sensitive_data_filter 0.5.0 → 0.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/dependabot.yml +6 -0
- data/.github/workflows/release.yml +59 -0
- data/.github/workflows/ruby.yml +16 -0
- data/.ruby-version +1 -1
- data/CHANGELOG.md +4 -0
- data/README.md +21 -11
- data/lib/sensitive_data_filter/version.rb +1 -1
- data/sensitive_data_filter.gemspec +2 -2
- metadata +8 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e80564888cb25e531d59e376ef39093e0a00b8405161dc59b484a5359cdb46f8
|
4
|
+
data.tar.gz: 1a7d30a9a35d631fdcba3f1376b1e399ec8e7ae38704a3a15be3186d880c0d01
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 309fe47506bdfce0e80b6f1a329c1190864ccf6314680272e2e7fa8865bae7dfd9c3477667954adcec42377598a0a0d4a80236c071c17fc75c4fce292e8b46f4
|
7
|
+
data.tar.gz: d7b06b4b6d4f7f2c48af21a584bcd81166881dcc37a83e51de79b743348a12e0495746f6ef0595881dd4640e0f08a700580272a1915dc7db62fe90d6579d3003
|
@@ -0,0 +1,59 @@
|
|
1
|
+
name: Release
|
2
|
+
|
3
|
+
on:
|
4
|
+
push:
|
5
|
+
tags:
|
6
|
+
- "v*"
|
7
|
+
|
8
|
+
jobs:
|
9
|
+
build:
|
10
|
+
name: Build
|
11
|
+
runs-on: ubuntu-latest
|
12
|
+
steps:
|
13
|
+
- name: Checkout
|
14
|
+
uses: actions/checkout@v2
|
15
|
+
- uses: ruby/setup-ruby@v1
|
16
|
+
with:
|
17
|
+
bundler-cache: true
|
18
|
+
- run: bundle exec rake
|
19
|
+
|
20
|
+
release:
|
21
|
+
needs: build
|
22
|
+
name: Release
|
23
|
+
runs-on: ubuntu-latest
|
24
|
+
steps:
|
25
|
+
- name: Checkout
|
26
|
+
uses: actions/checkout@v2
|
27
|
+
|
28
|
+
- name: Generate Changelog
|
29
|
+
run: |
|
30
|
+
# Get version from github ref (remove 'refs/tags/' and prefix 'v')
|
31
|
+
version="${GITHUB_REF#refs/tags/v}"
|
32
|
+
npx changelog-parser CHANGELOG.md | jq -cr ".versions | .[] | select(.version == \"$version\") | .body" > ${{ github.workflow }}-CHANGELOG.txt
|
33
|
+
|
34
|
+
- name: Release
|
35
|
+
uses: softprops/action-gh-release@v1
|
36
|
+
with:
|
37
|
+
body_path: ${{ github.workflow }}-CHANGELOG.txt
|
38
|
+
env:
|
39
|
+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
40
|
+
|
41
|
+
publish:
|
42
|
+
needs: [build, release]
|
43
|
+
name: Publish
|
44
|
+
runs-on: ubuntu-latest
|
45
|
+
|
46
|
+
steps:
|
47
|
+
- uses: actions/checkout@v2
|
48
|
+
- uses: ruby/setup-ruby@v1
|
49
|
+
|
50
|
+
- name: Publish to RubyGems
|
51
|
+
run: |
|
52
|
+
mkdir -p $HOME/.gem
|
53
|
+
touch $HOME/.gem/credentials
|
54
|
+
chmod 0600 $HOME/.gem/credentials
|
55
|
+
printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
|
56
|
+
gem build *.gemspec
|
57
|
+
gem push *.gem
|
58
|
+
env:
|
59
|
+
GEM_HOST_API_KEY: "${{secrets.RUBYGEMS_AUTH_TOKEN}}"
|
@@ -0,0 +1,16 @@
|
|
1
|
+
name: Build and Test
|
2
|
+
on: [push, pull_request]
|
3
|
+
jobs:
|
4
|
+
test:
|
5
|
+
strategy:
|
6
|
+
fail-fast: false
|
7
|
+
matrix:
|
8
|
+
ruby: ["2.6", "2.7", "3.0"]
|
9
|
+
runs-on: ubuntu-latest
|
10
|
+
steps:
|
11
|
+
- uses: actions/checkout@v2
|
12
|
+
- uses: ruby/setup-ruby@v1
|
13
|
+
with:
|
14
|
+
ruby-version: ${{ matrix.ruby }}
|
15
|
+
bundler-cache: true
|
16
|
+
- run: bundle exec rake
|
data/.ruby-version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
|
1
|
+
3.0.0
|
data/CHANGELOG.md
CHANGED
@@ -3,6 +3,10 @@ All notable changes to this project will be documented in this file.
|
|
3
3
|
This project adheres to [Semantic Versioning](http://semver.org/).
|
4
4
|
This changelog adheres to [Keep a CHANGELOG](http://keepachangelog.com/).
|
5
5
|
|
6
|
+
## 0.6.0
|
7
|
+
|
8
|
+
- [TT-8626] Update to build with github actions / ruby 3.0 / rails 6.1
|
9
|
+
|
6
10
|
## [0.5.0]
|
7
11
|
- [TT-5815] Relax version dependencies and tested on latest ruby versions
|
8
12
|
|
data/README.md
CHANGED
@@ -1,9 +1,8 @@
|
|
1
1
|
# SensitiveDataFilter
|
2
2
|
|
3
3
|
[![Gem Version](https://badge.fury.io/rb/sensitive_data_filter.svg)](http://badge.fury.io/rb/sensitive_data_filter)
|
4
|
-
[![Build Status](https://
|
4
|
+
[![Build Status](https://github.com/sealink/sensitive_data_filter/workflows/Build%20and%20Test/badge.svg?branch=master)](https://github.com/sealink/sensitive_data_filter/actions)
|
5
5
|
[![Coverage Status](https://coveralls.io/repos/sealink/sensitive_data_filter/badge.svg)](https://coveralls.io/r/sealink/sensitive_data_filter)
|
6
|
-
[![Dependency Status](https://gemnasium.com/sealink/sensitive_data_filter.svg)](https://gemnasium.com/sealink/sensitive_data_filter)
|
7
6
|
[![Code Climate](https://codeclimate.com/github/sealink/sensitive_data_filter/badges/gpa.svg)](https://codeclimate.com/github/sealink/sensitive_data_filter)
|
8
7
|
|
9
8
|
A Rack Middleware filter for sensitive data
|
@@ -37,7 +36,7 @@ E.g. for Rails, add the following in application.rb
|
|
37
36
|
config.middleware.insert_before 'ActionDispatch::ParamsParser', SensitiveDataFilter::Middleware::Filter
|
38
37
|
```
|
39
38
|
|
40
|
-
To ensure that no sensitive data is accessed at any level of the stack, insert the middleware at the top of the stack.
|
39
|
+
To ensure that no sensitive data is accessed at any level of the stack, insert the middleware at the top of the stack.
|
41
40
|
|
42
41
|
E.g.
|
43
42
|
|
@@ -49,7 +48,7 @@ config.middleware.insert_before 0, SensitiveDataFilter::Middleware::Filter
|
|
49
48
|
#### Important note for Rails
|
50
49
|
|
51
50
|
Rails logs the URI of the request in ``Rails::Rack::Logger``. At this point of the stack, Rails generally has not yet set the session in the env.
|
52
|
-
If you insert the sensitive data filtering middleware before this middleware you will prevent sensitive data from appearing in the logs,
|
51
|
+
If you insert the sensitive data filtering middleware before this middleware you will prevent sensitive data from appearing in the logs,
|
53
52
|
but you will not have access to the session via the occurrence or the env in the occurrence handling block.
|
54
53
|
|
55
54
|
### Configuration
|
@@ -57,7 +56,7 @@ but you will not have access to the session via the occurrence or the env in the
|
|
57
56
|
```ruby
|
58
57
|
SensitiveDataFilter.config do |config|
|
59
58
|
config.enable_types :credit_card # Already defaults to :credit_card if not specified
|
60
|
-
config.on_occurrence do |occurrence|
|
59
|
+
config.on_occurrence do |occurrence|
|
61
60
|
# Report occurrence
|
62
61
|
end
|
63
62
|
config.whitelist pattern1, pattern2 # Allows specifying patterns to whitelist matches
|
@@ -83,7 +82,7 @@ An occurrence object has the following properties:
|
|
83
82
|
* changeset: the modified rack env variables
|
84
83
|
|
85
84
|
It also exposes `to_h` and `to_s` methods for hash and string representation respectively.
|
86
|
-
Please note that these representations omit sensitive data,
|
85
|
+
Please note that these representations omit sensitive data,
|
87
86
|
i.e. `original_query_params`, `original_body_params` and `matches` are not included.
|
88
87
|
|
89
88
|
#### Important Notes
|
@@ -106,10 +105,10 @@ filtered_body_params = if @occurrence.filtered_body_params.is_a? Hash
|
|
106
105
|
|
107
106
|
#### Whitelisting
|
108
107
|
|
109
|
-
A list of whitelisting patterns can be passed to `config.whitelist`.
|
108
|
+
A list of whitelisting patterns can be passed to `config.whitelist`.
|
110
109
|
Any sensitive data match which also matches any of these patterns will be ignored.
|
111
110
|
|
112
|
-
A list of whitelisting patterns can be passed to `config.whitelist_key`.
|
111
|
+
A list of whitelisting patterns can be passed to `config.whitelist_key`.
|
113
112
|
When scanning and matching hashes, any value whose key matches any of these patterns will be ignored.
|
114
113
|
|
115
114
|
#### Parameter Parsing
|
@@ -119,9 +118,9 @@ The arguments for `config.register_parser` are:
|
|
119
118
|
* a pattern to match the content type
|
120
119
|
* a parser for the parameters
|
121
120
|
* an unparser to convert parameters back to the encoded format
|
122
|
-
|
121
|
+
|
123
122
|
The parser and unparser must be objects that respond to `call` and accept the parameters as an argument (e.g. procs or lambdas).
|
124
|
-
The parser should handle parsing exceptions gracefully by returning the arguments.
|
123
|
+
The parser should handle parsing exceptions gracefully by returning the arguments.
|
125
124
|
This ensures that sensitive data scanning and masking is applied on the raw parameters.
|
126
125
|
|
127
126
|
## Development
|
@@ -130,6 +129,18 @@ After checking out the repo, run `bin/setup` to install dependencies. Then, run
|
|
130
129
|
|
131
130
|
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
132
131
|
|
132
|
+
## Release
|
133
|
+
|
134
|
+
To publish a new version of this gem the following steps must be taken.
|
135
|
+
|
136
|
+
* Update the version in the following files
|
137
|
+
```
|
138
|
+
CHANGELOG.md
|
139
|
+
lib/sensitive_data_filter/version.rb
|
140
|
+
````
|
141
|
+
* Create a tag using the format v0.1.0
|
142
|
+
* Follow build progress in GitHub actions
|
143
|
+
|
133
144
|
## Contributing
|
134
145
|
|
135
146
|
Bug reports and pull requests are welcome on GitHub at https://github.com/sealink/sensitive_data_filter. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
|
@@ -138,4 +149,3 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/sealin
|
|
138
149
|
## License
|
139
150
|
|
140
151
|
The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
|
141
|
-
|
@@ -21,7 +21,7 @@ Gem::Specification.new do |spec|
|
|
21
21
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
22
22
|
spec.require_paths = ['lib']
|
23
23
|
|
24
|
-
spec.required_ruby_version = '>= 2.
|
24
|
+
spec.required_ruby_version = '>= 2.6'
|
25
25
|
|
26
26
|
spec.add_dependency 'rack'
|
27
27
|
spec.add_dependency 'facets'
|
@@ -34,5 +34,5 @@ Gem::Specification.new do |spec|
|
|
34
34
|
spec.add_development_dependency 'simplecov-rcov'
|
35
35
|
spec.add_development_dependency 'coveralls'
|
36
36
|
spec.add_development_dependency 'rubocop'
|
37
|
-
spec.add_development_dependency '
|
37
|
+
spec.add_development_dependency 'pry'
|
38
38
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sensitive_data_filter
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.6.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Alessandro Berardi
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: exe
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2021-01-06 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rack
|
@@ -152,7 +152,7 @@ dependencies:
|
|
152
152
|
- !ruby/object:Gem::Version
|
153
153
|
version: '0'
|
154
154
|
- !ruby/object:Gem::Dependency
|
155
|
-
name:
|
155
|
+
name: pry
|
156
156
|
requirement: !ruby/object:Gem::Requirement
|
157
157
|
requirements:
|
158
158
|
- - ">="
|
@@ -173,6 +173,9 @@ executables: []
|
|
173
173
|
extensions: []
|
174
174
|
extra_rdoc_files: []
|
175
175
|
files:
|
176
|
+
- ".github/dependabot.yml"
|
177
|
+
- ".github/workflows/release.yml"
|
178
|
+
- ".github/workflows/ruby.yml"
|
176
179
|
- ".gitignore"
|
177
180
|
- ".rspec"
|
178
181
|
- ".rubocop.yml"
|
@@ -212,14 +215,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
212
215
|
requirements:
|
213
216
|
- - ">="
|
214
217
|
- !ruby/object:Gem::Version
|
215
|
-
version: '2.
|
218
|
+
version: '2.6'
|
216
219
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
217
220
|
requirements:
|
218
221
|
- - ">="
|
219
222
|
- !ruby/object:Gem::Version
|
220
223
|
version: '0'
|
221
224
|
requirements: []
|
222
|
-
rubygems_version: 3.
|
225
|
+
rubygems_version: 3.2.3
|
223
226
|
signing_key:
|
224
227
|
specification_version: 4
|
225
228
|
summary: Rack Middleware filter for sensitive data
|