strike 0.3.1

data/.gitignore

@@ -0,0 +1,20 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+.rbx
+pkg
+*.db

data/Gemfile

@@ -0,0 +1,7 @@
+source 'https://rubygems.org'
+
+gemspec
+
+group :test do
+  gem 'minitest'
+end

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2012 Juan Hernández
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,95 @@
+# Strike
+
+Command line script to generate mysql dump with encrypted data.
+This is a wrapper arround the [my_obfuscate][my_obfuscate] gem.
+
+## Installation
+
+To install it:
+
+    $ gem install strike
+
+Or install it yourself:
+
+    $ bundle install
+    $ bundle exec rake install
+
+## Usage
+
+To see all the options execute:
+
+    $ strike help
+
+To generate a new dump, use the following command:
+
+    $ strike dump mysql://root@localhost/db_production --profile=tables.rb > obfuscated_dump.sql
+
+This command dumps the `database_url` following the tables defined in the `profile`
+file (defaults to `Strikefile`). The default dump output is STDOUT.
+
+The `database_url` must have one of the following formats:
+
+    mysql://user:password@host/database
+    mysql://user@host/database
+
+It uses the same database url format than [Sequel][sequel].
+
+## Profile file
+
+The profile file is a ruby file with the definitions of the tables that hold
+the data that needs to be obfuscated or encrypted. The definitions has
+the same format that is specified by the [my_obfuscate][my_obfuscate] gem,
+but with a convenient DSL. Not all the data of all the tables needs
+to be defined.
+
+By default, the command will search for a `Strikefile` in the current directory.
+
+Example profile file:
+
+```ruby
+# tables_definition.rb
+
+table :users do |t|
+  # t.column_name :obfuscation_type
+  t.name          :first_name
+  t.email         :email
+end
+
+def some_method
+  'Fixed title'
+end
+
+table :movies do |t|
+  t.title type: fixed, string: some_method
+  t.date  type: fixed, string: proc { |row| DateTime.now }
+end
+```
+
+## Dependencies
+
+* `mysqldump`: to create the dump to manipulate.
+* [my_obfuscate][my_obfuscate]: the core of this utility.
+* [Sequel][sequel]: extracts the info for the non defined tables.
+* [Thor][thor]: cli utilities.
+
+## Notes
+
+* It is only 1.9 compliant.
+* Only supports `mysql`.
+
+## Why that name?
+
+Comes from [S.T.R.I.K.E][strike].
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request
+
+[my_obfuscate]: https://github.com/jbraeuer/my_obfuscate/
+[sequel]: http://sequel.rubyforge.org/
+[thor]: https://github.com/wycats/thor
+[strike]: http://en.wikipedia.org/wiki/S.T.R.I.K.E

data/Rakefile

@@ -0,0 +1,7 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new do |t|
+  t.pattern = "test/**/*_test.rb"
+end

data/TODO.md

@@ -0,0 +1,6 @@
+# TODO:
+
+* Log info in /var/log/strike/`database`-`timestamp`.log
+* Options
+  - log: alternative log file
+* BETTER TESTS!

data/VERSION

@@ -0,0 +1 @@
+0.3.1

data/bin/strike

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+
+$:.unshift File.dirname(__FILE__) + '/../lib'
+require 'strike'
+
+Strike.start(ARGV.dup)

data/lib/strike.rb

@@ -0,0 +1,78 @@
+# encoding: utf-8
+
+require 'rubygems'
+require 'bundler'
+Bundler.require(:default)
+
+require 'tempfile'
+require 'thor'
+
+class Strike < Thor
+  require 'strike/interpreter'
+  require 'strike/agent'
+
+  include Thor::Actions
+
+  desc 'version', 'Show version'
+  def version
+    $stdout.puts "v#{IO.read(File.expand_path('../../VERSION', __FILE__))}"
+  end
+
+  desc 'dump <database_url>', 'Dump the <database_url> to STDOUT.'
+  long_desc <<-DESC
+    Dump the <database_url> following the table definitions defined in the <profile>
+    (defaults to `Strikefile`). The default dump output is STDOUT.
+
+    The <database_url> must have one of the following formats:
+
+    \x5\tmysql://user:password@host/database
+    \x5\tmysql://user@host/database
+
+    Usage example:
+
+    $ strike dump mysql://root@localhost/db_production > dump.sql
+
+    $ strike dump mysql://root:secret@localhost/db_production --profile=tables.rb > dump.sql
+
+    The tables are defined with a DSL, which is a wrapper
+    arround the obfuscation types defined in the MyObfuscate gem.
+
+    Example:
+    \x5\t# tables.rb
+    \x5\ttable :users do |t|
+    \x5\t  # t.column_name :obfuscation_type
+    \x5\t  t.name          :first_name
+    \x5\t  t.email         :email
+    \x5\tend
+  DESC
+  method_option :profile,
+                aliases:   '-p',
+                type:      :string,
+                default:   'Strikefile',
+                required:  true,
+                desc:      'Profile with the table definitions.'
+  method_option :output,
+                aliases:   '-o',
+                type:      :string,
+                required:  false,
+                desc:      'Output file. If none is given, outputs to STDOUT.'
+  def dump(database_url)
+    file = options[:profile]
+
+    if options[:output]
+      modes  = File::CREAT|File::TRUNC|File::RDWR
+      output = File.new(options[:output], modes, 0644)
+    end
+
+    if file && File.exist?(file)
+      File.open(file) do |profile|
+        tables = Interpreter.new.parse(profile.read)
+        Agent.new.call(self, database_url, tables, output || $stdout)
+      end
+    else
+      $stdout.puts "Profile Error: No such file #{file}"
+    end
+  ensure
+    output.close if output
+  end
+end

data/lib/strike/agent.rb

@@ -0,0 +1,108 @@
+# encoding: utf-8
+
+require 'bundler'
+Bundler.require(:default)
+
+require 'mysql2'
+require 'sequel'
+require 'my_obfuscate'
+
+class Strike
+  class Agent
+    def initialize(config = {})
+      @db_connector      = config[:db_connector]
+      @dumpfile_source   = config[:dumpfile_source]
+      @obfuscator_source = config[:obfuscator_source]
+    end
+
+    def connect_to_db(database_url)
+      db_connector.call(database_url.gsub(/^mysql:/, 'mysql2:'))
+    end
+    protected :connect_to_db
+
+    def db_connector
+      @db_connector ||= Sequel.public_method(:connect)
+    end
+    protected :db_connector
+
+    def call(cli, database_url, tables, output = $stdout)
+      @cli    = cli
+      @db     = connect_to_db(database_url)
+      @tables = tables
+
+      tempfile do |file|
+        dump_data(@db.opts, file)
+        obfuscate_data(file, output)
+      end
+    end
+
+    def tempfile(&block)
+      tmp = dumpfile_source.call(['original_dump', 'sql']) do |file|
+        block.call(file)
+        file
+      end
+    ensure
+      tmp.unlink if tmp
+    end
+    protected :tempfile
+
+    def dumpfile_source
+      @dumpfile_source ||= Tempfile.public_method(:open)
+    end
+    protected :dumpfile_source
+
+    # TODO: support more databases
+    def dump_data(db_config, file)
+      dump_options = %w(-c
+                        --add-drop-table
+                        --add-locks
+                        --single-transaction
+                        --set-charset
+                        --create-options
+                        --disable-keys
+                        --quick).join(' ')
+      dump_options << " -u #{db_config[:user]}" if db_config[:user]
+      dump_options << " -h #{db_config[:host]}" if db_config[:host]
+      dump_options << " -P #{db_config[:port]}" if db_config[:port]
+      dump_options << " -p#{db_config[:password]}" if db_config[:password]
+      dump_options << " #{db_config[:database]}"
+
+      run dump_cmd(dump_options, file)
+    end
+
+    def dump_cmd(options, file)
+      "mysqldump #{options} > #{file.path}"
+    end
+    protected :dump_cmd
+
+    def run(cmd)
+      @cli.run cmd, verbose: false, capture: true
+    end
+    protected :run
+
+    def obfuscate_data(input, output)
+      obfuscator = obfuscator_source.call(table_definitions)
+      obfuscator.globally_kept_columns = %w(id created_at updated_at)
+
+      obfuscator.obfuscate(input, output)
+    end
+
+    def obfuscator_source
+      @obfuscator_source ||= MyObfuscate.public_method(:new)
+    end
+    protected :obfuscator_source
+
+    def table_definitions
+      db_tables.reduce({}) do |acc, table|
+        acc[table] = @tables[table].call
+        acc
+      end
+    end
+    protected :table_definitions
+
+    def db_tables
+      @db.tables
+    end
+    protected :db_tables
+  end
+end

data/lib/strike/interpreter.rb

@@ -0,0 +1,38 @@
+# encoding: utf-8
+
+require 'strike/table'
+
+class Strike
+  class Interpreter
+    attr_reader :tables
+
+    def initialize(table_source = nil)
+      @table_source = table_source
+      @tables ||= Hash.new { |h, k| h[k] = -> { :keep } }
+    end
+
+    # Parse the given profile and generate the tables defined in it.
+    #
+    # @param [String] profile the profile with the definitions.
+    # @return [Hash] all the tables defined in the profile.
+    def parse(profile)
+      instance_eval(profile)
+      tables
+    end
+
+    # Define a table and its tables.
+    #
+    # @param [String, Symbol] name the name of the table.
+    # @param [Proc] block the block to declare the definitions for the tables.
+    def table(name, &block)
+      table = table_source.call(&block)
+
+      @tables[name.to_sym] = table
+    end
+
+    def table_source
+      @table_source ||= Strike::Table.public_method(:new)
+    end
+    protected :table_source
+  end
+end

data/lib/strike/table.rb

@@ -0,0 +1,24 @@
+# encoding: utf-8
+
+class Strike
+  class Table
+    def initialize(&block)
+      @definition ||= {}
+      yield self if block_given?
+    end
+
+    def method_missing(method, *args, &block)
+      @definition[method] = block_given? ?  yield(self) : args.first
+
+      true
+    end
+
+    def call
+      to_hash
+    end
+
+    def to_hash
+      @definition
+    end
+  end
+end

data/strike.gemspec

@@ -0,0 +1,23 @@
+# encoding: utf-8
+
+Gem::Specification.new do |gem|
+  gem.authors       = ['Juan Hernández']
+  gem.email         = ['juan.hernandez@wuaki.tv']
+  gem.description   = %q{Dump a mysql database with sensitive data encrypted}
+  gem.summary       = %q{Dump a mysql database with sensitive data encrypted}
+  gem.homepage      = ''
+
+  gem.files         = `git ls-files`.split($\)
+  gem.executables   = ['strike']
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.name          = 'strike'
+  gem.require_paths = ['lib']
+  gem.version       = IO.read(File.expand_path('../VERSION', __FILE__))
+
+  gem.add_runtime_dependency 'rake',         '~> 0.9'
+  gem.add_runtime_dependency 'my_obfuscate', '~> 0.3.7'
+  gem.add_runtime_dependency 'sequel',       '~> 3.39'
+  gem.add_runtime_dependency 'mysql2',       '~> 0.3.11'
+  gem.add_runtime_dependency 'sqlite3',      '~> 1.3.6'
+  gem.add_runtime_dependency 'thor',         '~> 0.16.0'
+end

data/test/lib/strike/interpreter_test.rb

@@ -0,0 +1,44 @@
+# encoding: utf-8
+
+require_relative '../../minitest_helper'
+require 'strike/interpreter'
+
+class Strike::InterpreterTest < MiniTest::Unit::TestCase
+  def setup
+    @interpreter = Strike::Interpreter.new(table_source)
+    @profile = <<-PROFILE
+    table :users do |t|
+      t.name :first_name
+    end
+
+    table :movies
+    PROFILE
+  end
+
+  def test_should_parse_a_profile_into_tables
+    tables = @interpreter.parse(@profile)
+
+    assert_equal 2, tables.count
+    assert tables[:users]
+    assert tables[:movies]
+
+    table_mock.verify
+  end
+
+  def test_should_have_default_tables
+    tables = @interpreter.tables
+
+    assert_equal :keep, tables[:test].call
+    assert_equal :keep, tables[:test2].call
+  end
+
+  private
+
+  def table_source
+    ->(&block) { block ? block.call(table_mock) : table_mock }
+  end
+
+  def table_mock
+    @table_mock ||= MiniTest::Mock.new.expect(:name, true, [:first_name])
+  end
+end

data/test/lib/strike/table_test.rb

@@ -0,0 +1,35 @@
+# encoding: utf-8
+
+require_relative '../../minitest_helper'
+require 'strike/table'
+
+class Strike::TableTest < MiniTest::Unit::TestCase
+  def setup
+    @table = Strike::Table.new
+  end
+
+  def test_should_respond_to_missing_methods
+    assert @table.name(:test)
+    assert @table.test
+  end
+
+  def test_should_save_method_calls_as_hash
+    expected = { name: :test }
+    @table.name(:test)
+
+    assert_equal expected, @table.to_hash
+  end
+
+  def test_should_respond_to_call
+    assert_equal Hash.new, @table.call
+  end
+
+  def test_should_accept_a_block_when_its_initialized
+    table = Strike::Table.new do |t|
+      t.name :test
+    end
+    expected = { name: :test }
+
+    assert_equal expected, table.to_hash
+  end
+end

data/test/minitest_helper.rb

@@ -0,0 +1,4 @@
+# encoding: utf-8
+
+$:.unshift File.dirname(__FILE__) + '/../lib'
+require 'minitest/autorun'

metadata

@@ -0,0 +1,167 @@
+--- !ruby/object:Gem::Specification
+name: strike
+version: !ruby/object:Gem::Version
+  version: 0.3.1
+  prerelease: 
+platform: ruby
+authors:
+- Juan Hernández
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-09-19 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.9'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.9'
+- !ruby/object:Gem::Dependency
+  name: my_obfuscate
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.3.7
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.3.7
+- !ruby/object:Gem::Dependency
+  name: sequel
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.39'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.39'
+- !ruby/object:Gem::Dependency
+  name: mysql2
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.3.11
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.3.11
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.3.6
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.3.6
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.16.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.16.0
+description: Dump a mysql database with sensitive data encrypted
+email:
+- juan.hernandez@wuaki.tv
+executables:
+- strike
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- TODO.md
+- VERSION
+- bin/strike
+- lib/strike.rb
+- lib/strike/agent.rb
+- lib/strike/interpreter.rb
+- lib/strike/table.rb
+- strike.gemspec
+- test/lib/strike/interpreter_test.rb
+- test/lib/strike/table_test.rb
+- test/minitest_helper.rb
+homepage: ''
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -1697264933312532693
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -1697264933312532693
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: Dump a mysql database with sensitive data encrypted
+test_files:
+- test/lib/strike/interpreter_test.rb
+- test/lib/strike/table_test.rb
+- test/minitest_helper.rb