RubyGems - sentry-sanitizer - Versions diffs - 0.2.0 → 0.2.1 - Mend

sentry-sanitizer 0.2.0 → 0.2.1

Files changed (10) hide show

checksums.yaml +4 -4
data/.github/workflows/ci.yml +37 -0
data/CHANGELOG.md +6 -0
data/Gemfile.lock +10 -11
data/LICENSE.txt +8 -16
data/README.md +42 -7
data/lib/sentry/sanitizer/cleaner.rb +5 -8
data/lib/sentry/sanitizer/version.rb +1 -1
data/sentry-sanitizer.gemspec +5 -2
metadata +33 -17

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: aa6e89bd5636947019b12574187eb515d000a6d93bd48c3895bf3bf24e7564ca
-  data.tar.gz: 9a69894f2ed6903496162584c1ccb920d0e5a6ab3f75dc333c6c12dead8fc031
+  metadata.gz: 467bf578a00781bcbd0b1f6e239f9fcdbf9284130bb6e3816d0b772afbb9c910
+  data.tar.gz: 824f019bb5499f1829c188b76f97e63a749d6f6448c2a440a15c05dfe0053e62
 SHA512:
-  metadata.gz: 54510f582c6e9434700ce3db8735566bd4ef1af3b2fd2caaaeb1cb016503d2a84a22ad39d3637ba34fbb95ad86274508c72badb56a4b458278ef7afbd64f52f2
-  data.tar.gz: fdd38c2cce91b32436522520d318f7c0c7f54f87777c1bcdfc80e77109ff43518807adf560aed42c99a8b4bf4cc2abdcd806a56f6a9328836e6b159da0ae5deb
+  metadata.gz: 3be12a7b4c5043134879e9964d84ba4b0cb7ab3a7dd23898074f83e4679eb509e7badc189367aa9e9d2fb132ef24020bfbe2b3c7668e43b9ee79e169ade871a3
+  data.tar.gz: b81b96a41689cb976137f7c83db0f82687ea09420bd85f826a0d2554b562c5922fdd00c9fc1c461acca3f419eac161a31845c8d546d5ba3cac8bd7ca07128839

data/.github/workflows/ci.yml ADDED Viewed

@@ -0,0 +1,37 @@
+name: CI
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+jobs:
+  rspec:
+    name: Unit tests
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - { ruby_version: 2.4 }
+          - { ruby_version: 2.5 }
+          - { ruby_version: 2.4 }
+          - { ruby_version: 2.7 }
+          - { ruby_version: 3.0 }
+          - { ruby_version: jruby }
+    steps:
+      - uses: actions/checkout@v1
+      - name: Set up Ruby ${{ matrix.ruby_version }}
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler: 2
+          ruby-version: ${{ matrix.ruby_version }}
+      - name: Run specs
+        run: |
+          bundle install --jobs 4 --retry 3 --no-cache
+          bundle exec rspec
+      - uses: codecov/codecov-action@v1
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}

data/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,6 @@
+# Changelog
+## Unreleased
+## 0.2.1
+- Rework header cleaning to adhere to documentation in readme and not crash without configuration [#1](https://github.com/mrexox/sentry-sanitizer/pull/1)

data/Gemfile.lock CHANGED Viewed

@@ -1,29 +1,23 @@
 PATH
   remote: .
   specs:
-    sentry-sanitizer (0.2.0)
+    sentry-sanitizer (0.2.1)
       sentry-ruby (~> 4.2.0)
 GEM
   remote: https://rubygems.org/
   specs:
-    byebug (11.1.3)
-    coderay (1.1.3)
+    codecov (0.4.3)
+      simplecov (>= 0.15, < 0.22)
     concurrent-ruby (1.1.8)
     diff-lcs (1.4.4)
+    docile (1.3.5)
     faraday (1.3.0)
       faraday-net_http (~> 1.0)
       multipart-post (>= 1.2, < 3)
       ruby2_keywords
     faraday-net_http (1.0.1)
-    method_source (1.0.0)
     multipart-post (2.1.1)
-    pry (0.13.1)
-      coderay (~> 1.1)
-      method_source (~> 1.0)
-    pry-byebug (3.9.0)
-      byebug (~> 11.0)
-      pry (~> 0.13.0)
     rack (2.2.3)
     rake (10.5.0)
     rspec (3.10.0)
@@ -47,17 +41,22 @@ GEM
     sentry-ruby-core (4.2.0)
       concurrent-ruby
       faraday
+    simplecov (0.18.5)
+      docile (~> 1.1)
+      simplecov-html (~> 0.11)
+    simplecov-html (0.12.3)
 PLATFORMS
   ruby
 DEPENDENCIES
   bundler (>= 1.17)
-  pry-byebug
+  codecov
   rack
   rake (~> 10.0)
   rspec (~> 3.0)
   sentry-sanitizer!
+  simplecov (~> 0.18.5)
 BUNDLED WITH
    2.1.4

data/LICENSE.txt CHANGED Viewed

@@ -1,21 +1,13 @@
-The MIT License (MIT)
+The BSD-3-Clause license
 Copyright (c) 2021 Valentine Kiselev
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
+1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
+2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/README.md CHANGED Viewed

@@ -1,15 +1,27 @@
-# Sentry::Sanitizer
+![CI](https://github.com/mrexox/sentry-sanitizer/workflows/CI/badge.svg)
+[![Gem Version](https://badge.fury.io/rb/sentry-sanitizer.svg)](https://badge.fury.io/rb/sentry-sanitizer)
+[![codecov](https://codecov.io/gh/mrexox/sentry-sanitizer/branch/master/graph/badge.svg?token=QW93HCVI0W)](https://codecov.io/gh/mrexox/sentry-sanitizer)
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/sentry/sanitizer`. To experiment with that code, run `bin/console` for an interactive prompt.
+# sentry-sanitizer: sanitizing extension for sentry-ruby
-TODO: Delete this and the text above, and describe your gem
+This gem aimed to add sanitizing support to [sentry-ruby](https://rubygems.org/gems/sentry-ruby) gem.
+[sentry-raven](https://rubygems.org/gems/sentry-raven) gem had this apportunity but it is no longer supported. Moving from `sentry-raven` to `sentry-ruby` can surprise you with missing this ability. But you can still use `sentry-sanitizer` (with a little change to configuration).
+Currently this gem provides following features
+- [x] Sanitizing POST params
+- [x] Sanitizing HTTP headers
+- [x] Sanitizing cookies
+- [x] Sanitizing extras ([see](https://docs.sentry.io/platforms/ruby/enriching-events/context/#additional-data) `Sentry.set_extras`)
 ## Installation
+:warning: Please, don't use `0.1.*` version as it was experimental and not usable at all.
 Add this line to your application's Gemfile:
 ```ruby
-gem 'sentry-sanitizer'
+gem 'sentry-sanitizer', '>= 0.2.0'
 ```
 And then execute:
@@ -22,7 +34,30 @@ Or install it yourself as:
 ## Usage
-TODO: Write usage instructions here
+Add following lines to your Sentry configuration:
+```ruby
+Sentry.init do |config|
+  # ... your configuration
+  # If using Rails
+  config.sanitize.fields = Rails.application.config.filter_parameters
+  # You can also pass custom array
+  config.sanitize.fields = %w[password super_secret_token]
+  # HTTP headers can be sanitized too (it is case insensitive)
+  config.sanitize.http_headers = %w[Authorization X-Xsrf-Token]
+  # You can sanitize all HTTP headers with setting `true` value
+  config.sanitize.http_headers = true
+  # You can sanitize all cookies with this setting
+  config.sanitize.cookies = true
+  # ...
+end
+```
 ## Development
@@ -32,8 +67,8 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
 ## Contributing
-Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/sentry-sanitizer.
+Bug reports and pull requests are welcome on GitHub at https://github.com/mrexox/sentry-sanitizer.
 ## License
-The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+The gem is available as open source under the terms of the [BSD-3-Clause License](https://opensource.org/licenses/BSD-3-Clause).

data/lib/sentry/sanitizer/cleaner.rb CHANGED Viewed

@@ -11,7 +11,7 @@ module Sentry
       def initialize(config)
         @fields = config.fields || []
-        @http_headers = config.http_headers || false
+        @http_headers = config.http_headers || DEFAULT_SENSITIVE_HEADERS
         @do_cookies = config.cookies || false
       end
@@ -57,13 +57,14 @@ module Sentry
       # Sanitize specified headers
       def sanitize_headers(headers)
-        case headers
+        case http_headers
         when TrueClass
           headers.transform_values { DEFAULT_MASK }
-        when Hash
+        when Array
           return headers unless http_headers.size.positive?
+          http_headers_regex = sensitive_regexp(http_headers)
-          headers.keys.select { |key| key.match?(sensitive_headers) }.each do |key|
+          headers.keys.select { |key| key.match?(http_headers_regex) }.each do |key|
             headers[key] = DEFAULT_MASK
           end
@@ -120,10 +121,6 @@ module Sentry
         @sensitive_fields ||= sensitive_regexp(fields)
       end
-      def sensitive_headers
-        @sensitive_headers ||= sensitive_regexp(DEFAULT_SENSITIVE_HEADERS | http_headers)
-      end
       def sensitive_regexp(fields)
         Regexp.new(fields.map { |field| "\\b#{field}\\b" }.join('|'), 'i')
       end

data/lib/sentry/sanitizer/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Sentry
   module Sanitizer
-    VERSION = '0.2.0'
+    VERSION = '0.2.1'
   end
 end

data/sentry-sanitizer.gemspec CHANGED Viewed

@@ -11,7 +11,7 @@ Gem::Specification.new do |spec|
   spec.email         = ['mrexox@outlook.com']
   spec.summary       = %q{Sanitizing middleware for sentry-ruby gem}
-  spec.description   = %q{Add missing sanitizing support for sentry-ruby (previous sentry-rav)}
+  spec.description   = %q{Add missing sanitizing support for sentry-ruby (previous sentry-raven)}
   spec.homepage      = 'https://github.com/mrexox/sentry-sanitizer'
   spec.license       = 'BSD'
@@ -27,11 +27,14 @@ Gem::Specification.new do |spec|
   spec.require_paths = ['lib']
+  # Codecov
+  spec.add_development_dependency 'codecov'
+  spec.add_development_dependency 'simplecov', '~> 0.18.5'
   spec.add_development_dependency 'bundler', '>= 1.17'
   spec.add_development_dependency 'rake', '~> 10.0'
   spec.add_development_dependency 'rspec', '~> 3.0'
   spec.add_development_dependency 'rack'
-  spec.add_development_dependency 'pry-byebug'
   spec.add_runtime_dependency 'sentry-ruby', '~> 4.2.0'
 end

metadata CHANGED Viewed

@@ -1,15 +1,43 @@
 --- !ruby/object:Gem::Specification
 name: sentry-sanitizer
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.2.1
 platform: ruby
 authors:
 - Valentine Kiselev
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-02-06 00:00:00.000000000 Z
+date: 2021-02-27 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: codecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.18.5
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.18.5
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -66,20 +94,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: pry-byebug
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: sentry-ruby
   requirement: !ruby/object:Gem::Requirement
@@ -94,16 +108,18 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 4.2.0
-description: Add missing sanitizing support for sentry-ruby (previous sentry-rav)
+description: Add missing sanitizing support for sentry-ruby (previous sentry-raven)
 email:
 - mrexox@outlook.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/ci.yml"
 - ".gitignore"
 - ".rspec"
 - ".travis.yml"
+- CHANGELOG.md
 - Gemfile
 - Gemfile.lock
 - LICENSE.txt