red_alert 0.0.3 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 86e3c291a2e0c7653e1e755e1a59486e5ce1c506
-  data.tar.gz: 5e088483d9d67d5e930f49d27048bca9f6d931f1
+  metadata.gz: 835ff34cab230a96c3dc7a6972095cba661ca988
+  data.tar.gz: b00cc6f956ae826e0a7cb095ab11dc13679ed07e
 SHA512:
-  metadata.gz: 46b6541473ba5adab9b5e591b27fd8997c068a6a327424117ec69b82ba531e199f25e86773e625feb69038ee6480d862410266bc2092cd6b4d3a9f2d4a4493a0
-  data.tar.gz: c6aa5eaef678230029fe87fe50b544346353d6e24e9b8f37830d73a35137579b35862dbecf3e4543bf3ccd727972408d071dae49ad89feab396dcf0ed2688970
+  metadata.gz: c0357b0a2161ce655c08a6fefaea8546da251ddd1b30d6c89d62cd544f647fb04f0d10f0e211060da919e12f95c2f421022eecf9f0547c7fe7873f17e6cd9140
+  data.tar.gz: 3eb0419a57d2db742af88b3eebcce69b42615ce7cb5b5af3e5bec2fc58d017658ded88d4fb3174f2ffbd546d5d315f9e7c9093de3b8828b9ab3feb0feebb06aa

data/Rakefile

@@ -2,7 +2,6 @@ require "bundler/gem_tasks"
 require 'rake/testtask'
 
 Rake::TestTask.new do |t|
-    puts ENV['TERM']
     t.libs = ['spec', 'lib']
     t.pattern = 'spec/**/*_spec.rb'
 end

data/lib/red_alert.rb

@@ -1,5 +1,7 @@
 module RedAlert
   require 'red_alert/version'
+  require 'red_alert/const'
   require 'red_alert/notification'
   require 'red_alert/notifier'
+  require 'red_alert/cleaner'
 end

data/lib/red_alert/cleaner.rb

@@ -0,0 +1,35 @@
+module RedAlert
+  class Cleaner
+    FILTERED_TEXT = '[REMOVED]'
+    RECURSIVE_TEXT = '[RECURSIVE STRUCTURE]'
+
+    attr_reader :filter_keys
+
+    def initialize(filter_keys)
+      @filter_keys = filter_keys.to_set
+    end
+
+    def scrub(params)
+      formatted = format(params)
+      formatted.each do |key, value|
+        if filter_keys.include? key
+          formatted[key] = FILTERED_TEXT
+        elsif value.respond_to? :to_hash
+          formatted[key] = scrub value
+        end
+      end
+    end
+
+    def format(value, stack = Set.new)
+      return RECURSIVE_TEXT if stack.include? value.object_id
+
+      if value.respond_to? :to_ary
+        value.map{|v| format v, stack + [value.object_id]}
+      elsif value.respond_to? :to_hash
+        value.each_with_object({}){|(k,v), memo| memo[k] = format v, stack + [value.object_id]}
+      else
+        value.nil? ? nil : value.to_s
+      end
+    end
+  end
+end

data/lib/red_alert/const.rb

@@ -0,0 +1,15 @@
+module RedAlert
+  RACK_DEFAULT_FILTERS = %w{
+    rack.request.cookie_hash
+    rack.request.cookie_string
+    rack.request.form_vars
+    rack.session
+    rack.session.options
+  }.freeze
+
+  PARAMS_DEFAULT_FILTERS = %w{
+    password
+    password_confirm
+    password_confirmation
+  }.freeze
+end

data/lib/red_alert/notifier.rb

@@ -10,8 +10,14 @@ module RedAlert
       @notifier_settings ||= {}
     end
 
+    def filter_keys
+      PARAMS_DEFAULT_FILTERS
+    end
+
     def alert(exception, data = {})
-      notification = Notification.build notifier_settings[:subject], template, exception, data
+      cleaner = Cleaner.new(filter_keys)
+      cleaned_data = cleaner.scrub data
+      notification = Notification.build notifier_settings[:subject], template, exception, cleaned_data
       mail = Mail.new(
         to: notifier_settings[:to],
         from: notifier_settings[:from],

data/lib/red_alert/rack/notifier.rb

@@ -3,6 +3,11 @@ module RedAlert
     class Notifier
       include RedAlert::Notifier
 
+      def filter_keys
+        RACK_DEFAULT_FILTERS + PARAMS_DEFAULT_FILTERS
+      end
+
+
       def template
       <<-EMAIL
 A <%= exception.class %> occured: <%= exception %>

data/lib/red_alert/version.rb

@@ -1,3 +1,3 @@
 module RedAlert
-  VERSION = "0.0.3"
+  VERSION = "0.1.0"
 end

data/spec/red_alert/cleaner_spec.rb

@@ -0,0 +1,65 @@
+require 'spec_helper'
+
+describe RedAlert::Cleaner do
+  let(:filter_keys) { ['foo', 'bar'] }
+
+  subject { RedAlert::Cleaner.new(filter_keys) }
+
+  it 'filters keys from a hash' do
+    result = subject.scrub('foo' => 'secret', 'baz' => 'cool')
+    result['foo'].must_equal RedAlert::Cleaner::FILTERED_TEXT
+    result['baz'].must_equal 'cool'
+  end
+
+  it 'returns a new hash' do
+    input = {'qux' => 'val'}
+    subject.scrub(input).wont_be_same_as input
+  end
+
+  it 'filters nested hashes' do
+    input = {'zing' => {'foo' => 'secret'}}
+    result = subject.scrub(input)
+    result['zing']['foo'].must_equal RedAlert::Cleaner::FILTERED_TEXT
+  end
+
+  it 'stringifys with unserializable data' do
+    bad_data = lambda { puts 'hello' }
+    input = {'zing' => bad_data}
+    result = subject.scrub(input)
+    assert_equal result['zing'], bad_data.to_s
+  end
+
+  it 'stringifys with unserializable data in arrays' do
+    bad_data = lambda { puts 'hello' }
+    input = {'zing' => [bad_data]}
+    result = subject.scrub(input)
+    assert_equal result['zing'].first, bad_data.to_s
+  end
+
+  it 'stringifys ints' do
+    input = {'zing' => 1}
+    result = subject.scrub(input)
+    result['zing'].must_equal '1'
+  end
+
+  it 'handles recursive arrays' do
+    a = []
+    a << a
+    input = {'zing' => a}
+    result = subject.scrub(input)
+    result['zing'].first.must_equal RedAlert::Cleaner::RECURSIVE_TEXT
+  end
+
+  it 'handles recursive hashes' do
+    input = {}
+    input['zing'] = {'self' => input}
+    result = subject.scrub(input)
+    result['zing']['self'].must_equal RedAlert::Cleaner::RECURSIVE_TEXT
+  end
+
+  it 'handles nil' do
+    input = {'zing' => nil}
+    result = subject.scrub(input)
+    result['zing'].must_equal nil
+  end
+end

data/spec/red_alert/notifier_spec.rb

@@ -47,7 +47,7 @@ describe RedAlert::Notifier do
       enable_starttls_auto: true
     } }
 
-    subject { TestNotifier.new 'test template <%= exception %> |<%= data[:stuff] %>|' }
+    subject { TestNotifier.new 'test template <%= exception %> |<%= data %>|' }
 
     before do
       subject.to to
@@ -67,12 +67,19 @@ describe RedAlert::Notifier do
       notification.to.must_include to
       notification.from.must_include from
       notification.subject.must_equal 'test subject something bad happened'
-      notification.body.to_s.must_equal 'test template something bad happened |here|'
+      notification.body.to_s.must_equal 'test template something bad happened |{:stuff=>"here"}|'
     end
 
     it 'uses settings' do
       result = subject.alert(exception).delivery_method.settings
       result.must_equal settings
     end
+
+    it 'strips sensitive params' do
+      data['password'] = 'secret'
+      subject.alert exception, data
+      message = deliveries.first
+      message.body.to_s.must_include RedAlert::Cleaner::FILTERED_TEXT
+    end
   end
 end

data/spec/red_alert/rack/notifier_spec.rb

@@ -12,11 +12,24 @@ describe RedAlert::Rack::Notifier do
   after { deliveries.clear }
 
   it 'alerts' do
+    expected = SecureRandom.hex
     begin
       raise 'boom'
     rescue => e
-      subject.alert(e, request: 'data', env: { 'in' => 'out' }).body.wont_be_nil
-      deliveries.length.must_be :>, 0
+      subject.alert(e, request: 'data', env: { 'in' => expected })
+      message = deliveries.first
+      message.body.to_s.must_include expected
+    end
+  end
+
+  it 'removes sensitive rack params' do
+    expected = SecureRandom.hex
+    begin
+      raise 'boom'
+    rescue => e
+      subject.alert(e, request: 'data', env: { 'rack.session' => expected })
+      message = deliveries.first
+      message.body.to_s.wont_include expected
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: red_alert
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.1.0
 platform: ruby
 authors:
 - vyrak.bunleang@gmail.com
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-08-22 00:00:00.000000000 Z
+date: 2014-01-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mail
@@ -37,6 +37,8 @@ files:
 - README.md
 - Rakefile
 - lib/red_alert.rb
+- lib/red_alert/cleaner.rb
+- lib/red_alert/const.rb
 - lib/red_alert/notification.rb
 - lib/red_alert/notifier.rb
 - lib/red_alert/rack.rb
@@ -47,6 +49,7 @@ files:
 - lib/red_alert/sidekiq/notifier.rb
 - lib/red_alert/version.rb
 - red_alert.gemspec
+- spec/red_alert/cleaner_spec.rb
 - spec/red_alert/notification_spec.rb
 - spec/red_alert/notifier_spec.rb
 - spec/red_alert/rack/middleware_spec.rb
@@ -78,6 +81,7 @@ signing_key:
 specification_version: 4
 summary: Middlewares for mailing errors
 test_files:
+- spec/red_alert/cleaner_spec.rb
 - spec/red_alert/notification_spec.rb
 - spec/red_alert/notifier_spec.rb
 - spec/red_alert/rack/middleware_spec.rb