pii_safe_schema 1.2.0 → 1.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.circleci/config.yml +1 -1
- data/.ruby-version +1 -1
- data/CHANGELOG.md +4 -0
- data/README.md +13 -4
- data/lib/pii_safe_schema.rb +52 -2
- data/lib/pii_safe_schema/annotations.rb +6 -2
- data/lib/pii_safe_schema/invalid_column_error.rb +4 -0
- data/lib/pii_safe_schema/pii_column.rb +12 -4
- data/lib/pii_safe_schema/version.rb +1 -1
- data/lib/tasks/pii_safe_schema.rake +21 -1
- data/pii_safe_schema.gemspec +4 -3
- metadata +37 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5a3fe6f6dc02bc520f523874f6111cb00dc9201687f0b7f668dc39e587080bda
|
|
4
|
+
data.tar.gz: c2f2bf99f36d65c806e9b74af88ab55a8c77291e5bd61883a36bd2b2bf2d6b1b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 539795ee77529477a46a52df234f0474f5d774f2ded25537520f20d023af8539c5643f3c859e3df56e3181591cea9b854b23030be1d5f4c9344dec6b3b7d7f29
|
|
7
|
+
data.tar.gz: 8ed9a5f69eeeca205128085268198732888632563922be5402129779074f314df3bf18ad54b17a859372fb90c2689a2b140352bd02f9fa9275950b75667deb67
|
data/.circleci/config.yml
CHANGED
data/.ruby-version
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
2.6.
|
|
1
|
+
2.6.5
|
data/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
|
|
|
4
4
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
5
5
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
6
6
|
|
|
7
|
+
## 1.3.0 - 2019-11-04
|
|
8
|
+
### Added
|
|
9
|
+
- Can pass explicitly annotate PII columns from the command line as arguments when using `rake pii_safe_schema:generate_migrations`.
|
|
10
|
+
|
|
7
11
|
## 1.2.0 - 2019-4-20
|
|
8
12
|
### Added
|
|
9
13
|
- Can pass Datadog Client object as a configuration option.
|
data/README.md
CHANGED
|
@@ -46,7 +46,7 @@ PiiSafeSchema.configure do |config|
|
|
|
46
46
|
some_table: :*, # ignore the whole table
|
|
47
47
|
some_other_table: [:column_1, :column_2] # just those columns
|
|
48
48
|
}
|
|
49
|
-
|
|
49
|
+
|
|
50
50
|
# Pass whatever instance you want here, but it must implement the method
|
|
51
51
|
# #event(title, message, opts = {})
|
|
52
52
|
# which is what datadog-statsd does:
|
|
@@ -60,12 +60,21 @@ end
|
|
|
60
60
|
|
|
61
61
|
## Generating Comment Migrations
|
|
62
62
|
|
|
63
|
-
```
|
|
63
|
+
```bash
|
|
64
64
|
rake pii_safe_schema:generate_migrations
|
|
65
65
|
```
|
|
66
66
|
|
|
67
|
-
This will generate one migration file for each table that should be commented.
|
|
68
|
-
|
|
67
|
+
This will generate one migration file for each table that should be commented. It will create a comment field for each column that it warns you about when you start a rails server or console.
|
|
68
|
+
|
|
69
|
+
### Explicit annotations
|
|
70
|
+
|
|
71
|
+
If the generator fails to identify a PII column, you can specify explicitly what columns in what tables are PII. This is particularly useful if you're installed pii_safe_schema into an existing project.
|
|
72
|
+
|
|
73
|
+
```bash
|
|
74
|
+
rake pii_safe_schema:generate_migrations [table:column:annotation_type] ...
|
|
75
|
+
```
|
|
76
|
+
|
|
77
|
+
Run `rake pii_safe_schema:generate_migrations help` for details
|
|
69
78
|
|
|
70
79
|
## Credits
|
|
71
80
|
|
data/lib/pii_safe_schema.rb
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
require 'pii_safe_schema/invalid_column_error'
|
|
1
2
|
require 'pii_safe_schema/configuration'
|
|
2
3
|
require 'pii_safe_schema/annotations'
|
|
3
4
|
require 'pii_safe_schema/notify'
|
|
@@ -36,7 +37,56 @@ module PiiSafeSchema
|
|
|
36
37
|
Rails.logger.info('PiiSafeSchema: No DB'.red)
|
|
37
38
|
end
|
|
38
39
|
|
|
39
|
-
def self.generate_migrations
|
|
40
|
-
PiiSafeSchema::MigrationGenerator.generate_migrations(
|
|
40
|
+
def self.generate_migrations(additional_pii_columns = [])
|
|
41
|
+
PiiSafeSchema::MigrationGenerator.generate_migrations(
|
|
42
|
+
PiiSafeSchema::PiiColumn.all + additional_pii_columns,
|
|
43
|
+
)
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
def self.parse_additional_columns(arguments)
|
|
47
|
+
arguments.map do |str|
|
|
48
|
+
matches = /([a-z_]+):([a-z_]+):([a-z_]+)/i.match(str)
|
|
49
|
+
return print_help! if matches.blank?
|
|
50
|
+
|
|
51
|
+
suggestion = Annotations.comment(matches[3])
|
|
52
|
+
return print_help! if suggestion.blank?
|
|
53
|
+
|
|
54
|
+
PiiColumn.from_column_name(table: matches[1], column: matches[2], suggestion: suggestion)
|
|
55
|
+
end
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
def self.print_help!(do_exit: true) # rubocop:disable Metrics/MethodLength
|
|
59
|
+
puts <<~HELPMSG # rubocop:disable Rails/Output
|
|
60
|
+
Usage:
|
|
61
|
+
rake pii_safe_schema:generate_migrations [table:column:annotation_type] ...
|
|
62
|
+
|
|
63
|
+
Arguments:
|
|
64
|
+
[table:column:annotation_type] # A column to manually annotate. Can be repeated.
|
|
65
|
+
# annotation_type can be "email", "phone", "ip_address",
|
|
66
|
+
# "geolocation", "address", "postal_code", "name",
|
|
67
|
+
# "sensitive_data", or "encrypted_data"
|
|
68
|
+
|
|
69
|
+
Description:
|
|
70
|
+
Generates a migration to add PII annotation comments to appropriate columns on a table.
|
|
71
|
+
Uses a series of regular expressions to find sensitive fields.
|
|
72
|
+
|
|
73
|
+
Optionally supply arguments to annotate columns explicitly
|
|
74
|
+
|
|
75
|
+
Example:
|
|
76
|
+
rake pii_safe_schema:generate_migrations signatures:signatory_name:name signatures:landline:phone
|
|
77
|
+
|
|
78
|
+
Will generate a migration with the following, assuming automatic regex had no matches:
|
|
79
|
+
|
|
80
|
+
class ChangeCommentsInSignatures < ActiveRecord::Migration[5.2]
|
|
81
|
+
def change
|
|
82
|
+
safety_assured do
|
|
83
|
+
change_column :signatures, :signatory_name, :string, comment: '{"pii":{"obfuscate":"name_obfuscator"}}'
|
|
84
|
+
change_column :signatures, :landline, :string, comment: '{"pii":{"obfuscate":"phone_obfuscator"}}'
|
|
85
|
+
end
|
|
86
|
+
end
|
|
87
|
+
end
|
|
88
|
+
HELPMSG
|
|
89
|
+
|
|
90
|
+
exit(1) if do_exit # rubocop:disable Rails/Exit
|
|
41
91
|
end
|
|
42
92
|
end
|
|
@@ -70,14 +70,18 @@ module PiiSafeSchema
|
|
|
70
70
|
nil
|
|
71
71
|
end
|
|
72
72
|
|
|
73
|
+
def self.comment(annotation_type)
|
|
74
|
+
COLUMNS.dig(annotation_type.to_sym, :comment)
|
|
75
|
+
end
|
|
76
|
+
|
|
73
77
|
def apply_recommendation?(column, pii_info)
|
|
74
78
|
!encrypted?(column) &&
|
|
75
|
-
pii_info[:regexp].match(column.name) &&
|
|
79
|
+
pii_info[:regexp].match?(column.name) &&
|
|
76
80
|
column.comment != pii_info[:comment].to_json
|
|
77
81
|
end
|
|
78
82
|
|
|
79
83
|
def encrypted?(column)
|
|
80
|
-
COLUMNS[:encrypted_data][:regexp].match(column.name)
|
|
84
|
+
COLUMNS[:encrypted_data][:regexp].match?(column.name)
|
|
81
85
|
end
|
|
82
86
|
|
|
83
87
|
def apply_encrypted_recommendation?(column)
|
|
@@ -3,10 +3,6 @@ module PiiSafeSchema
|
|
|
3
3
|
extend PiiSafeSchema::Annotations
|
|
4
4
|
attr_reader :table, :column, :suggestion
|
|
5
5
|
|
|
6
|
-
def self.all
|
|
7
|
-
find_and_create
|
|
8
|
-
end
|
|
9
|
-
|
|
10
6
|
def initialize(table:, column:, suggestion:)
|
|
11
7
|
@table = table.to_sym
|
|
12
8
|
@column = column
|
|
@@ -14,6 +10,18 @@ module PiiSafeSchema
|
|
|
14
10
|
end
|
|
15
11
|
|
|
16
12
|
class << self
|
|
13
|
+
def all
|
|
14
|
+
find_and_create
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def from_column_name(table:, column:, suggestion:)
|
|
18
|
+
unless connection.columns(table.to_s).find { |c| c.name == column.to_s }
|
|
19
|
+
raise InvalidColumnError, "column \"#{column}\" does not exist for table \"#{table}\""
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
new(table: table, column: column, suggestion: suggestion)
|
|
23
|
+
end
|
|
24
|
+
|
|
17
25
|
private
|
|
18
26
|
|
|
19
27
|
def find_and_create
|
|
@@ -1,5 +1,25 @@
|
|
|
1
1
|
namespace :pii_safe_schema do
|
|
2
2
|
task generate_migrations: :environment do
|
|
3
|
-
PiiSafeSchema.
|
|
3
|
+
PiiSafeSchema.print_help! if ARGV[2] == 'help'
|
|
4
|
+
|
|
5
|
+
if ARGV.length == 1
|
|
6
|
+
PiiSafeSchema.generate_migrations
|
|
7
|
+
else
|
|
8
|
+
additional_columns = PiiSafeSchema.parse_additional_columns(ARGV[1..])
|
|
9
|
+
PiiSafeSchema.generate_migrations(additional_columns)
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
rescue ActiveRecord::StatementInvalid, PiiSafeSchema::InvalidColumnError => e
|
|
13
|
+
raise e if e.class == ActiveRecord::StatementInvalid && e.cause.class != PG::UndefinedTable
|
|
14
|
+
|
|
15
|
+
puts <<~HEREDOC
|
|
16
|
+
Unable to generate PII annotation migration. Either the underlying table or column does not exist:
|
|
17
|
+
|
|
18
|
+
#{e.message}
|
|
19
|
+
|
|
20
|
+
Please create the table & columns first, running their migrations, before attempting to use the pii_safe_schema generator.
|
|
21
|
+
HEREDOC
|
|
22
|
+
ensure
|
|
23
|
+
exit(0) # forces rake to stop after this and not assume args are tasks
|
|
4
24
|
end
|
|
5
25
|
end
|
data/pii_safe_schema.gemspec
CHANGED
|
@@ -19,9 +19,9 @@ Gem::Specification.new do |s|
|
|
|
19
19
|
s.executables = s.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
20
20
|
s.require_paths = ['lib']
|
|
21
21
|
|
|
22
|
-
s.add_dependency 'activesupport', '>= 5'
|
|
22
|
+
s.add_dependency 'activesupport', '>= 5', '< 7'
|
|
23
23
|
s.add_dependency 'colorize'
|
|
24
|
-
s.add_dependency 'rails', '>= 5'
|
|
24
|
+
s.add_dependency 'rails', '>= 5', '< 7'
|
|
25
25
|
|
|
26
26
|
s.add_development_dependency 'bundler', '>= 1.16'
|
|
27
27
|
s.add_development_dependency 'bundler-audit'
|
|
@@ -30,13 +30,14 @@ Gem::Specification.new do |s|
|
|
|
30
30
|
s.add_development_dependency 'git'
|
|
31
31
|
s.add_development_dependency 'guard-rspec'
|
|
32
32
|
s.add_development_dependency 'pry'
|
|
33
|
+
s.add_development_dependency 'rails', '>= 5.2.3', '< 7'
|
|
33
34
|
s.add_development_dependency 'rake', '>= 10.0'
|
|
34
35
|
s.add_development_dependency 'rspec', '< 4', '>= 3.0'
|
|
35
36
|
s.add_development_dependency 'rspec-collection_matchers'
|
|
36
37
|
s.add_development_dependency 'rspec-its'
|
|
37
38
|
s.add_development_dependency 'rubocop'
|
|
38
39
|
s.add_development_dependency 'simplecov'
|
|
39
|
-
s.add_development_dependency 'sqlite3
|
|
40
|
+
s.add_development_dependency 'sqlite3'
|
|
40
41
|
s.add_development_dependency 'ws-style'
|
|
41
42
|
|
|
42
43
|
# Required by activerecord-safer_migrations
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pii_safe_schema
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alexi Garrow
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-11-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -17,6 +17,9 @@ dependencies:
|
|
|
17
17
|
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
19
|
version: '5'
|
|
20
|
+
- - "<"
|
|
21
|
+
- !ruby/object:Gem::Version
|
|
22
|
+
version: '7'
|
|
20
23
|
type: :runtime
|
|
21
24
|
prerelease: false
|
|
22
25
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -24,6 +27,9 @@ dependencies:
|
|
|
24
27
|
- - ">="
|
|
25
28
|
- !ruby/object:Gem::Version
|
|
26
29
|
version: '5'
|
|
30
|
+
- - "<"
|
|
31
|
+
- !ruby/object:Gem::Version
|
|
32
|
+
version: '7'
|
|
27
33
|
- !ruby/object:Gem::Dependency
|
|
28
34
|
name: colorize
|
|
29
35
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -45,6 +51,9 @@ dependencies:
|
|
|
45
51
|
- - ">="
|
|
46
52
|
- !ruby/object:Gem::Version
|
|
47
53
|
version: '5'
|
|
54
|
+
- - "<"
|
|
55
|
+
- !ruby/object:Gem::Version
|
|
56
|
+
version: '7'
|
|
48
57
|
type: :runtime
|
|
49
58
|
prerelease: false
|
|
50
59
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -52,6 +61,9 @@ dependencies:
|
|
|
52
61
|
- - ">="
|
|
53
62
|
- !ruby/object:Gem::Version
|
|
54
63
|
version: '5'
|
|
64
|
+
- - "<"
|
|
65
|
+
- !ruby/object:Gem::Version
|
|
66
|
+
version: '7'
|
|
55
67
|
- !ruby/object:Gem::Dependency
|
|
56
68
|
name: bundler
|
|
57
69
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -150,6 +162,26 @@ dependencies:
|
|
|
150
162
|
- - ">="
|
|
151
163
|
- !ruby/object:Gem::Version
|
|
152
164
|
version: '0'
|
|
165
|
+
- !ruby/object:Gem::Dependency
|
|
166
|
+
name: rails
|
|
167
|
+
requirement: !ruby/object:Gem::Requirement
|
|
168
|
+
requirements:
|
|
169
|
+
- - ">="
|
|
170
|
+
- !ruby/object:Gem::Version
|
|
171
|
+
version: 5.2.3
|
|
172
|
+
- - "<"
|
|
173
|
+
- !ruby/object:Gem::Version
|
|
174
|
+
version: '7'
|
|
175
|
+
type: :development
|
|
176
|
+
prerelease: false
|
|
177
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
178
|
+
requirements:
|
|
179
|
+
- - ">="
|
|
180
|
+
- !ruby/object:Gem::Version
|
|
181
|
+
version: 5.2.3
|
|
182
|
+
- - "<"
|
|
183
|
+
- !ruby/object:Gem::Version
|
|
184
|
+
version: '7'
|
|
153
185
|
- !ruby/object:Gem::Dependency
|
|
154
186
|
name: rake
|
|
155
187
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -241,7 +273,7 @@ dependencies:
|
|
|
241
273
|
- !ruby/object:Gem::Version
|
|
242
274
|
version: '0'
|
|
243
275
|
- !ruby/object:Gem::Dependency
|
|
244
|
-
name: sqlite3
|
|
276
|
+
name: sqlite3
|
|
245
277
|
requirement: !ruby/object:Gem::Requirement
|
|
246
278
|
requirements:
|
|
247
279
|
- - ">="
|
|
@@ -320,6 +352,7 @@ files:
|
|
|
320
352
|
- lib/pii_safe_schema.rb
|
|
321
353
|
- lib/pii_safe_schema/annotations.rb
|
|
322
354
|
- lib/pii_safe_schema/configuration.rb
|
|
355
|
+
- lib/pii_safe_schema/invalid_column_error.rb
|
|
323
356
|
- lib/pii_safe_schema/migration_generator.rb
|
|
324
357
|
- lib/pii_safe_schema/notifiers/data_dog.rb
|
|
325
358
|
- lib/pii_safe_schema/notifiers/std_out.rb
|
|
@@ -347,7 +380,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
347
380
|
- !ruby/object:Gem::Version
|
|
348
381
|
version: '0'
|
|
349
382
|
requirements: []
|
|
350
|
-
rubygems_version: 3.0.
|
|
383
|
+
rubygems_version: 3.0.3
|
|
351
384
|
signing_key:
|
|
352
385
|
specification_version: 4
|
|
353
386
|
summary: Schema migration tool for checking and adding comments on PII columns.
|