sapience 1.0.8 → 1.0.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2c3bbc9e597e92775e21ecdab149da717f6f4cac
-  data.tar.gz: d97388214be0ee09bca68a2d543ceb1e99c4862f
+  metadata.gz: 35f1a2a161ecc2efb23decddb30df46b01b372ed
+  data.tar.gz: f112df7cbf9149371fed662c5451c553c58ccecc
 SHA512:
-  metadata.gz: b8a669055e80b6b23f63936dcb57be52574fe7e8785437faaee36e0172c66765fed710dbe650e6bd7da7f82fda773b4413e049fe8dd2933b0dd28f31908f1a8c
-  data.tar.gz: 9da937b7b59ff08c3165d5167f72eed549564bb569025f9db1d1532cfb3c8deaa5efb549d24f3fab2b60799ec3e62437393c553f8278a9c7ffb37083dae8a1fa
+  metadata.gz: 40fb5ccbf8c3deedb4ab1b51d87ef97138f18511c0df18709341342f4acb30c6b7138d3c334fcba41d92da4e644b029faeee3b2a768697c2bda0b9b232770d47
+  data.tar.gz: 745ade15fbe6afbdab30967ecd09f8ce48de280e6c9f69541b7aef93533f9ec7957df6ec6673567fa9042338c4cc03540e7ba8e615aecb05f572b5b104799e58

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+- Added `filter_parameters` configuration to obfuscate sensitive information such as passwords for rack-like applications
+
+## v1.0.8
+
+- Delayed configuration of Sentry until the configuration is valid
+
 ## v1.0.3
 
 - Rename `SAPIENCE_APP_NAME` to `APP_NAME`
@@ -30,11 +36,11 @@
 
 ## v0.2.13
 
-- Set Rails.logger even some gems disables logging on initialisation. 
+- Set Rails.logger even some gems disables logging on initialisation.
 
 ## v0.2.12
 
-- Adds support for Rails apps with disabled ActiveRecord 
+- Adds support for Rails apps with disabled ActiveRecord
 
 ## v0.2.11
 
@@ -73,7 +79,7 @@
 
 ## v0.2.0
 
-- Rename Appender::File to Appender::Stream. Accept option stream instead of file in `sapience.yml`  
+- Rename Appender::File to Appender::Stream. Accept option stream instead of file in `sapience.yml`
 
 ## v0.1.12
 

data/README.md

@@ -16,13 +16,13 @@ We have taken a great deal of inspiration from the amazing [Semantic Logger](htt
 
 First of all we need to require the right file for the project. There are currently two frameworks supported (rails and grape).
 
-### Rails  
+### Rails
 
 ```ruby
 gem "sapience", require: "sapience/rails"
 ```
 
-### Grape 
+### Grape
 
 ```ruby
 gem "sapience", require: "sapience/grape"
@@ -37,11 +37,11 @@ module Aslan
   module API
     class Base < Grape::API
       use Sapience::Extensions::Grape::Middleware::Logging, logger: Sapience[self]
-      
+
       # To log all requests even when no route was found try the following:
       route :any, "*path" do
         error!({ error: "No route found" }, 404)
-      end 
+      end
     end
   end
 end
@@ -54,7 +54,7 @@ The sapience configuration can be controlled by a `config/sapience.yml` file or
 
 The `app_name` is required to be configured. Sapience will fail on startup if app_name isn't configured properly.
 
-```ruby 
+```ruby
 Sapience.configure do |config|
   config.default_level   = :info
   config.backtrace_level = :error
@@ -67,11 +67,14 @@ Sapience.configure do |config|
 end
 ```
 
-Sapience provides a default configuration that will be used unless another file or configuration is specified. You can provide a custom 
+Sapience provides a default configuration that will be used unless another file or configuration is specified. You can provide a custom
 
 ```yaml
 ---
 default:
+  filter_parameters:
+    - password
+    - password_confirmation
   log_executor: single_thread_executor
   log_level: info
   appenders:
@@ -145,6 +148,39 @@ Sapience.configure do |config|
 end
 ```
 
+#### Filtering out sensitive data
+
+**NOTE: This is intended for (and will currently only work with) Rack-like applications, which include a `params` key in their `payload` hash**
+
+You may not want to log certain parameters which have sensitive information to be in the logs, e.g. `password`.  This can be set using the `filter_parameters` option when using `configure`:
+
+```ruby
+Sapience.configure do |config|
+  # Filter the value of "foo" from rack's parameter hash
+  config.filter_parameters << 'foo'
+end
+```
+
+Note that by default this is set to `['password', 'password_confirmation']`, so be careful when explicitly setting, as you may lose this filtering:
+
+```ruby
+Sapience.configure do |config|
+  # NOTE: password and password_confirmation will no longer be filtered
+  config.filter_parameters = ['foo']
+end
+```
+
+Similarly, *be particularly careful* when setting as `yaml` because this will no longer filter `password` and `password_confirmation`:
+
+```yaml
+some_environment:
+  # NOTE: password and password_confirmation will no longer be filtered if they're not included in this list
+  filter_parameters:
+    - foo
+```
+
+Any filtered parameter will still show in the `params` field, but it's value will be `[FILTERED]`.
+
 ## Appenders
 
 One of the things that did not suit us so well with the Semantic Logger approach was that they made a distinction between metrics and appenders. In our view anything that could potentially log something somewhere should be treated as an appender.
@@ -154,7 +190,7 @@ There are a number of appenders that each listen to different events and act on
 
 ### Stream
 
-Stream appenders are basically a log stream. You can add as many stream appenders as you like logging to different locations. 
+Stream appenders are basically a log stream. You can add as many stream appenders as you like logging to different locations.
 
 ```ruby
 Sapience.add_appender(:stream, file: "log/sapience.log", formatter: :json)
@@ -167,16 +203,16 @@ The sentry appender handles sending errors to [sentry](https://sentry.io). It's
 
 ```ruby
 Sapience.add_appender(
-  :sentry, 
-  dsn: "https://username:password@app.getsentry.com/00000", 
-  level: :error, 
+  :sentry,
+  dsn: "https://username:password@app.getsentry.com/00000",
+  level: :error,
   backtrace_level: :error
 )
 ```
 
 #### Test exceptions
 
-If you want to quickly verify that your appenders are handling exceptions properly. You can use the following method to 
+If you want to quickly verify that your appenders are handling exceptions properly. You can use the following method to
 generate and log an exception at any given level.
 
 ```ruby
@@ -203,7 +239,7 @@ metrics.decrement("company/project/metric-name", 5)
 metrics.histogram("company/project/metric-name", 2_500)
 metrics.gauge("company/project/metric-name", 1_000, {})
 metrics.event("company/project/metric-name", "description about event", {})
-metrics.batch do 
+metrics.batch do
   metrics.event("company/project/metric-name", "description about event", {})
   metrics.increment("company/project/another-metric-name", 2)
 end
@@ -226,15 +262,15 @@ Formatters can be specified by using the key `formatter: :camelized_formatter_na
 
 `formatter: :color` - gives colorized output. Useful for `test` and `development` environments.
 
-### Default 
+### Default
 
 `formatter: :default` - logs a string. Inspired by how access logs for Nginx are logged.
 
-### JSON 
+### JSON
 
 `formatter: :json` - logs are saved as a single line json. Useful for production like environments.
 
-### RAW 
+### RAW
 
 `formatter: :raw` - logs are saved as a single line ruby hash. Useful for production like environments and is used internally for the Sentry appender.
 

data/config/default.yml

@@ -1,5 +1,8 @@
 ---
 default:
+  filter_parameters:
+    - password
+    - password_confirmation
   log_executor: single_thread_executor
   log_level: info
   appenders:

data/lib/sapience/configuration.rb

@@ -8,15 +8,16 @@ module Sapience
   class Configuration
     attr_reader :default_level, :backtrace_level, :backtrace_level_index
     attr_writer :host
-    attr_accessor :app_name, :ap_options, :appenders, :log_executor
+    attr_accessor :app_name, :ap_options, :appenders, :log_executor, :filter_parameters
 
     SUPPORTED_EXECUTORS = %i(single_thread_executor immediate_executor).freeze
     DEFAULT = {
-      log_level:   :info,
-      host:        nil,
-      ap_options:  { multiline: false },
-      appenders:   [{ stream: { io: STDOUT, formatter: :color } }],
-      log_executor: :single_thread_executor,
+      log_level:         :info,
+      host:              nil,
+      ap_options:        { multiline: false },
+      appenders:         [{ stream: { io: STDOUT, formatter: :color } }],
+      log_executor:      :single_thread_executor,
+      filter_parameters: %w(password password_confirmation),
     }.freeze
 
     # Initial default Level for all new instances of Sapience::Logger
@@ -25,13 +26,14 @@ module Sapience
       @options             = DEFAULT.merge(options.dup.deep_symbolize_keyz!)
       @options[:log_executor] &&= @options[:log_executor].to_sym
       validate_log_executor!(@options[:log_executor])
-      self.default_level   = @options[:log_level].to_sym
-      self.backtrace_level = @options[:log_level].to_sym
-      self.host            = @options[:host]
-      self.app_name        = @options[:app_name]
-      self.ap_options      = @options[:ap_options]
-      self.appenders       = @options[:appenders]
-      self.log_executor    = @options[:log_executor]
+      self.default_level     = @options[:log_level].to_sym
+      self.backtrace_level   = @options[:log_level].to_sym
+      self.host              = @options[:host]
+      self.app_name          = @options[:app_name]
+      self.ap_options        = @options[:ap_options]
+      self.appenders         = @options[:appenders]
+      self.log_executor      = @options[:log_executor]
+      self.filter_parameters = @options[:filter_parameters]
     end
 
     # Sets the global default log level

data/lib/sapience/log.rb

@@ -1,7 +1,7 @@
 module Sapience
   # Log Struct
   #
-  #   Structure for holding all log entries
+  #   Structure for holding all log entries. We're using a struct because we want it to be fast and lightweight.
   #
   # level
   #   Log level of the supplied log call
@@ -140,6 +140,23 @@ module Sapience
       payload.inspect if payload?
     end
 
+    # This filtering is specifically designed for Rack-based payloads which may
+    # have sensitive information such as "password" or "credit_card" in
+    # its hash. We need to obfuscate these fields.
+    def payload # rubocop:disable AbcSize
+      return self[:payload] unless self[:payload].is_a?(Hash) && self[:payload][:params].is_a?(Hash)
+      return @payload unless @payload.nil?
+
+      # We don't want to mutate the existing object so dup
+      @payload = self[:payload].dup
+
+      Sapience.config.filter_parameters.each do |filter|
+        @payload[:params][filter] = "[FILTERED]" if @payload[:params].key?(filter)
+      end
+
+      @payload
+    end
+
     # Returns [true|false] whether the log entry has a payload
     def payload?
       !(payload.nil? || (payload.respond_to?(:empty?) && payload.empty?))

data/lib/sapience/sapience.rb

@@ -6,12 +6,13 @@ require "English"
 # Example:
 #
 # Sapience.configure do |config|
-#   config.default_level   = ENV.fetch('SAPIENCE_DEFAULT_LEVEL') { :info }.to_sym
-#   config.backtrace_level = ENV.fetch('SAPIENCE_BACKTRACE_LEVEL') { :info }.to_sym
-#   config.app_name        = 'TestApplication'
-#   config.host            = ENV.fetch('SAPIENCE_HOST', nil)
-#   config.ap_options      = { multiline: false }
-#   config.appenders       = [
+#   config.default_level     = ENV.fetch('SAPIENCE_DEFAULT_LEVEL') { :info }.to_sym
+#   config.backtrace_level   = ENV.fetch('SAPIENCE_BACKTRACE_LEVEL') { :info }.to_sym
+#   config.app_name          = 'TestApplication'
+#   config.host              = ENV.fetch('SAPIENCE_HOST', nil)
+#   config.ap_options        = { multiline: false }
+#   config.filter_parameters << "credit_card"
+#   config.appenders         = [
 #     { stream: { io: STDOUT, formatter: :color } },
 #     { statsd: { url: 'udp://localhost:2222' } },
 #     { sentry: { dsn: 'https://foobar:443' } },

data/lib/sapience/version.rb

@@ -1,3 +1,3 @@
 module Sapience
-  VERSION = "1.0.8"
+  VERSION = "1.0.9"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sapience
 version: !ruby/object:Gem::Version
-  version: 1.0.8
+  version: 1.0.9
 platform: ruby
 authors:
 - Mikael Henriksson
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-10-04 00:00:00.000000000 Z
+date: 2016-10-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: concurrent-ruby