sensitive_data_filter 0.2.4 → 0.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.github/dependabot.yml +6 -0
- data/.github/workflows/release.yml +59 -0
- data/.github/workflows/ruby.yml +16 -0
- data/.ruby-version +1 -1
- data/.travis.yml +8 -12
- data/CHANGELOG.md +25 -1
- data/README.md +40 -9
- data/lib/sensitive_data_filter/config.rb +12 -0
- data/lib/sensitive_data_filter/mask.rb +7 -1
- data/lib/sensitive_data_filter/middleware.rb +2 -1
- data/lib/sensitive_data_filter/middleware/detect.rb +28 -0
- data/lib/sensitive_data_filter/middleware/env_parser.rb +17 -7
- data/lib/sensitive_data_filter/middleware/filter.rb +10 -6
- data/lib/sensitive_data_filter/middleware/occurrence.rb +17 -5
- data/lib/sensitive_data_filter/scan.rb +7 -1
- data/lib/sensitive_data_filter/version.rb +1 -1
- data/sensitive_data_filter.gemspec +12 -12
- metadata +51 -51
- data/gemfiles/Gemfile.ruby-2.1.rb +0 -10
- data/gemfiles/Gemfile.ruby-2.2.rb +0 -10
- data/lib/sensitive_data_filter/middleware/env_filter.rb +0 -39
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: e80564888cb25e531d59e376ef39093e0a00b8405161dc59b484a5359cdb46f8
|
4
|
+
data.tar.gz: 1a7d30a9a35d631fdcba3f1376b1e399ec8e7ae38704a3a15be3186d880c0d01
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 309fe47506bdfce0e80b6f1a329c1190864ccf6314680272e2e7fa8865bae7dfd9c3477667954adcec42377598a0a0d4a80236c071c17fc75c4fce292e8b46f4
|
7
|
+
data.tar.gz: d7b06b4b6d4f7f2c48af21a584bcd81166881dcc37a83e51de79b743348a12e0495746f6ef0595881dd4640e0f08a700580272a1915dc7db62fe90d6579d3003
|
@@ -0,0 +1,59 @@
|
|
1
|
+
name: Release
|
2
|
+
|
3
|
+
on:
|
4
|
+
push:
|
5
|
+
tags:
|
6
|
+
- "v*"
|
7
|
+
|
8
|
+
jobs:
|
9
|
+
build:
|
10
|
+
name: Build
|
11
|
+
runs-on: ubuntu-latest
|
12
|
+
steps:
|
13
|
+
- name: Checkout
|
14
|
+
uses: actions/checkout@v2
|
15
|
+
- uses: ruby/setup-ruby@v1
|
16
|
+
with:
|
17
|
+
bundler-cache: true
|
18
|
+
- run: bundle exec rake
|
19
|
+
|
20
|
+
release:
|
21
|
+
needs: build
|
22
|
+
name: Release
|
23
|
+
runs-on: ubuntu-latest
|
24
|
+
steps:
|
25
|
+
- name: Checkout
|
26
|
+
uses: actions/checkout@v2
|
27
|
+
|
28
|
+
- name: Generate Changelog
|
29
|
+
run: |
|
30
|
+
# Get version from github ref (remove 'refs/tags/' and prefix 'v')
|
31
|
+
version="${GITHUB_REF#refs/tags/v}"
|
32
|
+
npx changelog-parser CHANGELOG.md | jq -cr ".versions | .[] | select(.version == \"$version\") | .body" > ${{ github.workflow }}-CHANGELOG.txt
|
33
|
+
|
34
|
+
- name: Release
|
35
|
+
uses: softprops/action-gh-release@v1
|
36
|
+
with:
|
37
|
+
body_path: ${{ github.workflow }}-CHANGELOG.txt
|
38
|
+
env:
|
39
|
+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
40
|
+
|
41
|
+
publish:
|
42
|
+
needs: [build, release]
|
43
|
+
name: Publish
|
44
|
+
runs-on: ubuntu-latest
|
45
|
+
|
46
|
+
steps:
|
47
|
+
- uses: actions/checkout@v2
|
48
|
+
- uses: ruby/setup-ruby@v1
|
49
|
+
|
50
|
+
- name: Publish to RubyGems
|
51
|
+
run: |
|
52
|
+
mkdir -p $HOME/.gem
|
53
|
+
touch $HOME/.gem/credentials
|
54
|
+
chmod 0600 $HOME/.gem/credentials
|
55
|
+
printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
|
56
|
+
gem build *.gemspec
|
57
|
+
gem push *.gem
|
58
|
+
env:
|
59
|
+
GEM_HOST_API_KEY: "${{secrets.RUBYGEMS_AUTH_TOKEN}}"
|
@@ -0,0 +1,16 @@
|
|
1
|
+
name: Build and Test
|
2
|
+
on: [push, pull_request]
|
3
|
+
jobs:
|
4
|
+
test:
|
5
|
+
strategy:
|
6
|
+
fail-fast: false
|
7
|
+
matrix:
|
8
|
+
ruby: ["2.6", "2.7", "3.0"]
|
9
|
+
runs-on: ubuntu-latest
|
10
|
+
steps:
|
11
|
+
- uses: actions/checkout@v2
|
12
|
+
- uses: ruby/setup-ruby@v1
|
13
|
+
with:
|
14
|
+
ruby-version: ${{ matrix.ruby }}
|
15
|
+
bundler-cache: true
|
16
|
+
- run: bundle exec rake
|
data/.ruby-version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
|
1
|
+
3.0.0
|
data/.travis.yml
CHANGED
@@ -1,14 +1,10 @@
|
|
1
|
-
sudo: false
|
2
1
|
language: ruby
|
3
2
|
rvm:
|
4
|
-
- 2.
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
notifications:
|
13
|
-
email:
|
14
|
-
- support@travellink.com.au
|
3
|
+
- 2.4
|
4
|
+
- 2.5
|
5
|
+
- 2.6
|
6
|
+
script: "bundle exec rake spec"
|
7
|
+
sudo: false
|
8
|
+
cache: bundler
|
9
|
+
before_install:
|
10
|
+
- gem install bundler
|
data/CHANGELOG.md
CHANGED
@@ -3,6 +3,31 @@ All notable changes to this project will be documented in this file.
|
|
3
3
|
This project adheres to [Semantic Versioning](http://semver.org/).
|
4
4
|
This changelog adheres to [Keep a CHANGELOG](http://keepachangelog.com/).
|
5
5
|
|
6
|
+
## 0.6.0
|
7
|
+
|
8
|
+
- [TT-8626] Update to build with github actions / ruby 3.0 / rails 6.1
|
9
|
+
|
10
|
+
## [0.5.0]
|
11
|
+
- [TT-5815] Relax version dependencies and tested on latest ruby versions
|
12
|
+
|
13
|
+
## [0.4.1] - 2018-03-08
|
14
|
+
### Changed
|
15
|
+
- [TT-3686] Don't mutate env vars unless the key already exists
|
16
|
+
|
17
|
+
## [0.4.0] - 2018-01-18
|
18
|
+
### Changed
|
19
|
+
- [TT-3520] No longer clone the "env" middleware variable
|
20
|
+
- [TT-3521] filter action dispatch parameter fields
|
21
|
+
- [TT-3523] Update gem dependencies
|
22
|
+
|
23
|
+
## [0.3.0] - 2016-12-28
|
24
|
+
### Changed
|
25
|
+
- Allows whitelisting hash values based on the key
|
26
|
+
- Updates README for usage with Rails middleware stack
|
27
|
+
|
28
|
+
### Added
|
29
|
+
- Adds `original_env` and `filtered_env` properties to occurrence
|
30
|
+
|
6
31
|
## [0.2.4] - 2016-12-22
|
7
32
|
### Changed
|
8
33
|
- Does not match credit cards numbers that are part of alphanumerical strings
|
@@ -14,7 +39,6 @@ This changelog adheres to [Keep a CHANGELOG](http://keepachangelog.com/).
|
|
14
39
|
### Changed
|
15
40
|
- Does not match credit cards numbers that are part of longer numbers
|
16
41
|
|
17
|
-
|
18
42
|
## [0.2.2] - 2016-12-21
|
19
43
|
### Fixed
|
20
44
|
- Implements stricter credit cards pattern matching
|
data/README.md
CHANGED
@@ -1,9 +1,8 @@
|
|
1
1
|
# SensitiveDataFilter
|
2
2
|
|
3
3
|
[![Gem Version](https://badge.fury.io/rb/sensitive_data_filter.svg)](http://badge.fury.io/rb/sensitive_data_filter)
|
4
|
-
[![Build Status](https://
|
4
|
+
[![Build Status](https://github.com/sealink/sensitive_data_filter/workflows/Build%20and%20Test/badge.svg?branch=master)](https://github.com/sealink/sensitive_data_filter/actions)
|
5
5
|
[![Coverage Status](https://coveralls.io/repos/sealink/sensitive_data_filter/badge.svg)](https://coveralls.io/r/sealink/sensitive_data_filter)
|
6
|
-
[![Dependency Status](https://gemnasium.com/sealink/sensitive_data_filter.svg)](https://gemnasium.com/sealink/sensitive_data_filter)
|
7
6
|
[![Code Climate](https://codeclimate.com/github/sealink/sensitive_data_filter/badges/gpa.svg)](https://codeclimate.com/github/sealink/sensitive_data_filter)
|
8
7
|
|
9
8
|
A Rack Middleware filter for sensitive data
|
@@ -28,7 +27,7 @@ Or install it yourself as:
|
|
28
27
|
|
29
28
|
### Enable the middleware
|
30
29
|
|
31
|
-
Insert the middleware in the stack before any parameter parsing is performed
|
30
|
+
Insert the middleware in the stack before any parameter parsing is performed.
|
32
31
|
|
33
32
|
E.g. for Rails, add the following in application.rb
|
34
33
|
|
@@ -37,15 +36,31 @@ E.g. for Rails, add the following in application.rb
|
|
37
36
|
config.middleware.insert_before 'ActionDispatch::ParamsParser', SensitiveDataFilter::Middleware::Filter
|
38
37
|
```
|
39
38
|
|
39
|
+
To ensure that no sensitive data is accessed at any level of the stack, insert the middleware at the top of the stack.
|
40
|
+
|
41
|
+
E.g.
|
42
|
+
|
43
|
+
```ruby
|
44
|
+
# --- Sensitive Data Filtering ---
|
45
|
+
config.middleware.insert_before 0, SensitiveDataFilter::Middleware::Filter
|
46
|
+
```
|
47
|
+
|
48
|
+
#### Important note for Rails
|
49
|
+
|
50
|
+
Rails logs the URI of the request in ``Rails::Rack::Logger``. At this point of the stack, Rails generally has not yet set the session in the env.
|
51
|
+
If you insert the sensitive data filtering middleware before this middleware you will prevent sensitive data from appearing in the logs,
|
52
|
+
but you will not have access to the session via the occurrence or the env in the occurrence handling block.
|
53
|
+
|
40
54
|
### Configuration
|
41
55
|
|
42
56
|
```ruby
|
43
57
|
SensitiveDataFilter.config do |config|
|
44
58
|
config.enable_types :credit_card # Already defaults to :credit_card if not specified
|
45
|
-
config.on_occurrence do |occurrence|
|
59
|
+
config.on_occurrence do |occurrence|
|
46
60
|
# Report occurrence
|
47
61
|
end
|
48
62
|
config.whitelist pattern1, pattern2 # Allows specifying patterns to whitelist matches
|
63
|
+
config.whitelist_key key_pattern1, key_pattern2 # Allows specifying patterns to whitelist hash values based on their keys
|
49
64
|
config.register_parser('yaml', -> params { YAML.load params }, -> params { YAML.dump params })
|
50
65
|
end
|
51
66
|
```
|
@@ -63,9 +78,11 @@ An occurrence object has the following properties:
|
|
63
78
|
* session: the session properties for the request
|
64
79
|
* matches: the matched sensitive data
|
65
80
|
* matches_count: the number of matches per data type, e.g. { 'CreditCard' => 1 }
|
81
|
+
* original_env: the original unfiltered Rack env
|
82
|
+
* changeset: the modified rack env variables
|
66
83
|
|
67
84
|
It also exposes `to_h` and `to_s` methods for hash and string representation respectively.
|
68
|
-
Please note that these representations omit sensitive data,
|
85
|
+
Please note that these representations omit sensitive data,
|
69
86
|
i.e. `original_query_params`, `original_body_params` and `matches` are not included.
|
70
87
|
|
71
88
|
#### Important Notes
|
@@ -88,9 +105,12 @@ filtered_body_params = if @occurrence.filtered_body_params.is_a? Hash
|
|
88
105
|
|
89
106
|
#### Whitelisting
|
90
107
|
|
91
|
-
A list of whitelisting patterns can be passed to `config.whitelist`.
|
108
|
+
A list of whitelisting patterns can be passed to `config.whitelist`.
|
92
109
|
Any sensitive data match which also matches any of these patterns will be ignored.
|
93
110
|
|
111
|
+
A list of whitelisting patterns can be passed to `config.whitelist_key`.
|
112
|
+
When scanning and matching hashes, any value whose key matches any of these patterns will be ignored.
|
113
|
+
|
94
114
|
#### Parameter Parsing
|
95
115
|
|
96
116
|
Parsers for parameters encoded for a specific content type can be defined.
|
@@ -98,9 +118,9 @@ The arguments for `config.register_parser` are:
|
|
98
118
|
* a pattern to match the content type
|
99
119
|
* a parser for the parameters
|
100
120
|
* an unparser to convert parameters back to the encoded format
|
101
|
-
|
121
|
+
|
102
122
|
The parser and unparser must be objects that respond to `call` and accept the parameters as an argument (e.g. procs or lambdas).
|
103
|
-
The parser should handle parsing exceptions gracefully by returning the arguments.
|
123
|
+
The parser should handle parsing exceptions gracefully by returning the arguments.
|
104
124
|
This ensures that sensitive data scanning and masking is applied on the raw parameters.
|
105
125
|
|
106
126
|
## Development
|
@@ -109,6 +129,18 @@ After checking out the repo, run `bin/setup` to install dependencies. Then, run
|
|
109
129
|
|
110
130
|
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
111
131
|
|
132
|
+
## Release
|
133
|
+
|
134
|
+
To publish a new version of this gem the following steps must be taken.
|
135
|
+
|
136
|
+
* Update the version in the following files
|
137
|
+
```
|
138
|
+
CHANGELOG.md
|
139
|
+
lib/sensitive_data_filter/version.rb
|
140
|
+
````
|
141
|
+
* Create a tag using the format v0.1.0
|
142
|
+
* Follow build progress in GitHub actions
|
143
|
+
|
112
144
|
## Contributing
|
113
145
|
|
114
146
|
Bug reports and pull requests are welcome on GitHub at https://github.com/sealink/sensitive_data_filter. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
|
@@ -117,4 +149,3 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/sealin
|
|
117
149
|
## License
|
118
150
|
|
119
151
|
The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
|
120
|
-
|
@@ -20,6 +20,10 @@ module SensitiveDataFilter
|
|
20
20
|
config.whitelist_patterns.any? { |pattern| value.match pattern }
|
21
21
|
end
|
22
22
|
|
23
|
+
def self.whitelisted_key?(key)
|
24
|
+
config.whitelist_key_patterns.any? { |pattern| key.match pattern }
|
25
|
+
end
|
26
|
+
|
23
27
|
class Config
|
24
28
|
DEFAULT_TYPES = %i(credit_card).freeze
|
25
29
|
|
@@ -45,6 +49,14 @@ module SensitiveDataFilter
|
|
45
49
|
@whitelist_patterns ||= []
|
46
50
|
end
|
47
51
|
|
52
|
+
def whitelist_key(*patterns)
|
53
|
+
@whitelist_key_patterns = patterns
|
54
|
+
end
|
55
|
+
|
56
|
+
def whitelist_key_patterns
|
57
|
+
@whitelist_key_patterns ||= []
|
58
|
+
end
|
59
|
+
|
48
60
|
def register_parser(content_type, parser, unparser)
|
49
61
|
SensitiveDataFilter::Middleware::ParameterParser
|
50
62
|
.register_parser(content_type, parser, unparser)
|
@@ -12,7 +12,13 @@ module SensitiveDataFilter
|
|
12
12
|
end
|
13
13
|
|
14
14
|
module_function def mask_hash(hash)
|
15
|
-
hash.map { |key, value|
|
15
|
+
hash.map { |key, value| mask_key_value(key, value) }.to_h
|
16
|
+
end
|
17
|
+
|
18
|
+
module_function def mask_key_value(key, value)
|
19
|
+
masked_key = mask(key)
|
20
|
+
return [masked_key, value] if SensitiveDataFilter.whitelisted_key? key
|
21
|
+
[masked_key, mask(value)]
|
16
22
|
end
|
17
23
|
end
|
18
24
|
end
|
@@ -1,11 +1,12 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
module SensitiveDataFilter
|
3
3
|
module Middleware
|
4
|
+
FILTERABLE = %i(query_params body_params request_params).freeze
|
4
5
|
end
|
5
6
|
end
|
6
7
|
|
7
8
|
require 'sensitive_data_filter/middleware/parameter_parser'
|
8
9
|
require 'sensitive_data_filter/middleware/env_parser'
|
9
10
|
require 'sensitive_data_filter/middleware/occurrence'
|
10
|
-
require 'sensitive_data_filter/middleware/
|
11
|
+
require 'sensitive_data_filter/middleware/detect'
|
11
12
|
require 'sensitive_data_filter/middleware/filter'
|
@@ -0,0 +1,28 @@
|
|
1
|
+
module SensitiveDataFilter
|
2
|
+
module Middleware
|
3
|
+
class Detect
|
4
|
+
def initialize(filter)
|
5
|
+
@filter = filter
|
6
|
+
end
|
7
|
+
|
8
|
+
def call
|
9
|
+
changeset = nil
|
10
|
+
scan = run_scan
|
11
|
+
if scan.matches?
|
12
|
+
changeset = OpenStruct.new(SensitiveDataFilter::Middleware::FILTERABLE.each_with_object({}) { |filterable, hash|
|
13
|
+
hash[filterable.to_s] = SensitiveDataFilter::Mask.mask(@filter.send(filterable))
|
14
|
+
})
|
15
|
+
end
|
16
|
+
[changeset, scan]
|
17
|
+
end
|
18
|
+
|
19
|
+
private
|
20
|
+
|
21
|
+
def run_scan
|
22
|
+
SensitiveDataFilter::Scan.new(
|
23
|
+
SensitiveDataFilter::Middleware::FILTERABLE.map { |filterable| @filter.send(filterable) }
|
24
|
+
)
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
@@ -6,6 +6,7 @@ module SensitiveDataFilter
|
|
6
6
|
class EnvParser
|
7
7
|
QUERY_STRING = 'QUERY_STRING'.freeze
|
8
8
|
RACK_INPUT = 'rack.input'.freeze
|
9
|
+
REQUEST_PARAMS = 'action_dispatch.request.request_parameters'.freeze
|
9
10
|
|
10
11
|
extend Forwardable
|
11
12
|
|
@@ -28,27 +29,36 @@ module SensitiveDataFilter
|
|
28
29
|
@parameter_parser.parse(body)
|
29
30
|
end
|
30
31
|
|
32
|
+
def request_params
|
33
|
+
@env[REQUEST_PARAMS]
|
34
|
+
end
|
35
|
+
|
31
36
|
def query_params=(new_params)
|
32
|
-
|
37
|
+
set_key_if_exists(QUERY_STRING, Rack::Utils.build_query(new_params))
|
33
38
|
end
|
34
39
|
|
35
40
|
def body_params=(new_params)
|
36
|
-
|
41
|
+
set_key_if_exists(RACK_INPUT, StringIO.new(@parameter_parser.unparse(new_params)))
|
37
42
|
end
|
38
43
|
|
39
|
-
def
|
40
|
-
|
44
|
+
def request_params=(new_params)
|
45
|
+
set_key_if_exists(REQUEST_PARAMS, new_params)
|
41
46
|
end
|
42
47
|
|
43
|
-
def
|
44
|
-
|
45
|
-
|
48
|
+
def mutate(mutation)
|
49
|
+
SensitiveDataFilter::Middleware::FILTERABLE.each do |filterable|
|
50
|
+
self.send("#{filterable}=", mutation.send(filterable))
|
51
|
+
end
|
46
52
|
end
|
47
53
|
|
48
54
|
def_delegators :@request, :ip, :request_method, :url, :content_type, :session
|
49
55
|
|
50
56
|
private
|
51
57
|
|
58
|
+
def set_key_if_exists(key, value)
|
59
|
+
@env[key] = value if @env.key?(key)
|
60
|
+
end
|
61
|
+
|
52
62
|
def file_upload?
|
53
63
|
@request.media_type == 'multipart/form-data'
|
54
64
|
end
|
@@ -7,16 +7,20 @@ module SensitiveDataFilter
|
|
7
7
|
end
|
8
8
|
|
9
9
|
def call(env)
|
10
|
-
|
11
|
-
|
12
|
-
|
10
|
+
original_env = EnvParser.new(env)
|
11
|
+
changeset, scan = Detect.new(original_env).call
|
12
|
+
unless changeset.nil?
|
13
|
+
handle_occurrence(original_env, changeset, scan)
|
14
|
+
original_env.mutate(changeset)
|
15
|
+
end
|
16
|
+
@app.call(env)
|
13
17
|
end
|
14
18
|
|
15
19
|
private
|
16
20
|
|
17
|
-
def handle_occurrence(
|
18
|
-
|
19
|
-
SensitiveDataFilter.handle_occurrence
|
21
|
+
def handle_occurrence(filter, changeset, scan)
|
22
|
+
occurence = Occurrence.new(filter, changeset, scan.matches)
|
23
|
+
SensitiveDataFilter.handle_occurrence(occurence)
|
20
24
|
end
|
21
25
|
end
|
22
26
|
end
|
@@ -9,9 +9,9 @@ module SensitiveDataFilter
|
|
9
9
|
|
10
10
|
attr_reader :matches
|
11
11
|
|
12
|
-
def initialize(original_env_parser,
|
12
|
+
def initialize(original_env_parser, changeset, matches)
|
13
13
|
@original_env_parser = original_env_parser
|
14
|
-
@
|
14
|
+
@changeset = changeset
|
15
15
|
@matches = matches
|
16
16
|
end
|
17
17
|
|
@@ -28,14 +28,26 @@ module SensitiveDataFilter
|
|
28
28
|
end
|
29
29
|
|
30
30
|
def filtered_query_params
|
31
|
-
@
|
31
|
+
@changeset.query_params
|
32
32
|
end
|
33
33
|
|
34
34
|
def filtered_body_params
|
35
|
-
@
|
35
|
+
@changeset.body_params
|
36
36
|
end
|
37
37
|
|
38
|
-
|
38
|
+
def changeset
|
39
|
+
@changeset
|
40
|
+
end
|
41
|
+
|
42
|
+
def original_env
|
43
|
+
@original_env_parser.env
|
44
|
+
end
|
45
|
+
|
46
|
+
def url
|
47
|
+
SensitiveDataFilter::Mask.mask(@original_env_parser.url)
|
48
|
+
end
|
49
|
+
|
50
|
+
def_delegators :@original_env_parser, :request_method, :content_type, :session
|
39
51
|
|
40
52
|
def matches_count
|
41
53
|
@matches.map { |type, matches| [type, matches.count] }.to_h
|
@@ -17,7 +17,13 @@ module SensitiveDataFilter
|
|
17
17
|
end
|
18
18
|
|
19
19
|
def self.scan_hash(hash)
|
20
|
-
hash.map { |key, value|
|
20
|
+
hash.map { |key, value| scan_key_value(key, value) }.inject(:collate) || {}
|
21
|
+
end
|
22
|
+
|
23
|
+
def self.scan_key_value(key, value)
|
24
|
+
key_scan = scan(key)
|
25
|
+
return key_scan if SensitiveDataFilter.whitelisted_key? key
|
26
|
+
key_scan.collate(scan(value))
|
21
27
|
end
|
22
28
|
|
23
29
|
def self.whitelist(matches)
|
@@ -21,18 +21,18 @@ Gem::Specification.new do |spec|
|
|
21
21
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
22
22
|
spec.require_paths = ['lib']
|
23
23
|
|
24
|
-
spec.required_ruby_version = '>= 2.
|
24
|
+
spec.required_ruby_version = '>= 2.6'
|
25
25
|
|
26
|
-
spec.add_dependency 'rack'
|
27
|
-
spec.add_dependency 'facets'
|
28
|
-
spec.add_dependency 'credit_card_validations'
|
26
|
+
spec.add_dependency 'rack'
|
27
|
+
spec.add_dependency 'facets'
|
28
|
+
spec.add_dependency 'credit_card_validations'
|
29
29
|
|
30
|
-
spec.add_development_dependency 'bundler'
|
31
|
-
spec.add_development_dependency 'rake'
|
32
|
-
spec.add_development_dependency 'rspec'
|
33
|
-
spec.add_development_dependency 'coverage-kit'
|
34
|
-
spec.add_development_dependency 'simplecov-rcov'
|
35
|
-
spec.add_development_dependency 'coveralls'
|
36
|
-
spec.add_development_dependency 'rubocop'
|
37
|
-
spec.add_development_dependency '
|
30
|
+
spec.add_development_dependency 'bundler'
|
31
|
+
spec.add_development_dependency 'rake'
|
32
|
+
spec.add_development_dependency 'rspec'
|
33
|
+
spec.add_development_dependency 'coverage-kit'
|
34
|
+
spec.add_development_dependency 'simplecov-rcov'
|
35
|
+
spec.add_development_dependency 'coveralls'
|
36
|
+
spec.add_development_dependency 'rubocop'
|
37
|
+
spec.add_development_dependency 'pry'
|
38
38
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sensitive_data_filter
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.6.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Alessandro Berardi
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: exe
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2021-01-06 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rack
|
@@ -17,154 +17,154 @@ dependencies:
|
|
17
17
|
requirements:
|
18
18
|
- - ">="
|
19
19
|
- !ruby/object:Gem::Version
|
20
|
-
version: '
|
20
|
+
version: '0'
|
21
21
|
type: :runtime
|
22
22
|
prerelease: false
|
23
23
|
version_requirements: !ruby/object:Gem::Requirement
|
24
24
|
requirements:
|
25
25
|
- - ">="
|
26
26
|
- !ruby/object:Gem::Version
|
27
|
-
version: '
|
27
|
+
version: '0'
|
28
28
|
- !ruby/object:Gem::Dependency
|
29
29
|
name: facets
|
30
30
|
requirement: !ruby/object:Gem::Requirement
|
31
31
|
requirements:
|
32
|
-
- - "
|
32
|
+
- - ">="
|
33
33
|
- !ruby/object:Gem::Version
|
34
|
-
version: '
|
34
|
+
version: '0'
|
35
35
|
type: :runtime
|
36
36
|
prerelease: false
|
37
37
|
version_requirements: !ruby/object:Gem::Requirement
|
38
38
|
requirements:
|
39
|
-
- - "
|
39
|
+
- - ">="
|
40
40
|
- !ruby/object:Gem::Version
|
41
|
-
version: '
|
41
|
+
version: '0'
|
42
42
|
- !ruby/object:Gem::Dependency
|
43
43
|
name: credit_card_validations
|
44
44
|
requirement: !ruby/object:Gem::Requirement
|
45
45
|
requirements:
|
46
|
-
- - "
|
46
|
+
- - ">="
|
47
47
|
- !ruby/object:Gem::Version
|
48
|
-
version: '
|
48
|
+
version: '0'
|
49
49
|
type: :runtime
|
50
50
|
prerelease: false
|
51
51
|
version_requirements: !ruby/object:Gem::Requirement
|
52
52
|
requirements:
|
53
|
-
- - "
|
53
|
+
- - ">="
|
54
54
|
- !ruby/object:Gem::Version
|
55
|
-
version: '
|
55
|
+
version: '0'
|
56
56
|
- !ruby/object:Gem::Dependency
|
57
57
|
name: bundler
|
58
58
|
requirement: !ruby/object:Gem::Requirement
|
59
59
|
requirements:
|
60
|
-
- - "
|
60
|
+
- - ">="
|
61
61
|
- !ruby/object:Gem::Version
|
62
|
-
version: '
|
62
|
+
version: '0'
|
63
63
|
type: :development
|
64
64
|
prerelease: false
|
65
65
|
version_requirements: !ruby/object:Gem::Requirement
|
66
66
|
requirements:
|
67
|
-
- - "
|
67
|
+
- - ">="
|
68
68
|
- !ruby/object:Gem::Version
|
69
|
-
version: '
|
69
|
+
version: '0'
|
70
70
|
- !ruby/object:Gem::Dependency
|
71
71
|
name: rake
|
72
72
|
requirement: !ruby/object:Gem::Requirement
|
73
73
|
requirements:
|
74
|
-
- - "
|
74
|
+
- - ">="
|
75
75
|
- !ruby/object:Gem::Version
|
76
|
-
version: '
|
76
|
+
version: '0'
|
77
77
|
type: :development
|
78
78
|
prerelease: false
|
79
79
|
version_requirements: !ruby/object:Gem::Requirement
|
80
80
|
requirements:
|
81
|
-
- - "
|
81
|
+
- - ">="
|
82
82
|
- !ruby/object:Gem::Version
|
83
|
-
version: '
|
83
|
+
version: '0'
|
84
84
|
- !ruby/object:Gem::Dependency
|
85
85
|
name: rspec
|
86
86
|
requirement: !ruby/object:Gem::Requirement
|
87
87
|
requirements:
|
88
|
-
- - "
|
88
|
+
- - ">="
|
89
89
|
- !ruby/object:Gem::Version
|
90
|
-
version: '
|
90
|
+
version: '0'
|
91
91
|
type: :development
|
92
92
|
prerelease: false
|
93
93
|
version_requirements: !ruby/object:Gem::Requirement
|
94
94
|
requirements:
|
95
|
-
- - "
|
95
|
+
- - ">="
|
96
96
|
- !ruby/object:Gem::Version
|
97
|
-
version: '
|
97
|
+
version: '0'
|
98
98
|
- !ruby/object:Gem::Dependency
|
99
99
|
name: coverage-kit
|
100
100
|
requirement: !ruby/object:Gem::Requirement
|
101
101
|
requirements:
|
102
|
-
- - "
|
102
|
+
- - ">="
|
103
103
|
- !ruby/object:Gem::Version
|
104
|
-
version: '0
|
104
|
+
version: '0'
|
105
105
|
type: :development
|
106
106
|
prerelease: false
|
107
107
|
version_requirements: !ruby/object:Gem::Requirement
|
108
108
|
requirements:
|
109
|
-
- - "
|
109
|
+
- - ">="
|
110
110
|
- !ruby/object:Gem::Version
|
111
|
-
version: '0
|
111
|
+
version: '0'
|
112
112
|
- !ruby/object:Gem::Dependency
|
113
113
|
name: simplecov-rcov
|
114
114
|
requirement: !ruby/object:Gem::Requirement
|
115
115
|
requirements:
|
116
|
-
- - "
|
116
|
+
- - ">="
|
117
117
|
- !ruby/object:Gem::Version
|
118
|
-
version: '0
|
118
|
+
version: '0'
|
119
119
|
type: :development
|
120
120
|
prerelease: false
|
121
121
|
version_requirements: !ruby/object:Gem::Requirement
|
122
122
|
requirements:
|
123
|
-
- - "
|
123
|
+
- - ">="
|
124
124
|
- !ruby/object:Gem::Version
|
125
|
-
version: '0
|
125
|
+
version: '0'
|
126
126
|
- !ruby/object:Gem::Dependency
|
127
127
|
name: coveralls
|
128
128
|
requirement: !ruby/object:Gem::Requirement
|
129
129
|
requirements:
|
130
|
-
- - "
|
130
|
+
- - ">="
|
131
131
|
- !ruby/object:Gem::Version
|
132
|
-
version: '0
|
132
|
+
version: '0'
|
133
133
|
type: :development
|
134
134
|
prerelease: false
|
135
135
|
version_requirements: !ruby/object:Gem::Requirement
|
136
136
|
requirements:
|
137
|
-
- - "
|
137
|
+
- - ">="
|
138
138
|
- !ruby/object:Gem::Version
|
139
|
-
version: '0
|
139
|
+
version: '0'
|
140
140
|
- !ruby/object:Gem::Dependency
|
141
141
|
name: rubocop
|
142
142
|
requirement: !ruby/object:Gem::Requirement
|
143
143
|
requirements:
|
144
|
-
- - "
|
144
|
+
- - ">="
|
145
145
|
- !ruby/object:Gem::Version
|
146
|
-
version: '0
|
146
|
+
version: '0'
|
147
147
|
type: :development
|
148
148
|
prerelease: false
|
149
149
|
version_requirements: !ruby/object:Gem::Requirement
|
150
150
|
requirements:
|
151
|
-
- - "
|
151
|
+
- - ">="
|
152
152
|
- !ruby/object:Gem::Version
|
153
|
-
version: '0
|
153
|
+
version: '0'
|
154
154
|
- !ruby/object:Gem::Dependency
|
155
|
-
name:
|
155
|
+
name: pry
|
156
156
|
requirement: !ruby/object:Gem::Requirement
|
157
157
|
requirements:
|
158
|
-
- - "
|
158
|
+
- - ">="
|
159
159
|
- !ruby/object:Gem::Version
|
160
|
-
version: '
|
160
|
+
version: '0'
|
161
161
|
type: :development
|
162
162
|
prerelease: false
|
163
163
|
version_requirements: !ruby/object:Gem::Requirement
|
164
164
|
requirements:
|
165
|
-
- - "
|
165
|
+
- - ">="
|
166
166
|
- !ruby/object:Gem::Version
|
167
|
-
version: '
|
167
|
+
version: '0'
|
168
168
|
description: A Rack Middleware level filter for sensitive data
|
169
169
|
email:
|
170
170
|
- berardialessandro@gmail.com
|
@@ -173,6 +173,9 @@ executables: []
|
|
173
173
|
extensions: []
|
174
174
|
extra_rdoc_files: []
|
175
175
|
files:
|
176
|
+
- ".github/dependabot.yml"
|
177
|
+
- ".github/workflows/release.yml"
|
178
|
+
- ".github/workflows/ruby.yml"
|
176
179
|
- ".gitignore"
|
177
180
|
- ".rspec"
|
178
181
|
- ".rubocop.yml"
|
@@ -186,13 +189,11 @@ files:
|
|
186
189
|
- Rakefile
|
187
190
|
- bin/console
|
188
191
|
- bin/setup
|
189
|
-
- gemfiles/Gemfile.ruby-2.1.rb
|
190
|
-
- gemfiles/Gemfile.ruby-2.2.rb
|
191
192
|
- lib/sensitive_data_filter.rb
|
192
193
|
- lib/sensitive_data_filter/config.rb
|
193
194
|
- lib/sensitive_data_filter/mask.rb
|
194
195
|
- lib/sensitive_data_filter/middleware.rb
|
195
|
-
- lib/sensitive_data_filter/middleware/
|
196
|
+
- lib/sensitive_data_filter/middleware/detect.rb
|
196
197
|
- lib/sensitive_data_filter/middleware/env_parser.rb
|
197
198
|
- lib/sensitive_data_filter/middleware/filter.rb
|
198
199
|
- lib/sensitive_data_filter/middleware/occurrence.rb
|
@@ -214,15 +215,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
214
215
|
requirements:
|
215
216
|
- - ">="
|
216
217
|
- !ruby/object:Gem::Version
|
217
|
-
version: '2.
|
218
|
+
version: '2.6'
|
218
219
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
219
220
|
requirements:
|
220
221
|
- - ">="
|
221
222
|
- !ruby/object:Gem::Version
|
222
223
|
version: '0'
|
223
224
|
requirements: []
|
224
|
-
|
225
|
-
rubygems_version: 2.5.2
|
225
|
+
rubygems_version: 3.2.3
|
226
226
|
signing_key:
|
227
227
|
specification_version: 4
|
228
228
|
summary: Rack Middleware filter for sensitive data
|
@@ -1,10 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
source 'https://rubygems.org'
|
3
|
-
|
4
|
-
# ruby-2.1 compatible gems
|
5
|
-
gem 'rack', '~> 1.4'
|
6
|
-
gem 'activemodel', '>= 3', '< 5'
|
7
|
-
gem 'activesupport', '>= 3', '< 5'
|
8
|
-
|
9
|
-
# Specify your gem's dependencies in sensitive_data_filter.gemspec
|
10
|
-
gemspec path: '../'
|
@@ -1,10 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
source 'https://rubygems.org'
|
3
|
-
|
4
|
-
# ruby-2.2 compatible gems
|
5
|
-
gem 'rack', '~> 1.4'
|
6
|
-
gem 'activemodel', '>= 3', '< 5'
|
7
|
-
gem 'activesupport', '>= 3', '< 5'
|
8
|
-
|
9
|
-
# Specify your gem's dependencies in sensitive_data_filter.gemspec
|
10
|
-
gemspec path: '../'
|
@@ -1,39 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
require 'facets/kernel/present'
|
3
|
-
|
4
|
-
module SensitiveDataFilter
|
5
|
-
module Middleware
|
6
|
-
class EnvFilter
|
7
|
-
attr_reader :occurrence
|
8
|
-
|
9
|
-
def initialize(env)
|
10
|
-
@original_env_parser = EnvParser.new(env)
|
11
|
-
@filtered_env_parser = @original_env_parser.copy
|
12
|
-
@scan = build_scan
|
13
|
-
@filtered_env_parser.mask! if @scan.matches?
|
14
|
-
@occurrence = build_occurrence
|
15
|
-
end
|
16
|
-
|
17
|
-
def filtered_env
|
18
|
-
@filtered_env_parser.env
|
19
|
-
end
|
20
|
-
|
21
|
-
def occurrence?
|
22
|
-
@occurrence.present?
|
23
|
-
end
|
24
|
-
|
25
|
-
private
|
26
|
-
|
27
|
-
def build_occurrence
|
28
|
-
return nil unless @scan.matches?
|
29
|
-
Occurrence.new(@original_env_parser, @filtered_env_parser, @scan.matches)
|
30
|
-
end
|
31
|
-
|
32
|
-
def build_scan
|
33
|
-
SensitiveDataFilter::Scan.new(
|
34
|
-
[@original_env_parser.query_params, @original_env_parser.body_params]
|
35
|
-
)
|
36
|
-
end
|
37
|
-
end
|
38
|
-
end
|
39
|
-
end
|