sensitive_data_filter 0.1.0 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +3 -0
- data/CHANGELOG.md +15 -0
- data/README.md +38 -11
- data/gemfiles/Gemfile.ruby-2.1.rb +2 -0
- data/gemfiles/Gemfile.ruby-2.2.rb +2 -0
- data/lib/sensitive_data_filter/config.rb +5 -0
- data/lib/sensitive_data_filter/mask.rb +7 -3
- data/lib/sensitive_data_filter/middleware.rb +1 -1
- data/lib/sensitive_data_filter/middleware/env_filter.rb +10 -4
- data/lib/sensitive_data_filter/middleware/env_parser.rb +19 -6
- data/lib/sensitive_data_filter/middleware/occurrence.rb +22 -11
- data/lib/sensitive_data_filter/middleware/parameter_parser.rb +48 -0
- data/lib/sensitive_data_filter/scan.rb +22 -9
- data/lib/sensitive_data_filter/types/credit_card.rb +3 -35
- data/lib/sensitive_data_filter/version.rb +1 -1
- data/sensitive_data_filter.gemspec +1 -0
- metadata +17 -3
- data/lib/sensitive_data_filter/middleware/parameter_scanner.rb +0 -22
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 70cedcd682fd58e3d8682c603bc8326c36e7b8ec
|
|
4
|
+
data.tar.gz: aee8dcf45f48b651e85507a6d0e0b02fe8fbb071
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fc6618c4cdad98edb6899779d93b15a1cbfc5c8b650d2cce604f40b2c9178d24cf9000753ecf512ee82b99a17e580f8750cf3019ac6f0777532a417d32ffc8d9
|
|
7
|
+
data.tar.gz: 1f126f0eec67bc0c8bc74d7bb50e6121056a8113ce35454ba2fc7d1c36d6db74ede0736050515b96e53467d433844f6eef1a545554a01d58898fef0d117bf9eb
|
data/.rubocop.yml
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -3,6 +3,21 @@ All notable changes to this project will be documented in this file.
|
|
|
3
3
|
This project adheres to [Semantic Versioning](http://semver.org/).
|
|
4
4
|
This changelog adheres to [Keep a CHANGELOG](http://keepachangelog.com/).
|
|
5
5
|
|
|
6
|
+
## [0.2.0] - 2016-12-13
|
|
7
|
+
### Added
|
|
8
|
+
- Occurrence exposes content type
|
|
9
|
+
- Support for different content types
|
|
10
|
+
- Native JSON parameter parsing
|
|
11
|
+
- Allows defining parameter parsers
|
|
12
|
+
- Scans and masks parameter keys
|
|
13
|
+
- Adds credit card brand validation
|
|
14
|
+
|
|
15
|
+
### Changed
|
|
16
|
+
- Occurrence now exposes query and body params separately
|
|
17
|
+
|
|
18
|
+
### Fixed
|
|
19
|
+
- Skips scanning of file uploads
|
|
20
|
+
|
|
6
21
|
## [0.1.0] - 2016-12-09
|
|
7
22
|
### Added
|
|
8
23
|
- Whitelisting of matches
|
data/README.md
CHANGED
|
@@ -44,24 +44,31 @@ SensitiveDataFilter.config do |config|
|
|
|
44
44
|
# Report occurrence
|
|
45
45
|
end
|
|
46
46
|
config.whitelist pattern1, pattern2 # Allows specifying patterns to whitelist matches
|
|
47
|
+
config.register_parser('yaml', -> params { YAML.load params }, -> params { YAML.dump params })
|
|
47
48
|
end
|
|
48
49
|
```
|
|
49
50
|
|
|
50
51
|
An occurrence object has the following properties:
|
|
51
52
|
|
|
52
|
-
* origin_ip:
|
|
53
|
-
* request_method:
|
|
54
|
-
* url:
|
|
55
|
-
*
|
|
56
|
-
*
|
|
57
|
-
*
|
|
58
|
-
*
|
|
59
|
-
*
|
|
53
|
+
* origin_ip: the IP address that originated the request
|
|
54
|
+
* request_method: the HTTP method for the request (GET, POST, etc.)
|
|
55
|
+
* url: the URL of the request
|
|
56
|
+
* content_type: the Content-Type of the request
|
|
57
|
+
* original_query_params: the query parameters sent with the request
|
|
58
|
+
* original_body_params: the body parameters sent with the request
|
|
59
|
+
* filtered_query_params: the query parameters sent with the request, with sensitive data filtered
|
|
60
|
+
* filtered_body_params: the body parameters sent with the request, with sensitive data filtered
|
|
61
|
+
* session: the session properties for the request
|
|
62
|
+
* matches: the matched sensitive data
|
|
63
|
+
* matches_count: the number of matches per data type, e.g. { 'CreditCard' => 1 }
|
|
60
64
|
|
|
61
65
|
It also exposes `to_h` and `to_s` methods for hash and string representation respectively.
|
|
62
|
-
Please note that these representations omit sensitive data,
|
|
66
|
+
Please note that these representations omit sensitive data,
|
|
67
|
+
i.e. `original_query_params`, `original_body_params` and `matches` are not included.
|
|
63
68
|
|
|
64
|
-
#### Important
|
|
69
|
+
#### Important Notes
|
|
70
|
+
|
|
71
|
+
Body parameters will not be parsed if a parser for the request's content type is not defined.
|
|
65
72
|
|
|
66
73
|
You might want to filter sensitive parameters (e.g: passwords).
|
|
67
74
|
In Rails you can do something like:
|
|
@@ -69,9 +76,29 @@ In Rails you can do something like:
|
|
|
69
76
|
```ruby
|
|
70
77
|
filters = Rails.application.config.filter_parameters
|
|
71
78
|
filter = ActionDispatch::Http::ParameterFilter.new filters
|
|
72
|
-
filter.filter @occurrence.
|
|
79
|
+
filtered_query_params = filter.filter @occurrence.filtered_query_params
|
|
80
|
+
filtered_body_params = if @occurrence.filtered_body_params.is_a? Hash
|
|
81
|
+
filter.filter @occurrence.filtered_body_params
|
|
82
|
+
else
|
|
83
|
+
@occurrence.filtered_body_params
|
|
84
|
+
end
|
|
73
85
|
```
|
|
74
86
|
|
|
87
|
+
#### Whitelisting
|
|
88
|
+
|
|
89
|
+
A list of whitelisting patterns can be passed to `config.whitelist`.
|
|
90
|
+
Any sensitive data match which also matches any of these patterns will be ignored.
|
|
91
|
+
|
|
92
|
+
#### Parameter Parsing
|
|
93
|
+
|
|
94
|
+
Parsers for parameters encoded for a specific content type can be defined.
|
|
95
|
+
The arguments for `config.register_parser` are:
|
|
96
|
+
* a pattern to match the content type
|
|
97
|
+
* a parser for the parameters
|
|
98
|
+
* an unparser to convert parameters back to the encoded format
|
|
99
|
+
|
|
100
|
+
The parser and unparser must be objects that respond to `call` and accept the parameters as an argument (e.g. procs or lambdas).
|
|
101
|
+
|
|
75
102
|
## Development
|
|
76
103
|
|
|
77
104
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
|
@@ -44,5 +44,10 @@ module SensitiveDataFilter
|
|
|
44
44
|
def whitelist_patterns
|
|
45
45
|
@whitelist_patterns ||= []
|
|
46
46
|
end
|
|
47
|
+
|
|
48
|
+
def register_parser(content_type, parser, unparser)
|
|
49
|
+
SensitiveDataFilter::Middleware::ParameterParser
|
|
50
|
+
.register_parser(content_type, parser, unparser)
|
|
51
|
+
end
|
|
47
52
|
end
|
|
48
53
|
end
|
|
@@ -2,13 +2,17 @@
|
|
|
2
2
|
module SensitiveDataFilter
|
|
3
3
|
module Mask
|
|
4
4
|
module_function def mask(value)
|
|
5
|
+
return mask_array(value) if value.is_a? Array
|
|
6
|
+
return mask_hash(value) if value.is_a? Hash
|
|
5
7
|
SensitiveDataFilter.enabled_types.inject(value) { |acc, elem| elem.mask acc }
|
|
6
8
|
end
|
|
7
9
|
|
|
10
|
+
module_function def mask_array(array)
|
|
11
|
+
array.map { |element| mask(element) }
|
|
12
|
+
end
|
|
13
|
+
|
|
8
14
|
module_function def mask_hash(hash)
|
|
9
|
-
hash.map
|
|
10
|
-
result[key] = mask(value)
|
|
11
|
-
}
|
|
15
|
+
hash.map { |key, value| [mask(key), mask(value)] }.to_h
|
|
12
16
|
end
|
|
13
17
|
end
|
|
14
18
|
end
|
|
@@ -4,8 +4,8 @@ module SensitiveDataFilter
|
|
|
4
4
|
end
|
|
5
5
|
end
|
|
6
6
|
|
|
7
|
+
require 'sensitive_data_filter/middleware/parameter_parser'
|
|
7
8
|
require 'sensitive_data_filter/middleware/env_parser'
|
|
8
|
-
require 'sensitive_data_filter/middleware/parameter_scanner'
|
|
9
9
|
require 'sensitive_data_filter/middleware/occurrence'
|
|
10
10
|
require 'sensitive_data_filter/middleware/env_filter'
|
|
11
11
|
require 'sensitive_data_filter/middleware/filter'
|
|
@@ -9,8 +9,8 @@ module SensitiveDataFilter
|
|
|
9
9
|
def initialize(env)
|
|
10
10
|
@original_env_parser = EnvParser.new(env)
|
|
11
11
|
@filtered_env_parser = @original_env_parser.copy
|
|
12
|
-
@
|
|
13
|
-
@filtered_env_parser.mask! if @
|
|
12
|
+
@scan = build_scan
|
|
13
|
+
@filtered_env_parser.mask! if @scan.matches?
|
|
14
14
|
@occurrence = build_occurrence
|
|
15
15
|
end
|
|
16
16
|
|
|
@@ -25,8 +25,14 @@ module SensitiveDataFilter
|
|
|
25
25
|
private
|
|
26
26
|
|
|
27
27
|
def build_occurrence
|
|
28
|
-
return nil unless @
|
|
29
|
-
Occurrence.new(@original_env_parser, @filtered_env_parser, @
|
|
28
|
+
return nil unless @scan.matches?
|
|
29
|
+
Occurrence.new(@original_env_parser, @filtered_env_parser, @scan.matches)
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
def build_scan
|
|
33
|
+
SensitiveDataFilter::Scan.new(
|
|
34
|
+
[@original_env_parser.query_params, @original_env_parser.body_params]
|
|
35
|
+
)
|
|
30
36
|
end
|
|
31
37
|
end
|
|
32
38
|
end
|
|
@@ -1,7 +1,12 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
|
+
require 'forwardable'
|
|
3
|
+
|
|
2
4
|
module SensitiveDataFilter
|
|
3
5
|
module Middleware
|
|
4
6
|
class EnvParser
|
|
7
|
+
QUERY_STRING = 'QUERY_STRING'.freeze
|
|
8
|
+
RACK_INPUT = 'rack.input'.freeze
|
|
9
|
+
|
|
5
10
|
extend Forwardable
|
|
6
11
|
|
|
7
12
|
attr_reader :env
|
|
@@ -9,6 +14,7 @@ module SensitiveDataFilter
|
|
|
9
14
|
def initialize(env)
|
|
10
15
|
@env = env
|
|
11
16
|
@request = Rack::Request.new(@env)
|
|
17
|
+
@parameter_parser = ParameterParser.parser_for(@request.media_type)
|
|
12
18
|
end
|
|
13
19
|
|
|
14
20
|
def query_params
|
|
@@ -16,17 +22,18 @@ module SensitiveDataFilter
|
|
|
16
22
|
end
|
|
17
23
|
|
|
18
24
|
def body_params
|
|
25
|
+
return {} if file_upload?
|
|
19
26
|
body = @request.body.read
|
|
20
27
|
@request.body.rewind
|
|
21
|
-
|
|
28
|
+
@parameter_parser.parse(body)
|
|
22
29
|
end
|
|
23
30
|
|
|
24
31
|
def query_params=(new_params)
|
|
25
|
-
@env[
|
|
32
|
+
@env[QUERY_STRING] = Rack::Utils.build_query(new_params)
|
|
26
33
|
end
|
|
27
34
|
|
|
28
35
|
def body_params=(new_params)
|
|
29
|
-
@env[
|
|
36
|
+
@env[RACK_INPUT] = StringIO.new @parameter_parser.unparse(new_params)
|
|
30
37
|
end
|
|
31
38
|
|
|
32
39
|
def copy
|
|
@@ -34,11 +41,17 @@ module SensitiveDataFilter
|
|
|
34
41
|
end
|
|
35
42
|
|
|
36
43
|
def mask!
|
|
37
|
-
self.query_params = SensitiveDataFilter::Mask.
|
|
38
|
-
self.body_params = SensitiveDataFilter::Mask.
|
|
44
|
+
self.query_params = SensitiveDataFilter::Mask.mask(query_params)
|
|
45
|
+
self.body_params = SensitiveDataFilter::Mask.mask(body_params)
|
|
39
46
|
end
|
|
40
47
|
|
|
41
|
-
def_delegators :@request, :ip, :request_method, :url, :
|
|
48
|
+
def_delegators :@request, :ip, :request_method, :url, :content_type, :session
|
|
49
|
+
|
|
50
|
+
private
|
|
51
|
+
|
|
52
|
+
def file_upload?
|
|
53
|
+
@request.media_type == 'multipart/form-data'
|
|
54
|
+
end
|
|
42
55
|
end
|
|
43
56
|
end
|
|
44
57
|
end
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
|
+
require 'forwardable'
|
|
2
3
|
require 'facets/string/titlecase'
|
|
3
4
|
|
|
4
5
|
module SensitiveDataFilter
|
|
@@ -18,15 +19,23 @@ module SensitiveDataFilter
|
|
|
18
19
|
@original_env_parser.ip
|
|
19
20
|
end
|
|
20
21
|
|
|
21
|
-
def
|
|
22
|
-
@original_env_parser.
|
|
22
|
+
def original_query_params
|
|
23
|
+
@original_env_parser.query_params
|
|
23
24
|
end
|
|
24
25
|
|
|
25
|
-
def
|
|
26
|
-
@
|
|
26
|
+
def original_body_params
|
|
27
|
+
@original_env_parser.body_params
|
|
27
28
|
end
|
|
28
29
|
|
|
29
|
-
|
|
30
|
+
def filtered_query_params
|
|
31
|
+
@filtered_env_parser.query_params
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
def filtered_body_params
|
|
35
|
+
@filtered_env_parser.body_params
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
def_delegators :@original_env_parser, :request_method, :url, :content_type, :session
|
|
30
39
|
|
|
31
40
|
def matches_count
|
|
32
41
|
@matches.map { |type, matches| [type, matches.count] }.to_h
|
|
@@ -34,12 +43,14 @@ module SensitiveDataFilter
|
|
|
34
43
|
|
|
35
44
|
def to_h
|
|
36
45
|
{
|
|
37
|
-
origin_ip:
|
|
38
|
-
request_method:
|
|
39
|
-
url:
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
46
|
+
origin_ip: origin_ip,
|
|
47
|
+
request_method: request_method,
|
|
48
|
+
url: url,
|
|
49
|
+
content_type: content_type,
|
|
50
|
+
filtered_query_params: filtered_query_params,
|
|
51
|
+
filtered_body_params: filtered_body_params,
|
|
52
|
+
session: session,
|
|
53
|
+
matches_count: matches_count
|
|
43
54
|
}
|
|
44
55
|
end
|
|
45
56
|
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module SensitiveDataFilter
|
|
4
|
+
module Middleware
|
|
5
|
+
class ParameterParser
|
|
6
|
+
def self.register_parser(content_type, parse, unparse)
|
|
7
|
+
parsers.unshift new(content_type, parse, unparse)
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def self.parsers
|
|
11
|
+
@parsers ||= DEFAULT_PARSERS.dup
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def self.parser_for(content_type)
|
|
15
|
+
parsers.find { |parser| parser.can_parse? content_type } || NULL_PARSER
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def initialize(content_type, parse, unparse)
|
|
19
|
+
@content_type = content_type
|
|
20
|
+
@parse = parse
|
|
21
|
+
@unparse = unparse
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def can_parse?(content_type)
|
|
25
|
+
content_type.to_s.match @content_type
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def parse(params)
|
|
29
|
+
@parse.call params
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
def unparse(params)
|
|
33
|
+
@unparse.call params
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
NULL_PARSER = new('', ->(params) { params }, ->(params) { params })
|
|
37
|
+
|
|
38
|
+
DEFAULT_PARSERS = [
|
|
39
|
+
new('urlencoded', # e.g.: 'application/x-www-form-urlencoded'
|
|
40
|
+
->(params) { Rack::Utils.parse_query(params) },
|
|
41
|
+
->(params) { Rack::Utils.build_query(params) }),
|
|
42
|
+
new('json', # e.g.: 'application/json'
|
|
43
|
+
->(params) { JSON.parse(params) },
|
|
44
|
+
->(params) { JSON.unparse(params) })
|
|
45
|
+
].freeze
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
end
|
|
@@ -1,26 +1,39 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
require 'facets/kernel/present'
|
|
3
|
+
require 'facets/hash/collate'
|
|
3
4
|
|
|
4
5
|
module SensitiveDataFilter
|
|
5
6
|
class Scan
|
|
7
|
+
def self.scan(value)
|
|
8
|
+
return scan_array(value) if value.is_a? Array
|
|
9
|
+
return scan_hash(value) if value.is_a? Hash
|
|
10
|
+
SensitiveDataFilter.enabled_types.map.with_object({}) { |scanner, matches|
|
|
11
|
+
matches[scanner.name.split('::').last] = whitelist(scanner.scan(value))
|
|
12
|
+
}
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def self.scan_array(array)
|
|
16
|
+
array.map { |element| scan(element) }.inject(:collate) || {}
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def self.scan_hash(hash)
|
|
20
|
+
hash.map { |key, value| scan(key).collate(scan(value)) }.inject(:collate) || {}
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def self.whitelist(matches)
|
|
24
|
+
matches.reject { |match| SensitiveDataFilter.whitelisted? match }
|
|
25
|
+
end
|
|
26
|
+
|
|
6
27
|
def initialize(value)
|
|
7
28
|
@value = value
|
|
8
29
|
end
|
|
9
30
|
|
|
10
31
|
def matches
|
|
11
|
-
@matches ||=
|
|
12
|
-
matches[scanner.name.split('::').last] = whitelist scanner.scan(@value)
|
|
13
|
-
}
|
|
32
|
+
@matches ||= self.class.scan(@value)
|
|
14
33
|
end
|
|
15
34
|
|
|
16
35
|
def matches?
|
|
17
36
|
matches.values.any?(&:present?)
|
|
18
37
|
end
|
|
19
|
-
|
|
20
|
-
private
|
|
21
|
-
|
|
22
|
-
def whitelist(matches)
|
|
23
|
-
matches.reject { |match| SensitiveDataFilter.whitelisted? match }
|
|
24
|
-
end
|
|
25
38
|
end
|
|
26
39
|
end
|
|
@@ -1,4 +1,6 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
|
+
require 'credit_card_validations'
|
|
3
|
+
|
|
2
4
|
module SensitiveDataFilter
|
|
3
5
|
module Types
|
|
4
6
|
module CreditCard
|
|
@@ -21,7 +23,7 @@ module SensitiveDataFilter
|
|
|
21
23
|
module_function def valid?(number)
|
|
22
24
|
return false unless number.is_a? String
|
|
23
25
|
return false unless number.match CARD
|
|
24
|
-
|
|
26
|
+
CreditCardValidations::Detector.new(number.gsub(SEPARATORS, '')).brand.present?
|
|
25
27
|
end
|
|
26
28
|
|
|
27
29
|
module_function def scan(value)
|
|
@@ -33,40 +35,6 @@ module SensitiveDataFilter
|
|
|
33
35
|
return value unless value.is_a? String
|
|
34
36
|
scan(value).inject(value) { |acc, elem| acc.gsub(elem, FILTERED) }
|
|
35
37
|
end
|
|
36
|
-
|
|
37
|
-
# Adapted from https://github.com/rolfb/luhn-ruby/blob/master/lib/luhn.rb
|
|
38
|
-
class Luhn
|
|
39
|
-
def initialize(number)
|
|
40
|
-
@number = number
|
|
41
|
-
end
|
|
42
|
-
|
|
43
|
-
def valid?
|
|
44
|
-
numbers = split_digits(@number)
|
|
45
|
-
numbers.last == checksum(numbers[0..-2].join)
|
|
46
|
-
end
|
|
47
|
-
|
|
48
|
-
private
|
|
49
|
-
|
|
50
|
-
def checksum(number)
|
|
51
|
-
products = luhn_doubled(number)
|
|
52
|
-
sum = products.inject(0) { |acc, elem| acc + sum_of(elem) }
|
|
53
|
-
checksum = 10 - (sum % 10)
|
|
54
|
-
checksum == 10 ? 0 : checksum
|
|
55
|
-
end
|
|
56
|
-
|
|
57
|
-
def luhn_doubled(number)
|
|
58
|
-
numbers = split_digits(number).reverse
|
|
59
|
-
numbers.map.with_index { |n, i| i.even? ? n * 2 : n * 1 }.reverse
|
|
60
|
-
end
|
|
61
|
-
|
|
62
|
-
def sum_of(number)
|
|
63
|
-
split_digits(number).inject(:+)
|
|
64
|
-
end
|
|
65
|
-
|
|
66
|
-
def split_digits(number)
|
|
67
|
-
number.to_s.split(//).map(&:to_i)
|
|
68
|
-
end
|
|
69
|
-
end
|
|
70
38
|
end
|
|
71
39
|
end
|
|
72
40
|
end
|
|
@@ -25,6 +25,7 @@ Gem::Specification.new do |spec|
|
|
|
25
25
|
|
|
26
26
|
spec.add_dependency 'rack', '>= 1.4'
|
|
27
27
|
spec.add_dependency 'facets', '~> 3.1'
|
|
28
|
+
spec.add_dependency 'credit_card_validations', '~> 3.2'
|
|
28
29
|
|
|
29
30
|
spec.add_development_dependency 'bundler', '~> 1.13'
|
|
30
31
|
spec.add_development_dependency 'rake', '~> 10.0'
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sensitive_data_filter
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alessandro Berardi
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: exe
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2016-12-
|
|
12
|
+
date: 2016-12-13 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: rack
|
|
@@ -39,6 +39,20 @@ dependencies:
|
|
|
39
39
|
- - "~>"
|
|
40
40
|
- !ruby/object:Gem::Version
|
|
41
41
|
version: '3.1'
|
|
42
|
+
- !ruby/object:Gem::Dependency
|
|
43
|
+
name: credit_card_validations
|
|
44
|
+
requirement: !ruby/object:Gem::Requirement
|
|
45
|
+
requirements:
|
|
46
|
+
- - "~>"
|
|
47
|
+
- !ruby/object:Gem::Version
|
|
48
|
+
version: '3.2'
|
|
49
|
+
type: :runtime
|
|
50
|
+
prerelease: false
|
|
51
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
52
|
+
requirements:
|
|
53
|
+
- - "~>"
|
|
54
|
+
- !ruby/object:Gem::Version
|
|
55
|
+
version: '3.2'
|
|
42
56
|
- !ruby/object:Gem::Dependency
|
|
43
57
|
name: bundler
|
|
44
58
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -182,7 +196,7 @@ files:
|
|
|
182
196
|
- lib/sensitive_data_filter/middleware/env_parser.rb
|
|
183
197
|
- lib/sensitive_data_filter/middleware/filter.rb
|
|
184
198
|
- lib/sensitive_data_filter/middleware/occurrence.rb
|
|
185
|
-
- lib/sensitive_data_filter/middleware/
|
|
199
|
+
- lib/sensitive_data_filter/middleware/parameter_parser.rb
|
|
186
200
|
- lib/sensitive_data_filter/scan.rb
|
|
187
201
|
- lib/sensitive_data_filter/types.rb
|
|
188
202
|
- lib/sensitive_data_filter/types/credit_card.rb
|
|
@@ -1,22 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
require 'facets/hash/collate'
|
|
3
|
-
|
|
4
|
-
module SensitiveDataFilter
|
|
5
|
-
module Middleware
|
|
6
|
-
class ParameterScanner
|
|
7
|
-
def initialize(env_parser)
|
|
8
|
-
@env_parser = env_parser
|
|
9
|
-
@params = @env_parser.query_params.values + @env_parser.body_params.values
|
|
10
|
-
@scans = @params.map { |value| SensitiveDataFilter::Scan.new(value) }
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
def matches
|
|
14
|
-
@scans.map(&:matches).inject(:collate)
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
def sensitive_data?
|
|
18
|
-
@scans.any?(&:matches?)
|
|
19
|
-
end
|
|
20
|
-
end
|
|
21
|
-
end
|
|
22
|
-
end
|