasks/pii_safe_schema.rake'
+    end
+  end
+end

data/lib/pii_safe_schema/version.rb

@@ -0,0 +1,3 @@
+module PiiSafeSchema
+  VERSION = '1.0.3'.freeze
+end

data/lib/pii_safe_schema.rb

@@ -0,0 +1,38 @@
+require 'pii_safe_schema/configuration'
+require 'pii_safe_schema/annotations'
+require 'pii_safe_schema/notify'
+require 'pii_safe_schema/pii_column'
+require 'pii_safe_schema/version'
+require 'pii_safe_schema/notifiers/std_out'
+require 'pii_safe_schema/notifiers/data_dog'
+require 'pii_safe_schema/railtie'
+require 'rails/generators'
+require 'rails/generators/active_record/migration/migration_generator'
+require 'pii_safe_schema/migration_generator'
+require 'json'
+
+module PiiSafeSchema
+  extend PiiSafeSchema::Notify
+
+  def self.configuration
+    @configuration ||= Configuration.new
+  end
+
+  def self.configure
+    yield(configuration)
+  end
+
+  def self.activate!
+    return if Rails.env.test?
+
+    ActiveSupport.on_load :active_record do
+      Notify.notify(PiiSafeSchema::PiiColumn.all)
+    end
+  rescue ActiveRecord::NoDatabaseError
+    Rails.logger.info('PiiSafeSchema: No DB'.red)
+  end
+
+  def self.generate_migrations
+    PiiSafeSchema::MigrationGenerator.generate_migrations(PiiSafeSchema::PiiColumn.all)
+  end
+end

data/lib/tasks/pii_safe_schema.rake

@@ -0,0 +1,5 @@
+namespace :pii_safe_schema do
+  task generate_migrations: :environment do
+    PiiSafeSchema.generate_migrations
+  end
+end

data/pii-safe-schema.gemspec

@@ -0,0 +1,43 @@
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'pii_safe_schema/version'
+
+Gem::Specification.new do |s|
+  s.name          = 'pii_safe_schema'
+  s.version       = PiiSafeSchema::VERSION
+  s.authors       = ['Alexi Garrow']
+  s.email         = ['agarrow@wealthsimple.com']
+
+  s.summary       = 'Schema migration tool for checking and adding comments on PII columns.'
+  s.homepage      = 'https://github.com/wealthsimple/pii-safe-schema'
+
+  s.files = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+
+  s.bindir        = 'exe'
+  s.executables   = s.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  s.require_paths = ['lib']
+
+  s.add_dependency 'activesupport', '>= 5'
+  s.add_dependency 'colorize'
+  s.add_dependency 'rails', '>= 5'
+
+  s.add_development_dependency 'bundler', '~> 1.16'
+  s.add_development_dependency 'bundler-audit'
+  s.add_development_dependency 'dogstatsd-ruby'
+  s.add_development_dependency 'git'
+  s.add_development_dependency 'guard-rspec'
+  s.add_development_dependency 'pry'
+  s.add_development_dependency 'rake', '~> 10.0'
+  s.add_development_dependency 'rspec', '~> 3.0'
+  s.add_development_dependency 'rspec-collection_matchers'
+  s.add_development_dependency 'rspec-its'
+  s.add_development_dependency 'rubocop'
+  s.add_development_dependency 'simplecov'
+  s.add_development_dependency 'ws-style'
+
+  # Required by activerecord-safer_migrations
+  s.add_development_dependency 'pg', '~> 0.21'
+  s.add_development_dependency 'strong_migrations'
+end

metadata

@@ -0,0 +1,318 @@
+--- !ruby/object:Gem::Specification
+name: pii_safe_schema
+version: !ruby/object:Gem::Version
+  version: 1.0.3
+platform: ruby
+authors:
+- Alexi Garrow
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2019-04-16 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5'
+- !ruby/object:Gem::Dependency
+  name: colorize
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: bundler-audit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: dogstatsd-ruby
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: git
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rspec-collection_matchers
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-its
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: ws-style
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pg
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.21'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.21'
+- !ruby/object:Gem::Dependency
+  name: strong_migrations
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- agarrow@wealthsimple.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".circleci/config.yml"
+- ".github/CODEOWNERS"
+- ".github/PULL_REQUEST_TEMPLATE.md"
+- ".gitignore"
+- ".rspec"
+- ".rubocop.yml"
+- ".ruby-version"
+- CHANGELOG.md
+- Gemfile
+- Guardfile
+- README.md
+- Rakefile
+- lib/pii_safe_schema.rb
+- lib/pii_safe_schema/annotations.rb
+- lib/pii_safe_schema/configuration.rb
+- lib/pii_safe_schema/migration_generator.rb
+- lib/pii_safe_schema/notifiers/data_dog.rb
+- lib/pii_safe_schema/notifiers/std_out.rb
+- lib/pii_safe_schema/notify.rb
+- lib/pii_safe_schema/pii_column.rb
+- lib/pii_safe_schema/railtie.rb
+- lib/pii_safe_schema/version.rb
+- lib/tasks/pii_safe_schema.rake
+- pii-safe-schema.gemspec
+homepage: https://github.com/wealthsimple/pii-safe-schema
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.1
+signing_key: 
+specification_version: 4
+summary: Schema migration tool for checking and adding comments on PII columns.
+test_files: []