sensitive_data_filter 0.3.0 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/README.md +1 -1
- data/lib/sensitive_data_filter/middleware/detect.rb +28 -0
- data/lib/sensitive_data_filter/middleware/env_parser.rb +11 -5
- data/lib/sensitive_data_filter/middleware/filter.rb +10 -6
- data/lib/sensitive_data_filter/middleware/occurrence.rb +11 -7
- data/lib/sensitive_data_filter/middleware.rb +2 -1
- data/lib/sensitive_data_filter/version.rb +1 -1
- data/sensitive_data_filter.gemspec +2 -2
- metadata +7 -7
- data/lib/sensitive_data_filter/middleware/env_filter.rb +0 -39
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6cce4248617024392c3ae4361addc7aba426cc1a
|
|
4
|
+
data.tar.gz: 63bfa17fd66e237d54e549b5fda77f66d2c809a7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fc9f481f0ed4edd51af68e2d0e02ecb8bebf1e67bdd6e1d845373ee6bbf19260e384df5356364dad8ad95e60c9a6698885a6d4da98f937af61ef0e77e63a735a
|
|
7
|
+
data.tar.gz: ee718699451224d75f88ad945c27aa6cdf32a1892b6e9bf6b3a584c2c33f768c757603605c2d91d5512b68b578efe12ddb2d8ee7d5ec054a865eff1cb48bb691
|
data/CHANGELOG.md
CHANGED
|
@@ -3,6 +3,12 @@ All notable changes to this project will be documented in this file.
|
|
|
3
3
|
This project adheres to [Semantic Versioning](http://semver.org/).
|
|
4
4
|
This changelog adheres to [Keep a CHANGELOG](http://keepachangelog.com/).
|
|
5
5
|
|
|
6
|
+
## [0.4.0] - 2018-01-18
|
|
7
|
+
### Changed
|
|
8
|
+
- [TT-3520] No longer clone the "env" middleware variable
|
|
9
|
+
- [TT-3521] filter action dispatch parameter fields
|
|
10
|
+
- [TT-3523] Update gem dependencies
|
|
11
|
+
|
|
6
12
|
## [0.3.0] - 2016-12-28
|
|
7
13
|
### Changed
|
|
8
14
|
- Allows whitelisting hash values based on the key
|
data/README.md
CHANGED
|
@@ -80,7 +80,7 @@ An occurrence object has the following properties:
|
|
|
80
80
|
* matches: the matched sensitive data
|
|
81
81
|
* matches_count: the number of matches per data type, e.g. { 'CreditCard' => 1 }
|
|
82
82
|
* original_env: the original unfiltered Rack env
|
|
83
|
-
*
|
|
83
|
+
* changeset: the modified rack env variables
|
|
84
84
|
|
|
85
85
|
It also exposes `to_h` and `to_s` methods for hash and string representation respectively.
|
|
86
86
|
Please note that these representations omit sensitive data,
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
module SensitiveDataFilter
|
|
2
|
+
module Middleware
|
|
3
|
+
class Detect
|
|
4
|
+
def initialize(filter)
|
|
5
|
+
@filter = filter
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
def call
|
|
9
|
+
changeset = nil
|
|
10
|
+
scan = run_scan
|
|
11
|
+
if scan.matches?
|
|
12
|
+
changeset = OpenStruct.new(SensitiveDataFilter::Middleware::FILTERABLE.each_with_object({}) { |filterable, hash|
|
|
13
|
+
hash[filterable.to_s] = SensitiveDataFilter::Mask.mask(@filter.send(filterable))
|
|
14
|
+
})
|
|
15
|
+
end
|
|
16
|
+
[changeset, scan]
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
private
|
|
20
|
+
|
|
21
|
+
def run_scan
|
|
22
|
+
SensitiveDataFilter::Scan.new(
|
|
23
|
+
SensitiveDataFilter::Middleware::FILTERABLE.map { |filterable| @filter.send(filterable) }
|
|
24
|
+
)
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
|
@@ -6,6 +6,7 @@ module SensitiveDataFilter
|
|
|
6
6
|
class EnvParser
|
|
7
7
|
QUERY_STRING = 'QUERY_STRING'.freeze
|
|
8
8
|
RACK_INPUT = 'rack.input'.freeze
|
|
9
|
+
REQUEST_PARAMS = 'action_dispatch.request.request_parameters'.freeze
|
|
9
10
|
|
|
10
11
|
extend Forwardable
|
|
11
12
|
|
|
@@ -28,6 +29,10 @@ module SensitiveDataFilter
|
|
|
28
29
|
@parameter_parser.parse(body)
|
|
29
30
|
end
|
|
30
31
|
|
|
32
|
+
def request_params
|
|
33
|
+
@env[REQUEST_PARAMS]
|
|
34
|
+
end
|
|
35
|
+
|
|
31
36
|
def query_params=(new_params)
|
|
32
37
|
@env[QUERY_STRING] = Rack::Utils.build_query(new_params)
|
|
33
38
|
end
|
|
@@ -36,13 +41,14 @@ module SensitiveDataFilter
|
|
|
36
41
|
@env[RACK_INPUT] = StringIO.new @parameter_parser.unparse(new_params)
|
|
37
42
|
end
|
|
38
43
|
|
|
39
|
-
def
|
|
40
|
-
|
|
44
|
+
def request_params=(new_params)
|
|
45
|
+
@env[REQUEST_PARAMS] = new_params
|
|
41
46
|
end
|
|
42
47
|
|
|
43
|
-
def
|
|
44
|
-
|
|
45
|
-
|
|
48
|
+
def mutate(mutation)
|
|
49
|
+
SensitiveDataFilter::Middleware::FILTERABLE.each do |filterable|
|
|
50
|
+
self.send("#{filterable}=", mutation.send(filterable))
|
|
51
|
+
end
|
|
46
52
|
end
|
|
47
53
|
|
|
48
54
|
def_delegators :@request, :ip, :request_method, :url, :content_type, :session
|
|
@@ -7,16 +7,20 @@ module SensitiveDataFilter
|
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
def call(env)
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
10
|
+
original_env = EnvParser.new(env)
|
|
11
|
+
changeset, scan = Detect.new(original_env).call
|
|
12
|
+
unless changeset.nil?
|
|
13
|
+
handle_occurrence(original_env, changeset, scan)
|
|
14
|
+
original_env.mutate(changeset)
|
|
15
|
+
end
|
|
16
|
+
@app.call(env)
|
|
13
17
|
end
|
|
14
18
|
|
|
15
19
|
private
|
|
16
20
|
|
|
17
|
-
def handle_occurrence(
|
|
18
|
-
|
|
19
|
-
SensitiveDataFilter.handle_occurrence
|
|
21
|
+
def handle_occurrence(filter, changeset, scan)
|
|
22
|
+
occurence = Occurrence.new(filter, changeset, scan.matches)
|
|
23
|
+
SensitiveDataFilter.handle_occurrence(occurence)
|
|
20
24
|
end
|
|
21
25
|
end
|
|
22
26
|
end
|
|
@@ -9,9 +9,9 @@ module SensitiveDataFilter
|
|
|
9
9
|
|
|
10
10
|
attr_reader :matches
|
|
11
11
|
|
|
12
|
-
def initialize(original_env_parser,
|
|
12
|
+
def initialize(original_env_parser, changeset, matches)
|
|
13
13
|
@original_env_parser = original_env_parser
|
|
14
|
-
@
|
|
14
|
+
@changeset = changeset
|
|
15
15
|
@matches = matches
|
|
16
16
|
end
|
|
17
17
|
|
|
@@ -28,22 +28,26 @@ module SensitiveDataFilter
|
|
|
28
28
|
end
|
|
29
29
|
|
|
30
30
|
def filtered_query_params
|
|
31
|
-
@
|
|
31
|
+
@changeset.query_params
|
|
32
32
|
end
|
|
33
33
|
|
|
34
34
|
def filtered_body_params
|
|
35
|
-
@
|
|
35
|
+
@changeset.body_params
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
def changeset
|
|
39
|
+
@changeset
|
|
36
40
|
end
|
|
37
41
|
|
|
38
42
|
def original_env
|
|
39
43
|
@original_env_parser.env
|
|
40
44
|
end
|
|
41
45
|
|
|
42
|
-
def
|
|
43
|
-
@
|
|
46
|
+
def url
|
|
47
|
+
SensitiveDataFilter::Mask.mask(@original_env_parser.url)
|
|
44
48
|
end
|
|
45
49
|
|
|
46
|
-
def_delegators :@
|
|
50
|
+
def_delegators :@original_env_parser, :request_method, :content_type, :session
|
|
47
51
|
|
|
48
52
|
def matches_count
|
|
49
53
|
@matches.map { |type, matches| [type, matches.count] }.to_h
|
|
@@ -1,11 +1,12 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
module SensitiveDataFilter
|
|
3
3
|
module Middleware
|
|
4
|
+
FILTERABLE = %i(query_params body_params request_params).freeze
|
|
4
5
|
end
|
|
5
6
|
end
|
|
6
7
|
|
|
7
8
|
require 'sensitive_data_filter/middleware/parameter_parser'
|
|
8
9
|
require 'sensitive_data_filter/middleware/env_parser'
|
|
9
10
|
require 'sensitive_data_filter/middleware/occurrence'
|
|
10
|
-
require 'sensitive_data_filter/middleware/
|
|
11
|
+
require 'sensitive_data_filter/middleware/detect'
|
|
11
12
|
require 'sensitive_data_filter/middleware/filter'
|
|
@@ -25,7 +25,7 @@ Gem::Specification.new do |spec|
|
|
|
25
25
|
|
|
26
26
|
spec.add_dependency 'rack', '>= 1.4'
|
|
27
27
|
spec.add_dependency 'facets', '~> 3.1'
|
|
28
|
-
spec.add_dependency 'credit_card_validations', '~> 3.
|
|
28
|
+
spec.add_dependency 'credit_card_validations', '~> 3.4'
|
|
29
29
|
|
|
30
30
|
spec.add_development_dependency 'bundler', '~> 1.13'
|
|
31
31
|
spec.add_development_dependency 'rake', '~> 10.0'
|
|
@@ -33,6 +33,6 @@ Gem::Specification.new do |spec|
|
|
|
33
33
|
spec.add_development_dependency 'coverage-kit', '~> 0.1'
|
|
34
34
|
spec.add_development_dependency 'simplecov-rcov', '~> 0.2'
|
|
35
35
|
spec.add_development_dependency 'coveralls', '~> 0.8'
|
|
36
|
-
spec.add_development_dependency 'rubocop', '~> 0.
|
|
36
|
+
spec.add_development_dependency 'rubocop', '~> 0.52'
|
|
37
37
|
spec.add_development_dependency 'travis', '~> 1.8'
|
|
38
38
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sensitive_data_filter
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alessandro Berardi
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: exe
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2018-01-19 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: rack
|
|
@@ -45,14 +45,14 @@ dependencies:
|
|
|
45
45
|
requirements:
|
|
46
46
|
- - "~>"
|
|
47
47
|
- !ruby/object:Gem::Version
|
|
48
|
-
version: '3.
|
|
48
|
+
version: '3.4'
|
|
49
49
|
type: :runtime
|
|
50
50
|
prerelease: false
|
|
51
51
|
version_requirements: !ruby/object:Gem::Requirement
|
|
52
52
|
requirements:
|
|
53
53
|
- - "~>"
|
|
54
54
|
- !ruby/object:Gem::Version
|
|
55
|
-
version: '3.
|
|
55
|
+
version: '3.4'
|
|
56
56
|
- !ruby/object:Gem::Dependency
|
|
57
57
|
name: bundler
|
|
58
58
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -143,14 +143,14 @@ dependencies:
|
|
|
143
143
|
requirements:
|
|
144
144
|
- - "~>"
|
|
145
145
|
- !ruby/object:Gem::Version
|
|
146
|
-
version: '0.
|
|
146
|
+
version: '0.52'
|
|
147
147
|
type: :development
|
|
148
148
|
prerelease: false
|
|
149
149
|
version_requirements: !ruby/object:Gem::Requirement
|
|
150
150
|
requirements:
|
|
151
151
|
- - "~>"
|
|
152
152
|
- !ruby/object:Gem::Version
|
|
153
|
-
version: '0.
|
|
153
|
+
version: '0.52'
|
|
154
154
|
- !ruby/object:Gem::Dependency
|
|
155
155
|
name: travis
|
|
156
156
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -192,7 +192,7 @@ files:
|
|
|
192
192
|
- lib/sensitive_data_filter/config.rb
|
|
193
193
|
- lib/sensitive_data_filter/mask.rb
|
|
194
194
|
- lib/sensitive_data_filter/middleware.rb
|
|
195
|
-
- lib/sensitive_data_filter/middleware/
|
|
195
|
+
- lib/sensitive_data_filter/middleware/detect.rb
|
|
196
196
|
- lib/sensitive_data_filter/middleware/env_parser.rb
|
|
197
197
|
- lib/sensitive_data_filter/middleware/filter.rb
|
|
198
198
|
- lib/sensitive_data_filter/middleware/occurrence.rb
|
|
@@ -1,39 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
require 'facets/kernel/present'
|
|
3
|
-
|
|
4
|
-
module SensitiveDataFilter
|
|
5
|
-
module Middleware
|
|
6
|
-
class EnvFilter
|
|
7
|
-
attr_reader :occurrence
|
|
8
|
-
|
|
9
|
-
def initialize(env)
|
|
10
|
-
@original_env_parser = EnvParser.new(env)
|
|
11
|
-
@filtered_env_parser = @original_env_parser.copy
|
|
12
|
-
@scan = build_scan
|
|
13
|
-
@filtered_env_parser.mask! if @scan.matches?
|
|
14
|
-
@occurrence = build_occurrence
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
def filtered_env
|
|
18
|
-
@filtered_env_parser.env
|
|
19
|
-
end
|
|
20
|
-
|
|
21
|
-
def occurrence?
|
|
22
|
-
@occurrence.present?
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
private
|
|
26
|
-
|
|
27
|
-
def build_occurrence
|
|
28
|
-
return nil unless @scan.matches?
|
|
29
|
-
Occurrence.new(@original_env_parser, @filtered_env_parser, @scan.matches)
|
|
30
|
-
end
|
|
31
|
-
|
|
32
|
-
def build_scan
|
|
33
|
-
SensitiveDataFilter::Scan.new(
|
|
34
|
-
[@original_env_parser.query_params, @original_env_parser.body_params]
|
|
35
|
-
)
|
|
36
|
-
end
|
|
37
|
-
end
|
|
38
|
-
end
|
|
39
|
-
end
|