sentry-sanitizer 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: d2531529a81144119d0073bb8cadf32b44b98bf7704e78e5bdb7005db626a57b
4
+ data.tar.gz: 0cad872dcaff97f50a97739794b9c625bcad81aad616c6fb2f59b568fd3b938c
5
+ SHA512:
6
+ metadata.gz: 9ecae6a901360c2a74f81e4d682ce6531bd98bf411aa6a68b84617b85dec1d90bcec41c730a4dfecc2e534afc8676ddeb3247c24b5f33e5dbb6f0e230bbed354
7
+ data.tar.gz: ec6e59364de9fd75d8a02f879c4449259ecbd4e895f9bcfe35d3be8cde4b5907aab4e9f3af634b5deee2c8137e2fd50c624c7960bf0978005ee30a4f22f38ffb
data/.gitignore ADDED
@@ -0,0 +1,11 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /_yardoc/
4
+ /coverage/
5
+ /doc/
6
+ /pkg/
7
+ /spec/reports/
8
+ /tmp/
9
+
10
+ # rspec failure tracking
11
+ .rspec_status
data/.rspec ADDED
@@ -0,0 +1,3 @@
1
+ --format documentation
2
+ --color
3
+ --require spec_helper
data/.travis.yml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ sudo: false
3
+ language: ruby
4
+ cache: bundler
5
+ rvm:
6
+ - 2.6.3
7
+ before_install: gem install bundler -v 1.17.2
data/Gemfile ADDED
@@ -0,0 +1,6 @@
1
+ source "https://rubygems.org"
2
+
3
+ git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
4
+
5
+ # Specify your gem's dependencies in sentry-sanitizer.gemspec
6
+ gemspec
data/LICENSE.txt ADDED
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2021 Valentine Kiselev
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,39 @@
1
+ # Sentry::Sanitizer
2
+
3
+ Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/sentry/sanitizer`. To experiment with that code, run `bin/console` for an interactive prompt.
4
+
5
+ TODO: Delete this and the text above, and describe your gem
6
+
7
+ ## Installation
8
+
9
+ Add this line to your application's Gemfile:
10
+
11
+ ```ruby
12
+ gem 'sentry-sanitizer'
13
+ ```
14
+
15
+ And then execute:
16
+
17
+ $ bundle
18
+
19
+ Or install it yourself as:
20
+
21
+ $ gem install sentry-sanitizer
22
+
23
+ ## Usage
24
+
25
+ TODO: Write usage instructions here
26
+
27
+ ## Development
28
+
29
+ After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
30
+
31
+ To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
32
+
33
+ ## Contributing
34
+
35
+ Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/sentry-sanitizer.
36
+
37
+ ## License
38
+
39
+ The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
data/Rakefile ADDED
@@ -0,0 +1,9 @@
1
+ require "bundler/gem_tasks"
2
+ require "rspec/core/rake_task"
3
+
4
+ require "bundler/gem_helper"
5
+ Bundler::GemHelper.install_tasks(name: "sentry-sanitizer")
6
+
7
+ RSpec::Core::RakeTask.new(:spec)
8
+
9
+ task :default => :spec
data/bin/console ADDED
@@ -0,0 +1,14 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "bundler/setup"
4
+ require "sentry/sanitizer"
5
+
6
+ # You can add fixtures and/or initialization code here to make experimenting
7
+ # with your gem easier. You can also use a different console, if you like.
8
+
9
+ # (If you use this, don't forget to add pry to your Gemfile!)
10
+ # require "pry"
11
+ # Pry.start
12
+
13
+ require "irb"
14
+ IRB.start(__FILE__)
data/bin/setup ADDED
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+ set -vx
5
+
6
+ bundle install
7
+
8
+ # Do any other automated setup that you need to do here
@@ -0,0 +1,2 @@
1
+ require 'sentry/sanitizer/version'
2
+ require 'sentry/sanitizer'
@@ -0,0 +1,11 @@
1
+ require 'sentry-ruby'
2
+ require 'sentry/integrable'
3
+ require 'sentry/sanitizer/configuration'
4
+
5
+ module Sentry
6
+ module Sanitizer
7
+ extend Integrable
8
+
9
+ register_integration name: 'sanitizer', version: Sentry::Sanitizer::VERSION
10
+ end
11
+ end
@@ -0,0 +1,109 @@
1
+ module Sentry
2
+ module Sanitizer
3
+ class Cleaner
4
+ HOOK = ->(event, hint) do
5
+ Sentry::Sanitizer::Cleaner.new(Sentry.configuration.sanitize).call(event)
6
+
7
+ event
8
+ end.freeze
9
+
10
+ DEFAULT_MASK = '[FILTERED]'.freeze
11
+ DEFAULT_SENSITIVE_HEADERS = %w[
12
+ Authorization
13
+ X-Xsrf-Token
14
+ ].freeze
15
+
16
+ private_constant :SENSITIVE_HEADERS
17
+
18
+ def initialize(config)
19
+ @fields = config.fields || []
20
+ @http_headers = config.http_headers || []
21
+ @cookies = config.cookies || false
22
+ end
23
+
24
+ def call(event)
25
+ if event.is_a?(Sentry::Event)
26
+ event.request = sanitize_request(event.request) if event.request
27
+ event.extra = sanitize_hash(event.extra) if event.extra
28
+ end
29
+ end
30
+
31
+ def sanitize_request(request)
32
+ request.data = sanitize_hash(request.data) if fields
33
+ request.headers = sanitize_headers(request.headers) if http_headers
34
+ request.cookies = sanitize_cookies(request.cookies) if cookies
35
+ end
36
+
37
+ def sanitize_hash(hash)
38
+ return if hash.blank?
39
+
40
+ sanitize_value(hash, nil)
41
+ end
42
+
43
+ private
44
+
45
+ attr_reader :fields, :http_headers, :cookies
46
+
47
+ # Sanitize specified headers
48
+ def sanitize_headers(headers)
49
+ headers.keys.select { |key| key.match?(sensitive_headers) }.each do |key|
50
+ headers[key] = DEFAULT_MASK
51
+ end
52
+
53
+ headers
54
+ end
55
+
56
+ # Sanitize all cookies
57
+ def sanitize_cookies(cookies)
58
+ cookies.transform_values { DEFAULT_MASK }
59
+ end
60
+
61
+ def sanitize_value(value, key)
62
+ case value
63
+ when Hash
64
+ sanitize_hash(key, value)
65
+ when Array
66
+ sanitize_array(key, value)
67
+ when String
68
+ sanitize_string(key, value)
69
+ else
70
+ value
71
+ end
72
+ end
73
+
74
+ def sanitize_hash(key, value)
75
+ if key&.match?(sensitive_fields)
76
+ DEFAULT_MASK
77
+ elsif value.frozen?
78
+ value.merge(value) { |k, v| sanitize_value(v, k) }
79
+ else
80
+ value.merge!(value) { |k, v| sanitize_value(v, k) }
81
+ end
82
+ end
83
+
84
+ def sanitize_array(key, value)
85
+ if value.frozen?
86
+ value.map { |val| sanitize_value(val, key) }
87
+ else
88
+ value.map! { |val| sanitize_value(val, key) }
89
+ end
90
+ end
91
+
92
+ def sanitize_string(key, value)
93
+ key&.match?(sensitive_fields) ? DEFAULT_MASK : value
94
+ end
95
+
96
+ def sensitive_fields
97
+ @sensitive_fields ||= sensitive_regexp(fields)
98
+ end
99
+
100
+ def sensitive_headers
101
+ @sensitive_headers ||= sensitive_regexp(DEFAULT_SENSITIVE_HEADERS | http_headers)
102
+ end
103
+
104
+ def sensitive_regexp(fields)
105
+ Regexp.new(fields.map { |field| "\\b#{field}\\b" }.join('|'), 'i')
106
+ end
107
+ end
108
+ end
109
+ end
@@ -0,0 +1,64 @@
1
+ require 'sentry/sanitizer/cleaner'
2
+
3
+ module Sentry
4
+ # Monkey-patching Sentry::Configuration
5
+ class Configuration
6
+ # Allow adding multiple hooks for this extension
7
+ def before_send=(value)
8
+ super
9
+
10
+ return value if value == false
11
+
12
+ @before_send_hook_list ||= []
13
+ @before_send_hook_list << value
14
+
15
+ @before_send = ->(event, hint) {
16
+ @before_send_hook_list.each do |hook|
17
+ event = hook.call(event, hint)
18
+ end
19
+ }
20
+ end
21
+
22
+ def sanitize
23
+ @sanitize ||= Sentry::Sanitizer::Configuration.new
24
+ end
25
+
26
+ def sanitize_fields=(fields)
27
+ unless fields.is_a? Array
28
+ raise ArgumentError, 'sanitize_fields must be array'
29
+ end
30
+
31
+ sanitize.fields = fields
32
+ end
33
+
34
+ def sanitize_http_headers(headers)
35
+ unless headers.is_a? Array
36
+ raise ArgumentError, 'sanitize_http_headers must be array'
37
+ end
38
+
39
+ sanitize.http_headers = headers
40
+ end
41
+
42
+ def sanitize_cookies(cookies)
43
+ unless [TrueClass, FalseClass].include?(cookies.class)
44
+ raise ArgumentError, 'sanitize_cookies must be boolean'
45
+ end
46
+
47
+ sanitize.cookies = cookies
48
+ end
49
+
50
+ add_post_initialization_callback do
51
+ self.before_send = Sentry::Sanitizer::Cleaner::HOOK if sanitize.configured?
52
+ end
53
+ end
54
+
55
+ module Sanitizer
56
+ class Configuration
57
+ attr_accessor :fields, :http_headers, :cookies
58
+
59
+ def configured?
60
+ [fields, http_headers, cookies].any? { |setting| !setting.nil? }
61
+ end
62
+ end
63
+ end
64
+ end
@@ -0,0 +1,5 @@
1
+ module Sentry
2
+ module Sanitizer
3
+ VERSION = "0.1.0"
4
+ end
5
+ end
@@ -0,0 +1,35 @@
1
+ # frozen_string_literal: true
2
+
3
+ lib = File.expand_path('lib', __dir__)
4
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
5
+ require 'sentry/sanitizer/version'
6
+
7
+ Gem::Specification.new do |spec|
8
+ spec.name = 'sentry-sanitizer'
9
+ spec.version = Sentry::Sanitizer::VERSION
10
+ spec.authors = ['Valentine Kiselev']
11
+ spec.email = ['mrexox@outlook.com']
12
+
13
+ spec.summary = %q{Sanitizing middleware for sentry-ruby gem}
14
+ spec.description = %q{Add missing sanitizing support for sentry-ruby (previous sentry-rav)}
15
+ spec.homepage = 'https://github.com/mrexox/sentry-sanitizer'
16
+ spec.license = 'BSD'
17
+
18
+ spec.metadata['homepage_uri'] = spec.homepage
19
+ spec.metadata['source_code_uri'] = spec.homepage
20
+ spec.metadata['changelog_uri'] = spec.homepage
21
+
22
+ # Specify which files should be added to the gem when it is released.
23
+ # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
24
+ spec.files = Dir.chdir(File.expand_path(__dir__)) do
25
+ `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
26
+ end
27
+
28
+ spec.require_paths = ['lib']
29
+
30
+ spec.add_development_dependency 'bundler', '>= 1.17'
31
+ spec.add_development_dependency 'rake', '~> 10.0'
32
+ spec.add_development_dependency 'rspec', '~> 3.0'
33
+
34
+ spec.add_runtime_dependency 'sentry-ruby', '~> 4.2.0'
35
+ end
metadata ADDED
@@ -0,0 +1,117 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: sentry-sanitizer
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Valentine Kiselev
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2021-02-05 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '1.17'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '1.17'
27
+ - !ruby/object:Gem::Dependency
28
+ name: rake
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '10.0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '10.0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rspec
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '3.0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '3.0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: sentry-ruby
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: 4.2.0
62
+ type: :runtime
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: 4.2.0
69
+ description: Add missing sanitizing support for sentry-ruby (previous sentry-rav)
70
+ email:
71
+ - mrexox@outlook.com
72
+ executables: []
73
+ extensions: []
74
+ extra_rdoc_files: []
75
+ files:
76
+ - ".gitignore"
77
+ - ".rspec"
78
+ - ".travis.yml"
79
+ - Gemfile
80
+ - LICENSE.txt
81
+ - README.md
82
+ - Rakefile
83
+ - bin/console
84
+ - bin/setup
85
+ - lib/sentry-sanitizer.rb
86
+ - lib/sentry/sanitizer.rb
87
+ - lib/sentry/sanitizer/cleaner.rb
88
+ - lib/sentry/sanitizer/configuration.rb
89
+ - lib/sentry/sanitizer/version.rb
90
+ - sentry-sanitizer.gemspec
91
+ homepage: https://github.com/mrexox/sentry-sanitizer
92
+ licenses:
93
+ - BSD
94
+ metadata:
95
+ homepage_uri: https://github.com/mrexox/sentry-sanitizer
96
+ source_code_uri: https://github.com/mrexox/sentry-sanitizer
97
+ changelog_uri: https://github.com/mrexox/sentry-sanitizer
98
+ post_install_message:
99
+ rdoc_options: []
100
+ require_paths:
101
+ - lib
102
+ required_ruby_version: !ruby/object:Gem::Requirement
103
+ requirements:
104
+ - - ">="
105
+ - !ruby/object:Gem::Version
106
+ version: '0'
107
+ required_rubygems_version: !ruby/object:Gem::Requirement
108
+ requirements:
109
+ - - ">="
110
+ - !ruby/object:Gem::Version
111
+ version: '0'
112
+ requirements: []
113
+ rubygems_version: 3.1.4
114
+ signing_key:
115
+ specification_version: 4
116
+ summary: Sanitizing middleware for sentry-ruby gem
117
+ test_files: []