sentry-sanitizer 0.2.0 → 0.2.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: aa6e89bd5636947019b12574187eb515d000a6d93bd48c3895bf3bf24e7564ca
4
- data.tar.gz: 9a69894f2ed6903496162584c1ccb920d0e5a6ab3f75dc333c6c12dead8fc031
3
+ metadata.gz: 467bf578a00781bcbd0b1f6e239f9fcdbf9284130bb6e3816d0b772afbb9c910
4
+ data.tar.gz: 824f019bb5499f1829c188b76f97e63a749d6f6448c2a440a15c05dfe0053e62
5
5
  SHA512:
6
- metadata.gz: 54510f582c6e9434700ce3db8735566bd4ef1af3b2fd2caaaeb1cb016503d2a84a22ad39d3637ba34fbb95ad86274508c72badb56a4b458278ef7afbd64f52f2
7
- data.tar.gz: fdd38c2cce91b32436522520d318f7c0c7f54f87777c1bcdfc80e77109ff43518807adf560aed42c99a8b4bf4cc2abdcd806a56f6a9328836e6b159da0ae5deb
6
+ metadata.gz: 3be12a7b4c5043134879e9964d84ba4b0cb7ab3a7dd23898074f83e4679eb509e7badc189367aa9e9d2fb132ef24020bfbe2b3c7668e43b9ee79e169ade871a3
7
+ data.tar.gz: b81b96a41689cb976137f7c83db0f82687ea09420bd85f826a0d2554b562c5922fdd00c9fc1c461acca3f419eac161a31845c8d546d5ba3cac8bd7ca07128839
@@ -0,0 +1,37 @@
1
+ name: CI
2
+ on:
3
+ push:
4
+ branches:
5
+ - master
6
+ pull_request:
7
+
8
+ jobs:
9
+ rspec:
10
+ name: Unit tests
11
+ runs-on: ubuntu-latest
12
+ strategy:
13
+ matrix:
14
+ include:
15
+ - { ruby_version: 2.4 }
16
+ - { ruby_version: 2.5 }
17
+ - { ruby_version: 2.4 }
18
+ - { ruby_version: 2.7 }
19
+ - { ruby_version: 3.0 }
20
+ - { ruby_version: jruby }
21
+ steps:
22
+ - uses: actions/checkout@v1
23
+
24
+ - name: Set up Ruby ${{ matrix.ruby_version }}
25
+ uses: ruby/setup-ruby@v1
26
+ with:
27
+ bundler: 2
28
+ ruby-version: ${{ matrix.ruby_version }}
29
+
30
+ - name: Run specs
31
+ run: |
32
+ bundle install --jobs 4 --retry 3 --no-cache
33
+ bundle exec rspec
34
+
35
+ - uses: codecov/codecov-action@v1
36
+ with:
37
+ token: ${{ secrets.CODECOV_TOKEN }}
data/CHANGELOG.md ADDED
@@ -0,0 +1,6 @@
1
+ # Changelog
2
+
3
+ ## Unreleased
4
+
5
+ ## 0.2.1
6
+ - Rework header cleaning to adhere to documentation in readme and not crash without configuration [#1](https://github.com/mrexox/sentry-sanitizer/pull/1)
data/Gemfile.lock CHANGED
@@ -1,29 +1,23 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- sentry-sanitizer (0.2.0)
4
+ sentry-sanitizer (0.2.1)
5
5
  sentry-ruby (~> 4.2.0)
6
6
 
7
7
  GEM
8
8
  remote: https://rubygems.org/
9
9
  specs:
10
- byebug (11.1.3)
11
- coderay (1.1.3)
10
+ codecov (0.4.3)
11
+ simplecov (>= 0.15, < 0.22)
12
12
  concurrent-ruby (1.1.8)
13
13
  diff-lcs (1.4.4)
14
+ docile (1.3.5)
14
15
  faraday (1.3.0)
15
16
  faraday-net_http (~> 1.0)
16
17
  multipart-post (>= 1.2, < 3)
17
18
  ruby2_keywords
18
19
  faraday-net_http (1.0.1)
19
- method_source (1.0.0)
20
20
  multipart-post (2.1.1)
21
- pry (0.13.1)
22
- coderay (~> 1.1)
23
- method_source (~> 1.0)
24
- pry-byebug (3.9.0)
25
- byebug (~> 11.0)
26
- pry (~> 0.13.0)
27
21
  rack (2.2.3)
28
22
  rake (10.5.0)
29
23
  rspec (3.10.0)
@@ -47,17 +41,22 @@ GEM
47
41
  sentry-ruby-core (4.2.0)
48
42
  concurrent-ruby
49
43
  faraday
44
+ simplecov (0.18.5)
45
+ docile (~> 1.1)
46
+ simplecov-html (~> 0.11)
47
+ simplecov-html (0.12.3)
50
48
 
51
49
  PLATFORMS
52
50
  ruby
53
51
 
54
52
  DEPENDENCIES
55
53
  bundler (>= 1.17)
56
- pry-byebug
54
+ codecov
57
55
  rack
58
56
  rake (~> 10.0)
59
57
  rspec (~> 3.0)
60
58
  sentry-sanitizer!
59
+ simplecov (~> 0.18.5)
61
60
 
62
61
  BUNDLED WITH
63
62
  2.1.4
data/LICENSE.txt CHANGED
@@ -1,21 +1,13 @@
1
- The MIT License (MIT)
1
+ The BSD-3-Clause license
2
2
 
3
3
  Copyright (c) 2021 Valentine Kiselev
4
4
 
5
- Permission is hereby granted, free of charge, to any person obtaining a copy
6
- of this software and associated documentation files (the "Software"), to deal
7
- in the Software without restriction, including without limitation the rights
8
- to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
- copies of the Software, and to permit persons to whom the Software is
10
- furnished to do so, subject to the following conditions:
5
+ Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
11
6
 
12
- The above copyright notice and this permission notice shall be included in
13
- all copies or substantial portions of the Software.
7
+ 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
14
8
 
15
- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
- AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
- OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
- THE SOFTWARE.
9
+ 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
10
+
11
+ 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
12
+
13
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
data/README.md CHANGED
@@ -1,15 +1,27 @@
1
- # Sentry::Sanitizer
1
+ ![CI](https://github.com/mrexox/sentry-sanitizer/workflows/CI/badge.svg)
2
+ [![Gem Version](https://badge.fury.io/rb/sentry-sanitizer.svg)](https://badge.fury.io/rb/sentry-sanitizer)
3
+ [![codecov](https://codecov.io/gh/mrexox/sentry-sanitizer/branch/master/graph/badge.svg?token=QW93HCVI0W)](https://codecov.io/gh/mrexox/sentry-sanitizer)
2
4
 
3
- Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/sentry/sanitizer`. To experiment with that code, run `bin/console` for an interactive prompt.
5
+ # sentry-sanitizer: sanitizing extension for sentry-ruby
4
6
 
5
- TODO: Delete this and the text above, and describe your gem
7
+ This gem aimed to add sanitizing support to [sentry-ruby](https://rubygems.org/gems/sentry-ruby) gem.
8
+
9
+ [sentry-raven](https://rubygems.org/gems/sentry-raven) gem had this apportunity but it is no longer supported. Moving from `sentry-raven` to `sentry-ruby` can surprise you with missing this ability. But you can still use `sentry-sanitizer` (with a little change to configuration).
10
+
11
+ Currently this gem provides following features
12
+ - [x] Sanitizing POST params
13
+ - [x] Sanitizing HTTP headers
14
+ - [x] Sanitizing cookies
15
+ - [x] Sanitizing extras ([see](https://docs.sentry.io/platforms/ruby/enriching-events/context/#additional-data) `Sentry.set_extras`)
6
16
 
7
17
  ## Installation
8
18
 
19
+ :warning: Please, don't use `0.1.*` version as it was experimental and not usable at all.
20
+
9
21
  Add this line to your application's Gemfile:
10
22
 
11
23
  ```ruby
12
- gem 'sentry-sanitizer'
24
+ gem 'sentry-sanitizer', '>= 0.2.0'
13
25
  ```
14
26
 
15
27
  And then execute:
@@ -22,7 +34,30 @@ Or install it yourself as:
22
34
 
23
35
  ## Usage
24
36
 
25
- TODO: Write usage instructions here
37
+ Add following lines to your Sentry configuration:
38
+
39
+ ```ruby
40
+ Sentry.init do |config|
41
+ # ... your configuration
42
+
43
+ # If using Rails
44
+ config.sanitize.fields = Rails.application.config.filter_parameters
45
+
46
+ # You can also pass custom array
47
+ config.sanitize.fields = %w[password super_secret_token]
48
+
49
+ # HTTP headers can be sanitized too (it is case insensitive)
50
+ config.sanitize.http_headers = %w[Authorization X-Xsrf-Token]
51
+
52
+ # You can sanitize all HTTP headers with setting `true` value
53
+ config.sanitize.http_headers = true
54
+
55
+ # You can sanitize all cookies with this setting
56
+ config.sanitize.cookies = true
57
+
58
+ # ...
59
+ end
60
+ ```
26
61
 
27
62
  ## Development
28
63
 
@@ -32,8 +67,8 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
32
67
 
33
68
  ## Contributing
34
69
 
35
- Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/sentry-sanitizer.
70
+ Bug reports and pull requests are welcome on GitHub at https://github.com/mrexox/sentry-sanitizer.
36
71
 
37
72
  ## License
38
73
 
39
- The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
74
+ The gem is available as open source under the terms of the [BSD-3-Clause License](https://opensource.org/licenses/BSD-3-Clause).
@@ -11,7 +11,7 @@ module Sentry
11
11
 
12
12
  def initialize(config)
13
13
  @fields = config.fields || []
14
- @http_headers = config.http_headers || false
14
+ @http_headers = config.http_headers || DEFAULT_SENSITIVE_HEADERS
15
15
  @do_cookies = config.cookies || false
16
16
  end
17
17
 
@@ -57,13 +57,14 @@ module Sentry
57
57
 
58
58
  # Sanitize specified headers
59
59
  def sanitize_headers(headers)
60
- case headers
60
+ case http_headers
61
61
  when TrueClass
62
62
  headers.transform_values { DEFAULT_MASK }
63
- when Hash
63
+ when Array
64
64
  return headers unless http_headers.size.positive?
65
+ http_headers_regex = sensitive_regexp(http_headers)
65
66
 
66
- headers.keys.select { |key| key.match?(sensitive_headers) }.each do |key|
67
+ headers.keys.select { |key| key.match?(http_headers_regex) }.each do |key|
67
68
  headers[key] = DEFAULT_MASK
68
69
  end
69
70
 
@@ -120,10 +121,6 @@ module Sentry
120
121
  @sensitive_fields ||= sensitive_regexp(fields)
121
122
  end
122
123
 
123
- def sensitive_headers
124
- @sensitive_headers ||= sensitive_regexp(DEFAULT_SENSITIVE_HEADERS | http_headers)
125
- end
126
-
127
124
  def sensitive_regexp(fields)
128
125
  Regexp.new(fields.map { |field| "\\b#{field}\\b" }.join('|'), 'i')
129
126
  end
@@ -1,5 +1,5 @@
1
1
  module Sentry
2
2
  module Sanitizer
3
- VERSION = '0.2.0'
3
+ VERSION = '0.2.1'
4
4
  end
5
5
  end
@@ -11,7 +11,7 @@ Gem::Specification.new do |spec|
11
11
  spec.email = ['mrexox@outlook.com']
12
12
 
13
13
  spec.summary = %q{Sanitizing middleware for sentry-ruby gem}
14
- spec.description = %q{Add missing sanitizing support for sentry-ruby (previous sentry-rav)}
14
+ spec.description = %q{Add missing sanitizing support for sentry-ruby (previous sentry-raven)}
15
15
  spec.homepage = 'https://github.com/mrexox/sentry-sanitizer'
16
16
  spec.license = 'BSD'
17
17
 
@@ -27,11 +27,14 @@ Gem::Specification.new do |spec|
27
27
 
28
28
  spec.require_paths = ['lib']
29
29
 
30
+ # Codecov
31
+ spec.add_development_dependency 'codecov'
32
+ spec.add_development_dependency 'simplecov', '~> 0.18.5'
33
+
30
34
  spec.add_development_dependency 'bundler', '>= 1.17'
31
35
  spec.add_development_dependency 'rake', '~> 10.0'
32
36
  spec.add_development_dependency 'rspec', '~> 3.0'
33
37
  spec.add_development_dependency 'rack'
34
- spec.add_development_dependency 'pry-byebug'
35
38
 
36
39
  spec.add_runtime_dependency 'sentry-ruby', '~> 4.2.0'
37
40
  end
metadata CHANGED
@@ -1,15 +1,43 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sentry-sanitizer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Valentine Kiselev
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-02-06 00:00:00.000000000 Z
11
+ date: 2021-02-27 00:00:00.000000000 Z
12
12
  dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: codecov
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: simplecov
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: 0.18.5
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: 0.18.5
13
41
  - !ruby/object:Gem::Dependency
14
42
  name: bundler
15
43
  requirement: !ruby/object:Gem::Requirement
@@ -66,20 +94,6 @@ dependencies:
66
94
  - - ">="
67
95
  - !ruby/object:Gem::Version
68
96
  version: '0'
69
- - !ruby/object:Gem::Dependency
70
- name: pry-byebug
71
- requirement: !ruby/object:Gem::Requirement
72
- requirements:
73
- - - ">="
74
- - !ruby/object:Gem::Version
75
- version: '0'
76
- type: :development
77
- prerelease: false
78
- version_requirements: !ruby/object:Gem::Requirement
79
- requirements:
80
- - - ">="
81
- - !ruby/object:Gem::Version
82
- version: '0'
83
97
  - !ruby/object:Gem::Dependency
84
98
  name: sentry-ruby
85
99
  requirement: !ruby/object:Gem::Requirement
@@ -94,16 +108,18 @@ dependencies:
94
108
  - - "~>"
95
109
  - !ruby/object:Gem::Version
96
110
  version: 4.2.0
97
- description: Add missing sanitizing support for sentry-ruby (previous sentry-rav)
111
+ description: Add missing sanitizing support for sentry-ruby (previous sentry-raven)
98
112
  email:
99
113
  - mrexox@outlook.com
100
114
  executables: []
101
115
  extensions: []
102
116
  extra_rdoc_files: []
103
117
  files:
118
+ - ".github/workflows/ci.yml"
104
119
  - ".gitignore"
105
120
  - ".rspec"
106
121
  - ".travis.yml"
122
+ - CHANGELOG.md
107
123
  - Gemfile
108
124
  - Gemfile.lock
109
125
  - LICENSE.txt