right_support 2.11.3 → 2.12.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 84b1fadd77413c3576fdd0fbbd879710b1112edc
-  data.tar.gz: f17cfd2668352ffd44369fb1d88c32999fc48946
+  metadata.gz: e7074bbc2d6d01fc7eb2bb07e1feeef2ba2f53ed
+  data.tar.gz: 95c557ae302fce0f8612aa6db52f5c4741bf8748
 SHA512:
-  metadata.gz: 07c3f80725f1ed204534baae796e744decebc1b9938980798d4dc5a57758ad100dedabba94254961963bdafea1f411ff40b04dbe92731746f56d7f2e18e128d8
-  data.tar.gz: 0d150c874388b402fe0a2df8fb00bb13acd4902d1f3b48ac682e5036cbbaca06b4b3b9f218226b95b5994e7e22ab8478b79f4bf275679ffb2de1e83df72bb506
+  metadata.gz: ffb1c16256704d39e72a2661d8a3fb4c7cda875cc3de50eab7d6825ae42cb4b178c3ca01110d28d6655bc0d40674478e6b6565f605cd045c56ca438cb993f1f0
+  data.tar.gz: 62082378411fc6876b5d76f06bc8ec1a48960521ef4221e24aee9b6e187fa2e2df394364fb58b34cdc317a5ada5b7fa433c69b13c6670752d3e2caf8cf27ca04

data/Rakefile

@@ -62,6 +62,10 @@ if defined?(Jeweler)
     gem.description = %Q{A toolkit of useful, reusable foundation code created by RightScale.}
     gem.email = "support@rightscale.com"
     gem.authors = ['Tony Spataro', 'Sergey Sergyenko', 'Ryan Williamson', 'Lee Kirchhoff', 'Alexey Karpik', 'Scott Messier']
+    gem.files.exclude "Gemfile*"
+    gem.files.exclude ".*"
+    gem.files.exclude "features/**/*"
+    gem.files.exclude "spec/**/*"
   end
 
   # Never auto-commit during operations that change the repository. Allows developers to decide on their own commit comment

data/VERSION

@@ -1 +1 @@
-2.11.3
+2.12.1

data/lib/right_support/notifiers/airbrake.rb

@@ -0,0 +1,194 @@
+#
+# Copyright (c) 2016 RightScale Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+if require_succeeds?('airbrake-ruby')
+
+  # monkey-patch airbrake's backtrace parser since we parse it with more options
+  # in ::RightSupport::Notifier::Utilities::BacktraceDecoder
+  require 'airbrake-ruby/backtrace'
+
+  module Airbrake
+    module Backtrace
+      class << self
+        alias :old_parse :parse
+      end
+
+      def self.backtrace_decoder=(value)
+        @backtrace_decoder = value
+      end
+
+      def self.parse(*args)
+        if @backtrace_decoder
+          error = args.first
+          trace = error.backtrace || []
+          @backtrace_decoder.decode(trace).map do |frame|
+            {
+              file: frame.file,
+              line: frame.line,
+              function: frame.function
+            }
+          end
+        else
+          old_parse(*args)
+        end
+      end
+    end
+  end
+
+  class RightSupport::Notifier::Airbrake < RightSupport::Notifier::Base
+
+    # Rack environment keys that are safe to send to Errbit, et al.
+    SAFE_ENVIRONMENT_KEYS = /^(?:HTTP_|REMOTE_|REQUEST_|SERVER_|QUERY_)/
+
+    # default blacklisted request headers.
+    DEFAULT_ENVIRONMENT_BLACKLIST = %w(
+      Authorization Cookie
+      Proxy-Authorization
+      X-Api-Shared-Secret
+      X-Authorization X-Http-Authorization
+    )
+
+    # default blacklisted payload
+    DEFAULT_PAYLOAD_BLACKLIST = %w(password)
+
+    # @param [String] api_key required API key (a.k.a project key in paid service)
+    # @param [Hash] options
+    # @option options [String] :endpoint optional for hosted freeware errbit,
+    #  defaults to paid airbrake service.
+    # @option options [Integer] :project_id ignored by the freeware errbit,
+    #  required to use the paid airbrake service.
+    # @option options [Array|String] :environment_blacklist header names to
+    #  obfuscate after merging with default
+    #  ['Authorization', 'Cookie', 'X-Api-Shared-Secret'] or nil or empty
+    # @option options [Blacklister] :environment_blacklister optional custom
+    #  environment blacklister. supercedes :environment_blacklist
+    # @option options [Array|String] :payload_blacklist top-level payload keys
+    #  to obfuscate after merging with default ['password'] or nil or empty
+    # @option options [Blacklister] :payload_blacklister optional custom payload
+    #  blacklister. supercedes :payload_blacklist
+    # @option options [String] :root_directory as application root directory.
+    #  default=<working directory>
+    # @option options [String] :environment as deployment environment.
+    #  default=<RACK_ENV>
+    # @option options [Integer] :backtrace_limit as maximum number of stack frames
+    #  to decode or negative for all. default = 10.
+    # @option options [String|Array] :path_blacklist for unwanted paths in
+    #  backtrace. the blacklisted path substring causes the frame to be omitted
+    #  when it appears anywhere in the traced path. default = none.
+    # @option options [Proc] :notifiable_callback optional callback to determine
+    #  if a particular error is worthy of notification. takes an error parameter
+    #  and returns true if notifiable, false if ignored.
+    # @option options [Logger] :logger or nil for default
+    def initialize(api_key, options)
+      super(options)
+      options = {
+        endpoint: nil,
+        project_id: nil,
+        environment_blacklist: nil,
+        environment_blacklister: nil,
+        payload_blacklist: nil,
+        payload_blacklister: nil,
+        root_directory: ::Dir.pwd,
+        environment: ::ENV['RACK_ENV'] || 'development'
+      }.merge(options)
+
+      # resolve environment blacklist.
+      unless @environment_blacklister = options[:environment_blacklister]
+        environment_blacklist = (options[:environment_blacklist] || []) + DEFAULT_ENVIRONMENT_BLACKLIST
+        environment_blacklist.map! do |eb|
+          # prefix environment key with 'HTTP_' for a request header match unless
+          # prefix is already known.
+          if SAFE_ENVIRONMENT_KEYS.match(eb)
+            eb
+          else
+            'HTTP_' + eb
+          end
+        end
+        @environment_blacklister = ::RightSupport::Notifier::Blacklister::Canonical.new(environment_blacklist)
+      end
+
+      # resolve payload blacklist.
+      unless @payload_blacklister = options[:payload_blacklister]
+        payload_blacklist = (options[:payload_blacklist] || []) + DEFAULT_PAYLOAD_BLACKLIST
+        @payload_blacklister = ::RightSupport::Notifier::Blacklister::SnakeCase.new(payload_blacklist)
+      end
+
+      ::Airbrake::Backtrace.backtrace_decoder = backtrace_decoder
+      ::Airbrake.configure do |config|
+        config.host = options[:endpoint] if options[:endpoint]  # defaults to paid airbrake service
+        config.project_key = api_key
+        config.project_id = Integer(options[:project_id] || 1)  # ignored by freeware errbit service but has type integer in gobrake, etc.
+        config.root_directory = options[:root_directory]
+        config.environment = options[:environment]
+        config.queue_size = 100
+        config.workers = 5
+        config.logger = options[:logger] || ::RightSupport::Log::Mixin.default_logger
+      end
+      true
+    end
+
+    def notify(notification)
+      # RACK environment key whitelisting.
+      env = notification.env.select { |k, v| k =~ SAFE_ENVIRONMENT_KEYS }
+
+      # environment (request headers, etc.) blacklisting.
+      @environment_blacklister.filter(env)
+
+      # always insert error token.
+      env['error.token'] = notification.error_token
+
+      # payload blacklisting.
+      if payload = notification.payload
+        # deep mash payload to avoid modifying original and to normalize keys.
+        # also note that the gem has an Airbrake::PayloadTruncator used to
+        # abbreviate the payload before sending so do not expect to always see
+        # the full detail on the website.
+        payload = ::RightSupport::Data::HashTools.deep_mash(payload)
+        @payload_blacklister.filter(payload)
+      end
+
+      # note we are only interested in the root cause for airbrake purposes.
+      # the airbrake gem will iterate over .cause but there is no need to send
+      # the entire cause chain in the notification. full details appear in the
+      # logger notifier when DEBUG_MODE=true
+      cause, _ = backtrace_decoder.walk_error(notification.error, raw_trace: true)
+      notice = ::Airbrake.build_notice(
+        cause,
+        component: notification.component,
+        action: notification.action)
+      notice[:params] = payload
+      notice[:session] = notification.global_session
+      notice[:environment] = env
+
+      # notify
+      ::Airbrake.notify(notice)
+      true
+    rescue ::Exception => e
+      lines = [e.class.name, e.message, e.backtrace].flatten.compact
+      msg = "Failed to notify: #{lines.join("\n")}"
+      logger.error(msg)
+      true
+    end
+
+  end  # RightSupport::Notifier::Airbrake
+
+end  # require_succeeds?('airbrake-ruby')

data/lib/right_support/notifiers/base.rb

@@ -0,0 +1,73 @@
+#
+# Copyright (c) 2016 RightScale Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+# base class for notifiers.
+class RightSupport::Notifier::Base
+  include ::RightSupport::Log::Mixin
+
+  attr_reader :backtrace_decoder
+
+  # @param [Hash] options
+  # @option options [Integer] :backtrace_limit as maximum number of stack frames
+  #  to decode or negative for all. default = 10.
+  # @option options [String|Array] :path_blacklist for unwanted paths in
+  #  backtrace. the blacklisted path substring causes the frame to be omitted
+  #  when it appears anywhere in the traced path. default = none.
+  # @option options [Proc] :notifiable_callback optional callback to determine
+  #  if a particular error is worthy of notification. takes an error parameter
+  #  and returns true if notifiable, false if ignored.
+  # @option options [Logger] :logger or nil for default
+  def initialize(options)
+    options = {
+      backtrace_limit: 10,
+      notifiable_callback: nil,
+      logger: nil
+    }.merge(options)
+    @notifiable_callback = options[:notifiable_callback]
+    @logger = options[:logger]
+    @backtrace_decoder = ::RightSupport::Notifier::Utility::BacktraceDecoder.new(
+      backtrace_limit: Integer(options[:backtrace_limit]),
+      path_blacklist: Array(options[:path_blacklist]))
+    @debug_mode = ::ENV['DEBUG_MODE'] == 'true'
+  end
+
+  # @return [TrueClass|FalseClass] true in debug mode
+  def debug_mode?
+    @debug_mode
+  end
+
+  # @return [TrueClass|FalseClass] true if the error is notifiable for the
+  #  current notifier, false to ignore error.
+  def notifiable?(e)
+    @notifiable_callback.nil? || @notifiable_callback.call(e)
+  end
+
+  # performs a notification.
+  #
+  # @param [RightSupport::Notifier::Notification] notification to perform.
+  #
+  # @return [TrueClass] always true
+  def notify(notification)
+    fail 'Must be overridden'
+  end
+
+end

data/lib/right_support/notifiers/blacklisters/base.rb

@@ -0,0 +1,48 @@
+#
+# Copyright (c) 2016 RightScale Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+# base class for a partial data blacklister.
+class RightSupport::Notifier::Blacklister::Base
+
+  attr_reader :replacement_value
+
+  # @param [Hash] options
+  # @option options [Object] :replacement_value of any kind including nil.
+  #  default='HIDDEN'.
+  def initialize(options)
+    options = {
+      replacement_value: 'HIDDEN'
+    }.merge(options)
+    @replacement_value = options[:replacement_value]
+  end
+
+  # filters data by finding and replacing blacklisted key patterns with a
+  # replacement value.
+  #
+  # @param [Hash] data for filtering by blacklist
+  #
+  # @return [TrueClass] always true
+  def filter(data)
+    fail 'Must be overridden'
+  end
+
+end

data/lib/right_support/notifiers/blacklisters/canonical.rb

@@ -0,0 +1,60 @@
+#
+# Copyright (c) 2016 RightScale Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+require 'set'
+
+# implements a blacklister that matches canonical keys. a canonical key follows
+# the request/response header naming pattern(s) and/or can be converted to one
+# of these naming patterns.
+class RightSupport::Notifier::Blacklister::Canonical < ::RightSupport::Notifier::Blacklister::Base
+
+  # @param [Array|String] keys to blacklist
+  # @param [Hash] options
+  # @option options [Object] :replacement_value of any kind including nil.
+  #  default='HIDDEN'.
+  def initialize(keys, options = {})
+    super(options)
+    @keys = ::RightSupport::Notifier::Blacklister::Canonical.normalize_keys(keys)
+  end
+
+  # implements RightSupport::Notifier::Blacklister::Base#filter
+  def filter(data)
+    data.keys.each do |key|
+      if @keys.include?(self.class.to_canonical(key))
+        data[key] = replacement_value
+      end
+    end
+    true
+  end
+
+  # @param [Array|String] keys to normalize
+  def self.normalize_keys(keys)
+    ::Set.new(Array(keys).map(&self.method(:to_canonical)))
+  end
+
+  # canonicalizes a key (header name) for easy lookup in a Rack env hash.
+  #
+  # @param [String|Symbol] key to canonicalize
+  def self.to_canonical(key)
+    key.to_s.upcase.gsub('-', '_')
+  end
+end

data/lib/right_support/notifiers/blacklisters/regular_expression.rb

@@ -0,0 +1,86 @@
+#
+# Copyright (c) 2016 RightScale Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+require 'set'
+
+# implements a blacklister that matches key paths by regular expression.
+class RightSupport::Notifier::Blacklister::RegularExpression < ::RightSupport::Notifier::Blacklister::Base
+
+  attr_reader :delimiter
+
+  # @param [Array|Regexp|String] regular_expressions to blacklist
+  # @param [Hash] options
+  # @option options [Object] :delimiter present in regular expressions used to
+  #  distinguish child data maps. defaults to slash (/).
+  # @option options [Object] :replacement_value of any kind including nil.
+  #  default='HIDDEN'.
+  def initialize(regular_expressions, options = {})
+    super(options)
+    options = {
+      delimiter: '/'
+    }.merge(options)
+    @delimiter = options[:delimiter].to_s
+    @regular_expressions = ::RightSupport::Notifier::Blacklister::RegularExpression.normalize_regular_expressions(regular_expressions)
+  end
+
+  # implements RightSupport::Notifier::Blacklister::Base#filter
+  def filter(data)
+    recursive_filter(data, nil)
+  end
+
+  # @param [Array|Regexp|String] regular_expressions to normalize
+  def self.normalize_regular_expressions(regular_expressions)
+    ::Set.new(Array(regular_expressions).map(&self.method(:to_regexp)))
+  end
+
+  # compiles a regular expression, if necessary.
+  #
+  # @param [String|Regexp] re to compile or accept
+  #
+  # @return [Regexp] regular expression
+  def self.to_regexp(re)
+    case re
+    when ::String
+      ::Regexp.compile(re)
+    when ::Regexp
+      re
+    else
+      fail "Unexpected type: #{re.class.name}"
+    end
+  end
+
+  private
+
+  def recursive_filter(data, parent_path)
+    data.keys.each do |k|
+      unless (v = data[k]).nil?
+        current_path = parent_path ? "#{parent_path}#{delimiter}#{k}" : k.to_s
+        if @regular_expressions.any? { |re| re.match(current_path) }
+          data[k] = replacement_value
+        elsif v.respond_to?(:has_key?)
+          recursive_filter(v, current_path)
+        end
+      end
+    end
+    true
+  end
+end

data/{features/support/file_utils_bundler_mixin.rb → lib/right_support/notifiers/blacklisters/simple.rb}

@@ -1,4 +1,5 @@
-# Copyright (c) 2012- RightScale Inc
+#
+# Copyright (c) 2016 RightScale Inc
 #
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files (the
@@ -19,27 +20,27 @@
 # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
-# Magic hooks that is necessary due to Bundler/RVM craziness interfering with
-# our own Cucumbers. This is necessary because our Cucumber scenarios need to create a
-# Ruby app that has a distinct, separate bundle from right_support's own Gemfile, e.g. we
-# need to test what happens when RSpec or Cucumber isn't available. Therefore the subprocesses
-# that RightSupport's Cucumber suite launches, should not inherit our bundle.
-module FileUtilsBundlerMixin
-  def self.included(base)
-    if base.respond_to?(:sh) && !base.respond_to?(:sh_without_bundler_taint)
-      base.instance_eval {
-        alias_method :sh_without_bundler_taint, :sh
-        alias_method :sh, :sh_with_bundler_taint
-      }
-    end
+require 'set'
+
+# implements a simple blacklister that matches a literal top-level key.
+class RightSupport::Notifier::Blacklister::Simple < ::RightSupport::Notifier::Blacklister::Base
+
+  # @param [Array|String] keys to blacklist
+  # @param [Hash] options
+  # @option options [Object] :replacement_value of any kind including nil.
+  #  default='HIDDEN'.
+  def initialize(keys, options = {})
+    super(options)
+    @keys = ::Set.new(Array(keys).map(&:to_s))
   end
 
-  def sh_with_bundler_taint(*params)
-    Bundler.with_clean_env do
-      sh_without_bundler_taint(*params)
+  # implements RightSupport::Notifier::Blacklister::Base#filter
+  def filter(data)
+    @keys.each do |key|
+      if data.has_key?(key)
+        data[key] = replacement_value
+      end
     end
+    true
   end
 end
-
-# Install the magic hook.
-Kernel.instance_eval { include(::FileUtilsBundlerMixin) }

data/lib/right_support/notifiers/blacklisters/snake_case.rb

@@ -0,0 +1,60 @@
+#
+# Copyright (c) 2016 RightScale Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+require 'set'
+
+# implements a blacklister that matches snake_case keys.
+class RightSupport::Notifier::Blacklister::SnakeCase < ::RightSupport::Notifier::Blacklister::Base
+
+  # @param [Array|String] keys to blacklist
+  # @param [Hash] options
+  # @option options [Object] :replacement_value of any kind including nil.
+  #  default='HIDDEN'.
+  def initialize(keys, options = {})
+    super(options)
+    @keys = ::RightSupport::Notifier::Blacklister::SnakeCase.normalize_keys(keys)
+  end
+
+  # implements RightSupport::Notifier::Blacklister::Base#filter
+  def filter(data)
+    data.keys.each do |key|
+      if @keys.include?(self.class.to_snake_case(key))
+        data[key] = replacement_value
+      end
+    end
+    true
+  end
+
+  # @param [Array|String] keys to normalize
+  def self.normalize_keys(keys)
+    ::Set.new(Array(keys).map(&self.method(:to_snake_case)))
+  end
+
+  # converts a key (field name) to snake_case
+  def self.to_snake_case(key)
+    key.to_s.
+        gsub(/([A-Z]+)([A-Z][a-z])/, '\1_\2').
+        gsub(/([a-z])([A-Z])/, '\1_\2').
+        downcase
+  end
+
+end

data/lib/right_support/notifiers/blacklisters/wildcard.rb

@@ -0,0 +1,65 @@
+#
+# Copyright (c) 2016 RightScale Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+# implements a blacklister that matches key paths by wildcard pattern
+# interpreted as a key/value hierarchy represented as
+# slash (/) delimited parts of the pattern string. supports the usual [*,?]
+# wildcard characters as well as the more advanced multiple-indirection "**/"
+# pattern.
+#
+# example:
+#  patterns = ['a/*/c']
+#  data = {a: {b: c: 42}}
+#  result == {a: {b: c: 'HIDDEN'}}
+class RightSupport::Notifier::Blacklister::Wildcard < ::RightSupport::Notifier::Blacklister::RegularExpression
+
+  # @param [Array|String] patterns to blacklist
+  # @param [Hash] options
+  # @option options [Object] :replacement_value of any kind including nil.
+  #  default='HIDDEN'.
+  def initialize(patterns, options = {})
+    if options[:delimiter]
+      raise ::ArgumentError, 'options[:delimiter] is not allowed for wildcards.'
+    end
+    super(
+      ::RightSupport::Notifier::Blacklister::Wildcard.to_regular_expressions(Array(patterns)),
+      options)
+  end
+
+  def self.to_regular_expressions(patterns)
+    patterns.map do |pattern|
+      # remove leading/trailing slashes
+      here = pattern == 'a/b/*'
+      pattern = pattern.to_s.gsub(/^[\/]+(.*)/, '\2').gsub(/(.*)[\/]+$/, '\1')
+
+      # remove trailing "/*" as matching the parent will obfuscate all children.
+      while pattern.end_with?('/*')
+        pattern = pattern[0...-2]
+      end
+      pattern = ::Regexp.escape(pattern)      # escape all
+      pattern = pattern.gsub('\?', '[^/]')    # question mark == match any single non-slash character
+      pattern = pattern.gsub('\*\*/', '.*/')  # '**/' == match at any depth
+      pattern = pattern.gsub('\*', '[^/]*')   # asterisk == match zero or more non-slash characters
+      ::Regexp.compile(pattern)
+    end
+  end
+end