sentry-sanitizer 0.2.0 → 0.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +37 -0
- data/CHANGELOG.md +6 -0
- data/Gemfile.lock +10 -11
- data/LICENSE.txt +8 -16
- data/README.md +42 -7
- data/lib/sentry/sanitizer/cleaner.rb +5 -8
- data/lib/sentry/sanitizer/version.rb +1 -1
- data/sentry-sanitizer.gemspec +5 -2
- metadata +33 -17
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 467bf578a00781bcbd0b1f6e239f9fcdbf9284130bb6e3816d0b772afbb9c910
|
4
|
+
data.tar.gz: 824f019bb5499f1829c188b76f97e63a749d6f6448c2a440a15c05dfe0053e62
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3be12a7b4c5043134879e9964d84ba4b0cb7ab3a7dd23898074f83e4679eb509e7badc189367aa9e9d2fb132ef24020bfbe2b3c7668e43b9ee79e169ade871a3
|
7
|
+
data.tar.gz: b81b96a41689cb976137f7c83db0f82687ea09420bd85f826a0d2554b562c5922fdd00c9fc1c461acca3f419eac161a31845c8d546d5ba3cac8bd7ca07128839
|
@@ -0,0 +1,37 @@
|
|
1
|
+
name: CI
|
2
|
+
on:
|
3
|
+
push:
|
4
|
+
branches:
|
5
|
+
- master
|
6
|
+
pull_request:
|
7
|
+
|
8
|
+
jobs:
|
9
|
+
rspec:
|
10
|
+
name: Unit tests
|
11
|
+
runs-on: ubuntu-latest
|
12
|
+
strategy:
|
13
|
+
matrix:
|
14
|
+
include:
|
15
|
+
- { ruby_version: 2.4 }
|
16
|
+
- { ruby_version: 2.5 }
|
17
|
+
- { ruby_version: 2.4 }
|
18
|
+
- { ruby_version: 2.7 }
|
19
|
+
- { ruby_version: 3.0 }
|
20
|
+
- { ruby_version: jruby }
|
21
|
+
steps:
|
22
|
+
- uses: actions/checkout@v1
|
23
|
+
|
24
|
+
- name: Set up Ruby ${{ matrix.ruby_version }}
|
25
|
+
uses: ruby/setup-ruby@v1
|
26
|
+
with:
|
27
|
+
bundler: 2
|
28
|
+
ruby-version: ${{ matrix.ruby_version }}
|
29
|
+
|
30
|
+
- name: Run specs
|
31
|
+
run: |
|
32
|
+
bundle install --jobs 4 --retry 3 --no-cache
|
33
|
+
bundle exec rspec
|
34
|
+
|
35
|
+
- uses: codecov/codecov-action@v1
|
36
|
+
with:
|
37
|
+
token: ${{ secrets.CODECOV_TOKEN }}
|
data/CHANGELOG.md
ADDED
data/Gemfile.lock
CHANGED
@@ -1,29 +1,23 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
sentry-sanitizer (0.2.
|
4
|
+
sentry-sanitizer (0.2.1)
|
5
5
|
sentry-ruby (~> 4.2.0)
|
6
6
|
|
7
7
|
GEM
|
8
8
|
remote: https://rubygems.org/
|
9
9
|
specs:
|
10
|
-
|
11
|
-
|
10
|
+
codecov (0.4.3)
|
11
|
+
simplecov (>= 0.15, < 0.22)
|
12
12
|
concurrent-ruby (1.1.8)
|
13
13
|
diff-lcs (1.4.4)
|
14
|
+
docile (1.3.5)
|
14
15
|
faraday (1.3.0)
|
15
16
|
faraday-net_http (~> 1.0)
|
16
17
|
multipart-post (>= 1.2, < 3)
|
17
18
|
ruby2_keywords
|
18
19
|
faraday-net_http (1.0.1)
|
19
|
-
method_source (1.0.0)
|
20
20
|
multipart-post (2.1.1)
|
21
|
-
pry (0.13.1)
|
22
|
-
coderay (~> 1.1)
|
23
|
-
method_source (~> 1.0)
|
24
|
-
pry-byebug (3.9.0)
|
25
|
-
byebug (~> 11.0)
|
26
|
-
pry (~> 0.13.0)
|
27
21
|
rack (2.2.3)
|
28
22
|
rake (10.5.0)
|
29
23
|
rspec (3.10.0)
|
@@ -47,17 +41,22 @@ GEM
|
|
47
41
|
sentry-ruby-core (4.2.0)
|
48
42
|
concurrent-ruby
|
49
43
|
faraday
|
44
|
+
simplecov (0.18.5)
|
45
|
+
docile (~> 1.1)
|
46
|
+
simplecov-html (~> 0.11)
|
47
|
+
simplecov-html (0.12.3)
|
50
48
|
|
51
49
|
PLATFORMS
|
52
50
|
ruby
|
53
51
|
|
54
52
|
DEPENDENCIES
|
55
53
|
bundler (>= 1.17)
|
56
|
-
|
54
|
+
codecov
|
57
55
|
rack
|
58
56
|
rake (~> 10.0)
|
59
57
|
rspec (~> 3.0)
|
60
58
|
sentry-sanitizer!
|
59
|
+
simplecov (~> 0.18.5)
|
61
60
|
|
62
61
|
BUNDLED WITH
|
63
62
|
2.1.4
|
data/LICENSE.txt
CHANGED
@@ -1,21 +1,13 @@
|
|
1
|
-
The
|
1
|
+
The BSD-3-Clause license
|
2
2
|
|
3
3
|
Copyright (c) 2021 Valentine Kiselev
|
4
4
|
|
5
|
-
|
6
|
-
of this software and associated documentation files (the "Software"), to deal
|
7
|
-
in the Software without restriction, including without limitation the rights
|
8
|
-
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
-
copies of the Software, and to permit persons to whom the Software is
|
10
|
-
furnished to do so, subject to the following conditions:
|
5
|
+
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
|
11
6
|
|
12
|
-
|
13
|
-
all copies or substantial portions of the Software.
|
7
|
+
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
|
14
8
|
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
-
THE SOFTWARE.
|
9
|
+
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
|
10
|
+
|
11
|
+
3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
|
12
|
+
|
13
|
+
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
data/README.md
CHANGED
@@ -1,15 +1,27 @@
|
|
1
|
-
|
1
|
+
![CI](https://github.com/mrexox/sentry-sanitizer/workflows/CI/badge.svg)
|
2
|
+
[![Gem Version](https://badge.fury.io/rb/sentry-sanitizer.svg)](https://badge.fury.io/rb/sentry-sanitizer)
|
3
|
+
[![codecov](https://codecov.io/gh/mrexox/sentry-sanitizer/branch/master/graph/badge.svg?token=QW93HCVI0W)](https://codecov.io/gh/mrexox/sentry-sanitizer)
|
2
4
|
|
3
|
-
|
5
|
+
# sentry-sanitizer: sanitizing extension for sentry-ruby
|
4
6
|
|
5
|
-
|
7
|
+
This gem aimed to add sanitizing support to [sentry-ruby](https://rubygems.org/gems/sentry-ruby) gem.
|
8
|
+
|
9
|
+
[sentry-raven](https://rubygems.org/gems/sentry-raven) gem had this apportunity but it is no longer supported. Moving from `sentry-raven` to `sentry-ruby` can surprise you with missing this ability. But you can still use `sentry-sanitizer` (with a little change to configuration).
|
10
|
+
|
11
|
+
Currently this gem provides following features
|
12
|
+
- [x] Sanitizing POST params
|
13
|
+
- [x] Sanitizing HTTP headers
|
14
|
+
- [x] Sanitizing cookies
|
15
|
+
- [x] Sanitizing extras ([see](https://docs.sentry.io/platforms/ruby/enriching-events/context/#additional-data) `Sentry.set_extras`)
|
6
16
|
|
7
17
|
## Installation
|
8
18
|
|
19
|
+
:warning: Please, don't use `0.1.*` version as it was experimental and not usable at all.
|
20
|
+
|
9
21
|
Add this line to your application's Gemfile:
|
10
22
|
|
11
23
|
```ruby
|
12
|
-
gem 'sentry-sanitizer'
|
24
|
+
gem 'sentry-sanitizer', '>= 0.2.0'
|
13
25
|
```
|
14
26
|
|
15
27
|
And then execute:
|
@@ -22,7 +34,30 @@ Or install it yourself as:
|
|
22
34
|
|
23
35
|
## Usage
|
24
36
|
|
25
|
-
|
37
|
+
Add following lines to your Sentry configuration:
|
38
|
+
|
39
|
+
```ruby
|
40
|
+
Sentry.init do |config|
|
41
|
+
# ... your configuration
|
42
|
+
|
43
|
+
# If using Rails
|
44
|
+
config.sanitize.fields = Rails.application.config.filter_parameters
|
45
|
+
|
46
|
+
# You can also pass custom array
|
47
|
+
config.sanitize.fields = %w[password super_secret_token]
|
48
|
+
|
49
|
+
# HTTP headers can be sanitized too (it is case insensitive)
|
50
|
+
config.sanitize.http_headers = %w[Authorization X-Xsrf-Token]
|
51
|
+
|
52
|
+
# You can sanitize all HTTP headers with setting `true` value
|
53
|
+
config.sanitize.http_headers = true
|
54
|
+
|
55
|
+
# You can sanitize all cookies with this setting
|
56
|
+
config.sanitize.cookies = true
|
57
|
+
|
58
|
+
# ...
|
59
|
+
end
|
60
|
+
```
|
26
61
|
|
27
62
|
## Development
|
28
63
|
|
@@ -32,8 +67,8 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
|
|
32
67
|
|
33
68
|
## Contributing
|
34
69
|
|
35
|
-
Bug reports and pull requests are welcome on GitHub at https://github.com/
|
70
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/mrexox/sentry-sanitizer.
|
36
71
|
|
37
72
|
## License
|
38
73
|
|
39
|
-
The gem is available as open source under the terms of the [
|
74
|
+
The gem is available as open source under the terms of the [BSD-3-Clause License](https://opensource.org/licenses/BSD-3-Clause).
|
@@ -11,7 +11,7 @@ module Sentry
|
|
11
11
|
|
12
12
|
def initialize(config)
|
13
13
|
@fields = config.fields || []
|
14
|
-
@http_headers = config.http_headers ||
|
14
|
+
@http_headers = config.http_headers || DEFAULT_SENSITIVE_HEADERS
|
15
15
|
@do_cookies = config.cookies || false
|
16
16
|
end
|
17
17
|
|
@@ -57,13 +57,14 @@ module Sentry
|
|
57
57
|
|
58
58
|
# Sanitize specified headers
|
59
59
|
def sanitize_headers(headers)
|
60
|
-
case
|
60
|
+
case http_headers
|
61
61
|
when TrueClass
|
62
62
|
headers.transform_values { DEFAULT_MASK }
|
63
|
-
when
|
63
|
+
when Array
|
64
64
|
return headers unless http_headers.size.positive?
|
65
|
+
http_headers_regex = sensitive_regexp(http_headers)
|
65
66
|
|
66
|
-
headers.keys.select { |key| key.match?(
|
67
|
+
headers.keys.select { |key| key.match?(http_headers_regex) }.each do |key|
|
67
68
|
headers[key] = DEFAULT_MASK
|
68
69
|
end
|
69
70
|
|
@@ -120,10 +121,6 @@ module Sentry
|
|
120
121
|
@sensitive_fields ||= sensitive_regexp(fields)
|
121
122
|
end
|
122
123
|
|
123
|
-
def sensitive_headers
|
124
|
-
@sensitive_headers ||= sensitive_regexp(DEFAULT_SENSITIVE_HEADERS | http_headers)
|
125
|
-
end
|
126
|
-
|
127
124
|
def sensitive_regexp(fields)
|
128
125
|
Regexp.new(fields.map { |field| "\\b#{field}\\b" }.join('|'), 'i')
|
129
126
|
end
|
data/sentry-sanitizer.gemspec
CHANGED
@@ -11,7 +11,7 @@ Gem::Specification.new do |spec|
|
|
11
11
|
spec.email = ['mrexox@outlook.com']
|
12
12
|
|
13
13
|
spec.summary = %q{Sanitizing middleware for sentry-ruby gem}
|
14
|
-
spec.description = %q{Add missing sanitizing support for sentry-ruby (previous sentry-
|
14
|
+
spec.description = %q{Add missing sanitizing support for sentry-ruby (previous sentry-raven)}
|
15
15
|
spec.homepage = 'https://github.com/mrexox/sentry-sanitizer'
|
16
16
|
spec.license = 'BSD'
|
17
17
|
|
@@ -27,11 +27,14 @@ Gem::Specification.new do |spec|
|
|
27
27
|
|
28
28
|
spec.require_paths = ['lib']
|
29
29
|
|
30
|
+
# Codecov
|
31
|
+
spec.add_development_dependency 'codecov'
|
32
|
+
spec.add_development_dependency 'simplecov', '~> 0.18.5'
|
33
|
+
|
30
34
|
spec.add_development_dependency 'bundler', '>= 1.17'
|
31
35
|
spec.add_development_dependency 'rake', '~> 10.0'
|
32
36
|
spec.add_development_dependency 'rspec', '~> 3.0'
|
33
37
|
spec.add_development_dependency 'rack'
|
34
|
-
spec.add_development_dependency 'pry-byebug'
|
35
38
|
|
36
39
|
spec.add_runtime_dependency 'sentry-ruby', '~> 4.2.0'
|
37
40
|
end
|
metadata
CHANGED
@@ -1,15 +1,43 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sentry-sanitizer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Valentine Kiselev
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-02-
|
11
|
+
date: 2021-02-27 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: codecov
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :development
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: simplecov
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: 0.18.5
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: 0.18.5
|
13
41
|
- !ruby/object:Gem::Dependency
|
14
42
|
name: bundler
|
15
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -66,20 +94,6 @@ dependencies:
|
|
66
94
|
- - ">="
|
67
95
|
- !ruby/object:Gem::Version
|
68
96
|
version: '0'
|
69
|
-
- !ruby/object:Gem::Dependency
|
70
|
-
name: pry-byebug
|
71
|
-
requirement: !ruby/object:Gem::Requirement
|
72
|
-
requirements:
|
73
|
-
- - ">="
|
74
|
-
- !ruby/object:Gem::Version
|
75
|
-
version: '0'
|
76
|
-
type: :development
|
77
|
-
prerelease: false
|
78
|
-
version_requirements: !ruby/object:Gem::Requirement
|
79
|
-
requirements:
|
80
|
-
- - ">="
|
81
|
-
- !ruby/object:Gem::Version
|
82
|
-
version: '0'
|
83
97
|
- !ruby/object:Gem::Dependency
|
84
98
|
name: sentry-ruby
|
85
99
|
requirement: !ruby/object:Gem::Requirement
|
@@ -94,16 +108,18 @@ dependencies:
|
|
94
108
|
- - "~>"
|
95
109
|
- !ruby/object:Gem::Version
|
96
110
|
version: 4.2.0
|
97
|
-
description: Add missing sanitizing support for sentry-ruby (previous sentry-
|
111
|
+
description: Add missing sanitizing support for sentry-ruby (previous sentry-raven)
|
98
112
|
email:
|
99
113
|
- mrexox@outlook.com
|
100
114
|
executables: []
|
101
115
|
extensions: []
|
102
116
|
extra_rdoc_files: []
|
103
117
|
files:
|
118
|
+
- ".github/workflows/ci.yml"
|
104
119
|
- ".gitignore"
|
105
120
|
- ".rspec"
|
106
121
|
- ".travis.yml"
|
122
|
+
- CHANGELOG.md
|
107
123
|
- Gemfile
|
108
124
|
- Gemfile.lock
|
109
125
|
- LICENSE.txt
|