RubyGems - survey-gizmo-ruby - Versions diffs - 6.2.10 → 6.2.11 - Mend

survey-gizmo-ruby 6.2.10 → 6.2.11

Files changed (9) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +3 -0
data/lib/survey_gizmo/logger.rb +15 -4
data/lib/survey_gizmo/version.rb +1 -1
data/spec/logger_spec.rb +77 -0
data/spec/resource_spec.rb +18 -16
data/spec/support/spec_shared_api_object.rb +13 -13
data/survey-gizmo-ruby.gemspec +2 -2
metadata +10 -8

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 897e97a443708a3bbc799f88257396b15c83d7d2
-  data.tar.gz: 9820bcf7514c52653e43752d9cf70c6466bac5fb
+  metadata.gz: 80f9cff758eafb0dc9a52c9d48c06d83094c3e6b
+  data.tar.gz: 2715840cd27fdf996c2f72b1cd53542e32ec9913
 SHA512:
-  metadata.gz: 943be94d1c52765db58f50013f41ef32cbacc0260540388a15dd108b4af4265d163861b8d2f3969955ff5f80fc3b7279c21bad43eabe90071b02c3b34b8a7419
-  data.tar.gz: 164399f8a1d3eaf1de4292f616467ef1d2d478faa77415649c6496efac4c17e5ad17ecddbce61b340655f274a62b8b15548f7add419582f290db16769ddc066b
+  metadata.gz: 551e3c4f4a93af34edc7d06ca47576f7355453dd3625c5631e9b7a4befd957970da1d14ac2bf38296055c0d4222e3f95de41e984b9a8839c7c55cbe68ebcd4cd
+  data.tar.gz: effefb9bda5c5d1975eaa8056b7fe4a096ea81512e046029420c5fb18eef70e7e7da7c1f72eef12a3e177c37ddd182ea73b9e8ae6ac965a5747e2cd81f742633

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,8 @@
 # Versions
+## 6.2.11
+* Bugfix: Mask CGI escaped (percent encoded) api tokens in logs
 ## 6.2.10
 * Fix question pipe parsing when there's an integer without quotes instead of a quoted string (#87)

data/lib/survey_gizmo/logger.rb CHANGED Viewed

@@ -2,11 +2,22 @@ require 'logger'
 module SurveyGizmo
   class Logger < ::Logger
-    def format_message(severity, timestamp, progname, msg)
-      msg.gsub!(/#{Regexp.quote(SurveyGizmo.configuration.api_token)}/, '<SG_API_KEY>') if SurveyGizmo.configuration.api_token
-      msg.gsub!(/#{Regexp.quote(SurveyGizmo.configuration.api_token_secret)}/, '<SG_API_SECRET>') if SurveyGizmo.configuration.api_token_secret
+    def format_message(severity, timestamp, progname, message)
+      if (api_token = SurveyGizmo.configuration.api_token)
+        message.gsub!(
+          /#{Regexp.quote(api_token)}|#{Regexp.quote(CGI.escape(api_token))}/,
+          '<SG_API_KEY>'
+        )
+      end
-      "#{timestamp.strftime('%Y-%m-%d %H:%M:%S')} #{severity} #{msg}\n"
+      if (api_token_secret = SurveyGizmo.configuration.api_token_secret)
+        message.gsub!(
+          /#{Regexp.quote(api_token_secret)}|#{Regexp.quote(CGI.escape(api_token_secret))}/,
+          '<SG_API_SECRET>'
+        )
+      end
+      "#{timestamp.strftime('%Y-%m-%d %H:%M:%S')} #{severity} #{message}\n"
     end
   end
 end

data/lib/survey_gizmo/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module SurveyGizmo
-  VERSION = '6.2.10'
+  VERSION = '6.2.11'
 end

data/spec/logger_spec.rb ADDED Viewed

@@ -0,0 +1,77 @@
+require 'spec_helper'
+describe SurveyGizmo::Configuration do
+  before(:each) do
+    SurveyGizmo.configure do |config|
+      config.api_token = 'king_of_the&whirled$'
+      config.api_token_secret = 'dream/word'
+    end
+    @severity = 'INFO'
+    @time_string = '2015-04-15 05:46:30'
+    @progname = 'TEST'
+  end
+  after(:each) do
+    SurveyGizmo.reset!
+  end
+  it 'should mask unencoded api token' do
+    config = SurveyGizmo.configuration
+    formatted_message = config.logger.format_message(
+      @severity,
+      @time_string.to_time,
+      @progname,
+      config.api_token
+    )
+    expect(
+      formatted_message
+    ).to eq(
+      "#{@time_string} #{@severity} <SG_API_KEY>\n"
+    )
+  end
+  it 'should mask percent encoded api token' do
+    config = SurveyGizmo.configuration
+    formatted_message = config.logger.format_message(
+      @severity,
+      @time_string.to_time,
+      @progname,
+      CGI.escape(config.api_token)
+    )
+    expect(
+      formatted_message
+    ).to eq(
+      "#{@time_string} #{@severity} <SG_API_KEY>\n"
+    )
+  end
+  it 'should mask unencoded api token secret' do
+    config = SurveyGizmo.configuration
+    formatted_message = config.logger.format_message(
+      @severity,
+      @time_string.to_time,
+      @progname,
+      config.api_token_secret
+    )
+    expect(
+      formatted_message
+    ).to eq(
+      "#{@time_string} #{@severity} <SG_API_SECRET>\n"
+    )
+  end
+  it 'should mask percent encoded api token secret' do
+    config = SurveyGizmo.configuration
+    formatted_message = config.logger.format_message(
+      @severity,
+      @time_string.to_time,
+      @progname,
+      CGI.escape(config.api_token_secret)
+    )
+    expect(
+      formatted_message
+    ).to eq(
+      "#{@time_string} #{@severity} <SG_API_SECRET>\n"
+    )
+  end
+end

data/spec/resource_spec.rb CHANGED Viewed

@@ -22,15 +22,15 @@ describe 'Survey Gizmo Resource' do
     it '#reload' do
       stub_request(:get, /#{@base}/).to_return(json_response(true, get_attributes))
       obj = described_class.new(get_attributes.merge(update_attributes))
-      obj.attributes.reject { |k, v| v.blank? }.should == get_attributes.merge(update_attributes)
+      expect(obj.attributes.reject { |k, v| v.blank? }).to eq(get_attributes.merge(update_attributes))
       obj.reload
-      obj.attributes.reject { |k, v| v.blank? }.should == get_attributes
+      expect(obj.attributes.reject { |k, v| v.blank? }).to eq(get_attributes)
     end
     it 'should raise an error if params are missing' do
-      lambda {
+      expect(lambda {
         SurveyGizmoSpec::ResourceTest.destroy(test_id: 5)
-      }.should raise_error(SurveyGizmo::URLError, 'Missing RESTful parameters in request: `:id`')
+      }).to raise_error(SurveyGizmo::URLError, 'Missing RESTful parameters in request: `:id`')
     end
     it_should_behave_like 'an API object'
@@ -73,8 +73,8 @@ describe 'Survey Gizmo Resource' do
       stub_request(:get, /#{@base}\/survey\/1\/surveyresponse/).to_return(json_response(true, []))
       survey = described_class.new(id: 1)
-      expect(survey.server_has_new_results_since?(Time.now)).to be_false
-      a_request(:get, /#{@base}\/survey\/1\/surveyresponse/).should have_been_made
+      expect(survey.server_has_new_results_since?(Time.now)).to be_falsey
+      expect(a_request(:get, /#{@base}\/survey\/1\/surveyresponse/)).to have_been_made
     end
   end
@@ -100,13 +100,13 @@ describe 'Survey Gizmo Resource' do
     end
     it 'should handle the _subtype key' do
-      described_class.new(:_subtype => 'radio').type.should == 'radio'
+      expect(described_class.new(:_subtype => 'radio').type).to eq('radio')
     end
     it 'should find the survey' do
       stub_request(:get, /#{@base}\/survey\/1234/).to_return(json_response(true, get_attributes))
       described_class.new(base_params).survey
-      a_request(:get, /#{@base}\/survey\/1234/).should have_been_made
+      expect(a_request(:get, /#{@base}\/survey\/1234/)).to have_been_made
     end
     context 'options' do
@@ -139,17 +139,17 @@ describe 'Survey Gizmo Resource' do
         it 'correctly parses options out of question data' do
           question = described_class.first(survey_id: survey_id, id: question_id)
-          expect(question.options.all? { |o| o.question_id == question_id && o.survey_id == survey_id }).to be_true
+          expect(question.options.all? { |o| o.question_id == question_id && o.survey_id == survey_id }).to be_truthy
           expect(question.options.map { |o| o.id }).to eq([10014, 10015])
-          a_request(:get, /#{@base}\/.*surveyoption/).should_not have_been_made
+          expect(a_request(:get, /#{@base}\/.*surveyoption/)).to_not have_been_made
         end
         it 'correctly parses sub question options' do
           question = described_class.new(survey_id: survey_id, id: question_id + 1, parent_question_id: question_id)
           expect(question.parent_question.id).to eq(described_class.new(body_data).id)
-          expect(question.options.all? { |o| o.question_id == question.id && o.survey_id == survey_id }).to be_true
+          expect(question.options.all? { |o| o.question_id == question.id && o.survey_id == survey_id }).to be_truthy
           expect(question.options.map { |o| o.id }).to eq([10014, 10015])
-          a_request(:get, /#{@base}\/survey\/#{survey_id}\/surveyquestion\/#{question_id}/).should have_been_made
+          expect(a_request(:get, /#{@base}\/survey\/#{survey_id}\/surveyquestion\/#{question_id}/)).to have_been_made
         end
       end
     end
@@ -168,8 +168,10 @@ describe 'Survey Gizmo Resource' do
         expect(question_with_subquestions.sub_questions.size).to eq(2)
         question_with_subquestions.sub_questions.first.parent_question
-        a_request(:get, /#{@base}\/survey\/1234\/surveyquestion\/#{parent_id}/).should have_been_made
-        skus.each { |sku| a_request(:get, /#{@base}\/survey\/1234\/surveyquestion\/#{sku}/).should have_been_made }
+        expect(a_request(:get, /#{@base}\/survey\/1234\/surveyquestion\/#{parent_id}/)).to have_been_made
+        skus.each do |sku|
+          expect(a_request(:get, /#{@base}\/survey\/1234\/surveyquestion\/#{sku}/)).to have_been_made
+        end
       end
       context 'and shortname' do
@@ -181,8 +183,8 @@ describe 'Survey Gizmo Resource' do
           expect(question_with_subquestions.sub_questions.size).to eq(2)
           question_with_subquestions.sub_questions.first.parent_question
-          a_request(:get, /#{@base}\/survey\/1234\/surveyquestion\/#{parent_id}/).should have_been_made
-          a_request(:get, /#{@base}\/survey\/1234\/surveyquestion\/#{sku}/).should have_been_made
+          expect(a_request(:get, /#{@base}\/survey\/1234\/surveyquestion\/#{parent_id}/)).to have_been_made
+          expect(a_request(:get, /#{@base}\/survey\/1234\/surveyquestion\/#{sku}/)).to have_been_made
         end
       end
     end

data/spec/support/spec_shared_api_object.rb CHANGED Viewed

@@ -8,7 +8,7 @@ shared_examples_for 'an API object' do
       stub_api_call(:put)
       obj = described_class.create(create_attributes)
-      obj.should be_instance_of(described_class)
+      expect(obj).to be_instance_of(described_class)
       a_request(:put, /#{@base}#{uri_paths[:create]}/).should have_been_made
     end
@@ -16,7 +16,7 @@ shared_examples_for 'an API object' do
       stub_request(:put, /#{@base}/).to_return(json_response(true, create_attributes))
       obj = described_class.create(create_attributes)
-      obj.attributes.reject { |k, v| v.blank? }.should == (create_attributes_to_compare || create_attributes)
+      expect(obj.attributes.reject { |k, v| v.blank? }).to eq(create_attributes_to_compare || create_attributes)
     end
   end
@@ -24,8 +24,8 @@ shared_examples_for 'an API object' do
     it "should make a request and set the attributes" do
       stub_request(:get, /#{@base}/).to_return(json_response(true, get_attributes))
       obj = described_class.first(first_params)
-      a_request(:get, /#{@base}#{uri_paths[:get]}/).should have_been_made
-      obj.attributes.reject { |k, v| v.blank? }.should == (get_attributes_to_compare || get_attributes)
+      expect(a_request(:get, /#{@base}#{uri_paths[:get]}/)).to have_been_made
+      expect(obj.attributes.reject { |k, v| v.blank? }).to eq(get_attributes_to_compare || get_attributes)
     end
     it "should return false if the request fails" do
@@ -42,7 +42,7 @@ shared_examples_for 'an API object' do
     it "should make a request" do
       stub_api_call(:delete)
       @obj.destroy
-      a_request(:delete, /#{@base}#{uri_paths[:delete]}/).should have_been_made
+      expect(a_request(:delete, /#{@base}#{uri_paths[:delete]}/)).to have_been_made
     end
     it "cannot be destroyed if new" do
@@ -55,12 +55,12 @@ shared_examples_for 'an API object' do
     it "should make a request" do
       stub_api_call(:delete)
       described_class.destroy(first_params)
-      a_request(:delete, /#{@base}#{uri_paths[:delete]}/).should have_been_made
+      expect(a_request(:delete, /#{@base}#{uri_paths[:delete]}/)).to have_been_made
     end
     it "should return result" do
       stub_api_call(:delete)
-      described_class.destroy(first_params).should be_true
+      expect(described_class.destroy(first_params)).to be_truthy
     end
   end
@@ -69,14 +69,14 @@ shared_examples_for 'an API object' do
       stub_api_call(:put)
       obj = described_class.new(create_attributes)
       obj.save
-      a_request(:put, /#{@base}#{uri_paths[:create]}/).should have_been_made
+      expect(a_request(:put, /#{@base}#{uri_paths[:create]}/)).to have_been_made
     end
     it "should call update on a created resource" do
       obj = described_class.new(get_attributes)
       stub_api_call(:post)
       obj.save
-      a_request(:post, /#{@base}#{uri_paths[:update]}/).should have_been_made
+      expect(a_request(:post, /#{@base}#{uri_paths[:update]}/)).to have_been_made
     end
   end
@@ -92,11 +92,11 @@ shared_examples_for 'an API object' do
     it "should make a get request" do
       stub_request(:get, /#{@base}/).to_return(json_response(true, data))
       iterator = described_class.all(get_attributes.merge(page: 1))
-      iterator.should be_instance_of(Enumerator)
+      expect(iterator).to be_instance_of(Enumerator)
       collection = iterator.to_a
-      a_request(:get, /#{@base}#{uri_paths[:create]}/).should have_been_made
-      collection.first.should be_instance_of(described_class)
-      collection.length.should == 3
+      expect(a_request(:get, /#{@base}#{uri_paths[:create]}/)).to have_been_made
+      expect(collection.first).to be_instance_of(described_class)
+      expect(collection.length).to eq(3)
     end
   end
 end

data/survey-gizmo-ruby.gemspec CHANGED Viewed

@@ -24,8 +24,8 @@ Gem::Specification.new do |gem|
   gem.add_dependency 'i18n'
   gem.add_dependency 'virtus', '>= 1.0.0'
-  gem.add_development_dependency 'rspec', '~> 2.11.0'
-  gem.add_development_dependency 'rake'
+  gem.add_development_dependency 'rspec', '~> 3.4.0'
+  gem.add_development_dependency 'rake', '~> 12.0.0'
   gem.add_development_dependency 'webmock'
   gem.add_development_dependency 'yard'

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: survey-gizmo-ruby
 version: !ruby/object:Gem::Version
-  version: 6.2.10
+  version: 6.2.11
 platform: ruby
 authors:
 - Kabari Hendrick
@@ -11,7 +11,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-10-27 00:00:00.000000000 Z
+date: 2016-12-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -143,28 +143,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.11.0
+        version: 3.4.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.11.0
+        version: 3.4.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 12.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 12.0.0
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
@@ -228,6 +228,7 @@ files:
 - lib/survey_gizmo/resource.rb
 - lib/survey_gizmo/version.rb
 - spec/configuration_spec.rb
+- spec/logger_spec.rb
 - spec/resource_spec.rb
 - spec/spec_helper.rb
 - spec/support/methods.rb
@@ -264,6 +265,7 @@ specification_version: 4
 summary: Gem to use the SurveyGizmo.com REST API, v3+
 test_files:
 - spec/configuration_spec.rb
+- spec/logger_spec.rb
 - spec/resource_spec.rb
 - spec/spec_helper.rb
 - spec/support/methods.rb