verboten_keys 1.1.0 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (21) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/ci.yml +4 -4
  3. data/.rubocop.yml +10 -3
  4. data/.tool-versions +1 -1
  5. data/CHANGELOG.md +11 -0
  6. data/Gemfile +1 -1
  7. data/Gemfile.lock +138 -90
  8. data/README.md +9 -2
  9. data/Rakefile +3 -3
  10. data/bin/console +3 -3
  11. data/bin/rspec +29 -0
  12. data/bin/rubocop +29 -0
  13. data/lib/verboten_keys/configuration.rb +17 -2
  14. data/lib/verboten_keys/errors.rb +9 -3
  15. data/lib/verboten_keys/filterer.rb +2 -0
  16. data/lib/verboten_keys/middleware.rb +5 -5
  17. data/lib/verboten_keys/railtie.rb +1 -1
  18. data/lib/verboten_keys/version.rb +1 -1
  19. data/lib/verboten_keys.rb +12 -7
  20. data/verboten_keys.gemspec +20 -20
  21. metadata +34 -30
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: dde874b6a3422af5674b2bb84ea805f45f22d4c3005ba8be44a958c5e8b45205
4
- data.tar.gz: f7aa2967c3e2021db3f4bc72f90e94bb8c2d41d23b86aa687627c2c66059e651
3
+ metadata.gz: f78b3da4aafec5170f249d8346da07228a7a8446981b628e73130951de33ae35
4
+ data.tar.gz: d8dde283b7b64af81be9189a58cfd674240778fec2cccfcc571a32cefead9669
5
5
  SHA512:
6
- metadata.gz: 0402fb83e5bcd05368db47bf8d5d61d6950f74a1d89a35cb21df88bc1db2a90e656116b062576ae6c6a6845f6b652091e3c60ee14cb0116950410a038c8125ec
7
- data.tar.gz: aed00eea946310bdaf4de43303cfc7248c1570f80b4a50bd74f08be82ad1c68c4fd5fb2c55d4025214c9db1cb4c77c29c0f42cd3f6a86a1db5a5ffed9f95a849
6
+ metadata.gz: 6403743465a558bfe649a6ced541556c800c339e30303d8d0e8c7eb1c9e7eebe6490012ad3fe67b6f15deb56e850998190d9b007d90be6574029d7e6ee93bed2
7
+ data.tar.gz: 2233ce7bf948a710cfcffd19b5914037e7027ffa24b1f533755e5092828b236125d42e13a44b1853045d84ca8bf5bf6fe0b973160e23ba66bb00a8af14add0c9
data/.github/workflows/ci.yml CHANGED
@@ -5,7 +5,7 @@ jobs:
5
5
  name: 'Test Suite'
6
6
  strategy:
7
7
  matrix:
8
- ruby: [2.7.6, 3.0.4, 3.1.2]
8
+ ruby: [3.2.8, 3.3.8, 3.4.4]
9
9
  runs-on: ubuntu-latest
10
10
  steps:
11
11
  - uses: actions/checkout@v2
@@ -13,7 +13,7 @@ jobs:
13
13
  with:
14
14
  ruby-version: ${{ matrix.ruby }}
15
15
  bundler-cache: true
16
- - run: bundle exec rake
16
+ - run: bin/rspec
17
17
  lint:
18
18
  name: 'Rubocop'
19
19
  runs-on: ubuntu-latest
@@ -21,6 +21,6 @@ jobs:
21
21
  - uses: actions/checkout@v2
22
22
  - uses: ruby/setup-ruby@v1
23
23
  with:
24
- ruby-version: 3.1
24
+ ruby-version: 3.4.4
25
25
  bundler-cache: true
26
- - run: bundle exec rubocop
26
+ - run: bin/rubocop
data/.rubocop.yml CHANGED
@@ -1,6 +1,10 @@
1
1
  AllCops:
2
2
  NewCops: enable
3
- TargetRubyVersion: 2.7
3
+ SuggestExtensions: false
4
+ TargetRubyVersion: 3.2
5
+
6
+ Gemspec/DevelopmentDependencies:
7
+ Enabled: false
4
8
 
5
9
  Lint/DuplicateMethods:
6
10
  Enabled: false
@@ -21,6 +25,9 @@ Metrics/BlockLength:
21
25
  - 'spec/**/*.rb'
22
26
  - '**/*.gemspec'
23
27
 
28
+ Metrics/AbcSize:
29
+ Enabled: false
30
+
24
31
  Metrics/CyclomaticComplexity:
25
32
  Enabled: false
26
33
 
@@ -32,8 +39,8 @@ Style/Documentation:
32
39
 
33
40
  Style/StringLiterals:
34
41
  Enabled: true
35
- EnforcedStyle: single_quotes
42
+ EnforcedStyle: double_quotes
36
43
 
37
44
  Style/StringLiteralsInInterpolation:
38
45
  Enabled: true
39
- EnforcedStyle: single_quotes
46
+ EnforcedStyle: double_quotes
data/.tool-versions CHANGED
@@ -1 +1 @@
1
- ruby 2.7.6
1
+ ruby 3.2.0
data/CHANGELOG.md CHANGED
@@ -1,5 +1,16 @@
1
1
  # Changelog
2
2
 
3
+ ## 1.2.0 - June 22, 2025
4
+
5
+ * **New**: Added `:raise` strategy option. When set, Verboten Keys will raise a `VerbotenKeys::ForbiddenKeyError` if a forbidden key is found in the response body.
6
+ * **New**: Added a configuration option, `include_rails_filter_parameters`, to automatically include Rails' `config.filter_parameters` in the forbidden keys list.
7
+ * **New**: Support for Ruby versions 3.2, 3.3, and 3.4.
8
+ * **Removed**: I've removed support for Ruby 2.7, 3.0, and 3.1. The new minimum supported Ruby version is 3.2.0.
9
+
10
+ ## 1.1.1 - October 24, 2022
11
+
12
+ * **Fixed**: Updated the `nokogiri` dependency to protect against [CVE-2022-2309](https://nvd.nist.gov/vuln/detail/CVE-2022-2309), [CVE-2022-40304](https://nvd.nist.gov/vuln/detail/CVE-2022-40304), [CVE-2022-40303](https://nvd.nist.gov/vuln/detail/CVE-2022-40303), and [CVE-2022-37434](https://ubuntu.com/security/CVE-2022-37434).
13
+
3
14
  ## 1.1.0 - October 16, 2022
4
15
 
5
16
  * **New**: Support for Ruby version 3.1.
data/Gemfile CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- source 'https://rubygems.org'
3
+ source "https://rubygems.org"
4
4
 
5
5
  gemspec
data/Gemfile.lock CHANGED
@@ -1,127 +1,175 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- verboten_keys (1.1.0)
5
- rack (>= 1.0, < 3)
4
+ verboten_keys (1.2.0)
5
+ rack (>= 1.0, < 4)
6
6
 
7
7
  GEM
8
8
  remote: https://rubygems.org/
9
9
  specs:
10
- actionpack (6.1.7)
11
- actionview (= 6.1.7)
12
- activesupport (= 6.1.7)
13
- rack (~> 2.0, >= 2.0.9)
10
+ actionpack (8.0.2)
11
+ actionview (= 8.0.2)
12
+ activesupport (= 8.0.2)
13
+ nokogiri (>= 1.8.5)
14
+ rack (>= 2.2.4)
15
+ rack-session (>= 1.0.1)
14
16
  rack-test (>= 0.6.3)
15
- rails-dom-testing (~> 2.0)
16
- rails-html-sanitizer (~> 1.0, >= 1.2.0)
17
- actionview (6.1.7)
18
- activesupport (= 6.1.7)
17
+ rails-dom-testing (~> 2.2)
18
+ rails-html-sanitizer (~> 1.6)
19
+ useragent (~> 0.16)
20
+ actionview (8.0.2)
21
+ activesupport (= 8.0.2)
19
22
  builder (~> 3.1)
20
- erubi (~> 1.4)
21
- rails-dom-testing (~> 2.0)
22
- rails-html-sanitizer (~> 1.1, >= 1.2.0)
23
- activesupport (6.1.7)
24
- concurrent-ruby (~> 1.0, >= 1.0.2)
23
+ erubi (~> 1.11)
24
+ rails-dom-testing (~> 2.2)
25
+ rails-html-sanitizer (~> 1.6)
26
+ activesupport (8.0.2)
27
+ base64
28
+ benchmark (>= 0.3)
29
+ bigdecimal
30
+ concurrent-ruby (~> 1.0, >= 1.3.1)
31
+ connection_pool (>= 2.2.5)
32
+ drb
25
33
  i18n (>= 1.6, < 2)
34
+ logger (>= 1.4.2)
26
35
  minitest (>= 5.1)
27
- tzinfo (~> 2.0)
28
- zeitwerk (~> 2.3)
29
- ast (2.4.2)
30
- builder (3.2.4)
31
- concurrent-ruby (1.1.10)
36
+ securerandom (>= 0.3)
37
+ tzinfo (~> 2.0, >= 2.0.5)
38
+ uri (>= 0.13.1)
39
+ ast (2.4.3)
40
+ base64 (0.3.0)
41
+ benchmark (0.4.1)
42
+ bigdecimal (3.2.2)
43
+ builder (3.3.0)
44
+ concurrent-ruby (1.3.5)
45
+ connection_pool (2.5.3)
32
46
  crass (1.0.6)
33
- diff-lcs (1.5.0)
34
- erubi (1.11.0)
35
- i18n (1.12.0)
47
+ date (3.4.1)
48
+ diff-lcs (1.6.2)
49
+ drb (2.2.3)
50
+ erb (5.0.1)
51
+ erubi (1.13.1)
52
+ i18n (1.14.7)
36
53
  concurrent-ruby (~> 1.0)
37
- json (2.6.2)
38
- loofah (2.19.0)
54
+ io-console (0.8.0)
55
+ irb (1.15.2)
56
+ pp (>= 0.6.0)
57
+ rdoc (>= 4.0.0)
58
+ reline (>= 0.4.2)
59
+ json (2.12.2)
60
+ language_server-protocol (3.17.0.5)
61
+ lint_roller (1.1.0)
62
+ logger (1.7.0)
63
+ loofah (2.24.1)
39
64
  crass (~> 1.0.2)
40
- nokogiri (>= 1.5.9)
41
- method_source (1.0.0)
42
- mini_portile2 (2.8.0)
43
- minitest (5.16.3)
44
- nokogiri (1.13.8)
45
- mini_portile2 (~> 2.8.0)
65
+ nokogiri (>= 1.12.0)
66
+ minitest (5.25.5)
67
+ nokogiri (1.18.8-arm64-darwin)
46
68
  racc (~> 1.4)
47
- nokogiri (1.13.8-x86_64-darwin)
69
+ nokogiri (1.18.8-x86_64-linux-gnu)
48
70
  racc (~> 1.4)
49
- nokogiri (1.13.8-x86_64-linux)
50
- racc (~> 1.4)
51
- parallel (1.22.1)
52
- parser (3.1.2.1)
71
+ parallel (1.27.0)
72
+ parser (3.3.8.0)
53
73
  ast (~> 2.4.1)
54
- racc (1.6.0)
55
- rack (2.2.4)
56
- rack-test (2.0.2)
74
+ racc
75
+ pp (0.6.2)
76
+ prettyprint
77
+ prettyprint (0.2.0)
78
+ prism (1.4.0)
79
+ psych (5.2.6)
80
+ date
81
+ stringio
82
+ racc (1.8.1)
83
+ rack (3.1.16)
84
+ rack-session (2.1.1)
85
+ base64 (>= 0.1.0)
86
+ rack (>= 3.0.0)
87
+ rack-test (2.2.0)
57
88
  rack (>= 1.3)
58
- rails-dom-testing (2.0.3)
59
- activesupport (>= 4.2.0)
89
+ rackup (2.2.1)
90
+ rack (>= 3)
91
+ rails-dom-testing (2.3.0)
92
+ activesupport (>= 5.0.0)
93
+ minitest
60
94
  nokogiri (>= 1.6)
61
- rails-html-sanitizer (1.4.3)
62
- loofah (~> 2.3)
63
- railties (6.1.7)
64
- actionpack (= 6.1.7)
65
- activesupport (= 6.1.7)
66
- method_source
95
+ rails-html-sanitizer (1.6.2)
96
+ loofah (~> 2.21)
97
+ nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
98
+ railties (8.0.2)
99
+ actionpack (= 8.0.2)
100
+ activesupport (= 8.0.2)
101
+ irb (~> 1.13)
102
+ rackup (>= 1.0.0)
67
103
  rake (>= 12.2)
68
- thor (~> 1.0)
104
+ thor (~> 1.0, >= 1.2.2)
105
+ zeitwerk (~> 2.6)
69
106
  rainbow (3.1.1)
70
- rake (13.0.6)
71
- regexp_parser (2.6.0)
72
- rexml (3.2.5)
73
- rspec (3.11.0)
74
- rspec-core (~> 3.11.0)
75
- rspec-expectations (~> 3.11.0)
76
- rspec-mocks (~> 3.11.0)
77
- rspec-core (3.11.0)
78
- rspec-support (~> 3.11.0)
79
- rspec-expectations (3.11.1)
107
+ rake (13.3.0)
108
+ rdoc (6.14.1)
109
+ erb
110
+ psych (>= 4.0.0)
111
+ regexp_parser (2.10.0)
112
+ reline (0.6.1)
113
+ io-console (~> 0.5)
114
+ rspec (3.13.1)
115
+ rspec-core (~> 3.13.0)
116
+ rspec-expectations (~> 3.13.0)
117
+ rspec-mocks (~> 3.13.0)
118
+ rspec-core (3.13.4)
119
+ rspec-support (~> 3.13.0)
120
+ rspec-expectations (3.13.5)
80
121
  diff-lcs (>= 1.2.0, < 2.0)
81
- rspec-support (~> 3.11.0)
82
- rspec-mocks (3.11.1)
122
+ rspec-support (~> 3.13.0)
123
+ rspec-mocks (3.13.5)
83
124
  diff-lcs (>= 1.2.0, < 2.0)
84
- rspec-support (~> 3.11.0)
85
- rspec-support (3.11.1)
86
- rubocop (1.36.0)
125
+ rspec-support (~> 3.13.0)
126
+ rspec-support (3.13.4)
127
+ rubocop (1.77.0)
87
128
  json (~> 2.3)
129
+ language_server-protocol (~> 3.17.0.2)
130
+ lint_roller (~> 1.1.0)
88
131
  parallel (~> 1.10)
89
- parser (>= 3.1.2.1)
132
+ parser (>= 3.3.0.2)
90
133
  rainbow (>= 2.2.2, < 4.0)
91
- regexp_parser (>= 1.8, < 3.0)
92
- rexml (>= 3.2.5, < 4.0)
93
- rubocop-ast (>= 1.20.1, < 2.0)
134
+ regexp_parser (>= 2.9.3, < 3.0)
135
+ rubocop-ast (>= 1.45.1, < 2.0)
94
136
  ruby-progressbar (~> 1.7)
95
- unicode-display_width (>= 1.4.0, < 3.0)
96
- rubocop-ast (1.21.0)
97
- parser (>= 3.1.1.0)
98
- rubocop-rake (0.6.0)
99
- rubocop (~> 1.0)
100
- rubocop-rspec (2.13.2)
101
- rubocop (~> 1.33)
102
- ruby-progressbar (1.11.0)
103
- thor (1.2.1)
104
- tzinfo (2.0.5)
137
+ unicode-display_width (>= 2.4.0, < 4.0)
138
+ rubocop-ast (1.45.1)
139
+ parser (>= 3.3.7.2)
140
+ prism (~> 1.4)
141
+ rubocop-rake (0.7.1)
142
+ lint_roller (~> 1.1)
143
+ rubocop (>= 1.72.1)
144
+ rubocop-rspec (3.6.0)
145
+ lint_roller (~> 1.1)
146
+ rubocop (~> 1.72, >= 1.72.1)
147
+ ruby-progressbar (1.13.0)
148
+ securerandom (0.4.1)
149
+ stringio (3.1.7)
150
+ thor (1.3.2)
151
+ tzinfo (2.0.6)
105
152
  concurrent-ruby (~> 1.0)
106
- unicode-display_width (2.3.0)
107
- zeitwerk (2.6.1)
153
+ unicode-display_width (3.1.4)
154
+ unicode-emoji (~> 4.0, >= 4.0.4)
155
+ unicode-emoji (4.0.4)
156
+ uri (1.0.3)
157
+ useragent (0.16.11)
158
+ zeitwerk (2.7.3)
108
159
 
109
160
  PLATFORMS
110
- ruby
111
- x86_64-darwin-20
112
- x86_64-darwin-21
113
- x86_64-darwin-22
161
+ arm64-darwin-25
114
162
  x86_64-linux
115
163
 
116
164
  DEPENDENCIES
117
- activesupport (~> 6.1)
165
+ activesupport
118
166
  railties (>= 4.2)
119
- rake (~> 13.0)
120
- rspec (~> 3.0)
121
- rubocop (~> 1.7)
122
- rubocop-rake (~> 0.5)
123
- rubocop-rspec (~> 2.3)
167
+ rake
168
+ rspec
169
+ rubocop
170
+ rubocop-rake
171
+ rubocop-rspec
124
172
  verboten_keys!
125
173
 
126
174
  BUNDLED WITH
127
- 2.3.23
175
+ 2.4.1
data/README.md CHANGED
@@ -68,20 +68,27 @@ You should include it last, so nothing gets missed when the middleware parses an
68
68
  Every application has its own security needs, and Verboten Keys is designed to be configurable, so you can get it just so. To configure Verboten Keys, simply call its `configure` method, which yields a block with the current configuration:
69
69
 
70
70
  ```ruby
71
- # In config/initializers/verbotten_keys.rb:
71
+ # In config/initializers/verboten_keys.rb:
72
72
 
73
73
  VerbotenKeys.configure do |config|
74
74
  config.forbidden_keys = [:deepest_secret, :secret_token]
75
75
  config.strategy = :remove
76
+ config.include_rails_filter_parameters = true
76
77
  end
77
78
  ```
78
79
 
79
80
  The `forbidden_keys` option lets you set the keys that will be filtered out of the response. It takes an array of symbols, and will raise an error if it's not in the right format. You should include all of the columns and attributes you absolutely do not want to ever leak from your API. The default value is `[]`, which means you need to set this up otherwise Verboten Keys won't do anything.
80
81
 
81
- The `strategy` option lets you pick how Verboten Keys should handle a forbidden key it finds. The default value is `:remove`. Acceptable options are `:remove` and `:nullify`:
82
+ The `strategy` option lets you pick how Verboten Keys should handle a forbidden key it finds. The default value is `:remove`. Acceptable options are `:remove`, `:nullify`, and `:raise`:
82
83
 
83
84
  * `:remove` removes the key-value pair from the JSON response body, so it looks like the JSON object never had the key-value pair in the first place.
84
85
  * `:nullify` leaves the key in the JSON response, but it will nullify the value, so any forbidden values will always appear to be `nil`.
86
+ * `:raise` will raise a `VerbotenKeys::ForbiddenKeyError` if a forbidden key is found in the response body.
87
+
88
+ The `include_rails_filter_parameters` option automatically includes Rails' existing `config.filter_parameters` in the forbidden keys list. The default value is `false`. When enabled with `true`, Verboten Keys automatically merges Rails' filter parameters with any custom `forbidden_keys` you specify.
89
+
90
+ > [!WARNING]
91
+ > This option is only available for Rails apps. If you enable it in a non-Rails app, it will raise an error.
85
92
 
86
93
  ## Contributing
87
94
 
data/Rakefile CHANGED
@@ -1,11 +1,11 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require 'bundler/gem_tasks'
4
- require 'rspec/core/rake_task'
3
+ require "bundler/gem_tasks"
4
+ require "rspec/core/rake_task"
5
5
 
6
6
  RSpec::Core::RakeTask.new(:spec)
7
7
 
8
- require 'rubocop/rake_task'
8
+ require "rubocop/rake_task"
9
9
 
10
10
  RuboCop::RakeTask.new
11
11
 
data/bin/console CHANGED
@@ -1,8 +1,8 @@
1
1
  #!/usr/bin/env ruby
2
2
  # frozen_string_literal: true
3
3
 
4
- require 'bundler/setup'
5
- require 'verboten_keys'
4
+ require "bundler/setup"
5
+ require "verboten_keys"
6
6
 
7
7
  # You can add fixtures and/or initialization code here to make experimenting
8
8
  # with your gem easier. You can also use a different console, if you like.
@@ -11,5 +11,5 @@ require 'verboten_keys'
11
11
  # require "pry"
12
12
  # Pry.start
13
13
 
14
- require 'irb'
14
+ require "irb"
15
15
  IRB.start(__FILE__)
data/bin/rspec ADDED
@@ -0,0 +1,29 @@
1
+ #!/usr/bin/env ruby
2
+ # frozen_string_literal: true
3
+
4
+ #
5
+ # This file was generated by Bundler.
6
+ #
7
+ # The application 'rspec' is installed as part of a gem, and
8
+ # this file is here to facilitate running it.
9
+ #
10
+
11
+ require "pathname"
12
+ ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
13
+ Pathname.new(__FILE__).realpath)
14
+
15
+ bundle_binstub = File.expand_path("bundle", __dir__)
16
+
17
+ if File.file?(bundle_binstub)
18
+ if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/
19
+ load(bundle_binstub)
20
+ else
21
+ abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
22
+ Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
23
+ end
24
+ end
25
+
26
+ require "rubygems"
27
+ require "bundler/setup"
28
+
29
+ load Gem.bin_path("rspec-core", "rspec")
data/bin/rubocop ADDED
@@ -0,0 +1,29 @@
1
+ #!/usr/bin/env ruby
2
+ # frozen_string_literal: true
3
+
4
+ #
5
+ # This file was generated by Bundler.
6
+ #
7
+ # The application 'rubocop' is installed as part of a gem, and
8
+ # this file is here to facilitate running it.
9
+ #
10
+
11
+ require "pathname"
12
+ ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
13
+ Pathname.new(__FILE__).realpath)
14
+
15
+ bundle_binstub = File.expand_path("bundle", __dir__)
16
+
17
+ if File.file?(bundle_binstub)
18
+ if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/
19
+ load(bundle_binstub)
20
+ else
21
+ abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
22
+ Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
23
+ end
24
+ end
25
+
26
+ require "rubygems"
27
+ require "bundler/setup"
28
+
29
+ load Gem.bin_path("rubocop", "rubocop")
data/lib/verboten_keys/configuration.rb CHANGED
@@ -2,13 +2,28 @@
2
2
 
3
3
  module VerbotenKeys
4
4
  class Configuration
5
- STRATEGIES = %i[remove nullify].freeze
5
+ STRATEGIES = %i[remove nullify raise].freeze
6
6
 
7
- attr_accessor :forbidden_keys, :strategy
7
+ attr_accessor :strategy, :include_rails_filter_parameters
8
+ attr_writer :forbidden_keys
8
9
 
9
10
  def initialize
10
11
  @forbidden_keys = []
11
12
  @strategy = :remove
13
+ @include_rails_filter_parameters = false
14
+ end
15
+
16
+ def forbidden_keys
17
+ keys = @forbidden_keys.dup
18
+
19
+ if @include_rails_filter_parameters
20
+ raise VerbotenKeys::Errors::RailsNotAvailableError unless defined?(Rails)
21
+
22
+ rails_params = Rails.application.config.filter_parameters.map(&:to_sym)
23
+ keys = (keys + rails_params).uniq
24
+ end
25
+
26
+ keys
12
27
  end
13
28
 
14
29
  def forbidden_keys=(new_forbidden_keys)
data/lib/verboten_keys/errors.rb CHANGED
@@ -4,7 +4,7 @@ module VerbotenKeys
4
4
  module Errors
5
5
  class ForbiddenKeysMustBeAnArrayError < StandardError
6
6
  def initialize(invalid_forbidden_keys)
7
- invalid_forbidden_keys_string = invalid_forbidden_keys&.to_s || 'nil'
7
+ invalid_forbidden_keys_string = invalid_forbidden_keys&.to_s || "nil"
8
8
  invalid_forbidden_keys_class = invalid_forbidden_keys.class.to_s
9
9
  super("VerbotenKeys' forbidden_keys must be an array of symbols. You passed in #{invalid_forbidden_keys_string}, which was a #{invalid_forbidden_keys_class}.")
10
10
  end
@@ -12,7 +12,7 @@ module VerbotenKeys
12
12
 
13
13
  class ForbiddenKeysMustOnlyContainSymbolsError < StandardError
14
14
  def initialize(invalid_forbidden_keys, invalid_forbidden_key)
15
- invalid_forbidden_key_string = invalid_forbidden_key&.to_s || 'nil'
15
+ invalid_forbidden_key_string = invalid_forbidden_key&.to_s || "nil"
16
16
  invalid_forbidden_key_class = invalid_forbidden_key.class.to_s
17
17
  super("VerbotenKeys' forbidden_keys must be an array of symbols. You passed in #{invalid_forbidden_keys}, which included #{invalid_forbidden_key_string}, which was a #{invalid_forbidden_key_class}")
18
18
  end
@@ -20,7 +20,7 @@ module VerbotenKeys
20
20
 
21
21
  class StrategyMustBeASymbolError < StandardError
22
22
  def initialize(invalid_strategy)
23
- invalid_strategy_string = invalid_strategy&.to_s || 'nil'
23
+ invalid_strategy_string = invalid_strategy&.to_s || "nil"
24
24
  invalid_strategy_class = invalid_strategy.class.to_s
25
25
  super("VerbotenKeys' strategy must be a symbol. You passed in #{invalid_strategy_string}, which was a #{invalid_strategy_class}.")
26
26
  end
@@ -31,5 +31,11 @@ module VerbotenKeys
31
31
  super("VerbotenKeys' strategy must be a valid option. You passed in :#{invalid_strategy}, but the only valid options are: #{VerbotenKeys::Configuration::STRATEGIES}.")
32
32
  end
33
33
  end
34
+
35
+ class RailsNotAvailableError < StandardError
36
+ def initialize
37
+ super("Rails integration is enabled but Rails is not available. Either disable include_rails_filter_parameters or ensure Rails is loaded.")
38
+ end
39
+ end
34
40
  end
35
41
  end
data/lib/verboten_keys/filterer.rb CHANGED
@@ -17,6 +17,8 @@ module VerbotenKeys
17
17
  return [nil, nil]
18
18
  when :nullify
19
19
  return [key, nil]
20
+ when :raise
21
+ raise VerbotenKeys::ForbiddenKeyError, key
20
22
  else
21
23
  raise VerbotenKeys::Errors::StrategyNotFoundError(VerbotenKeys.configuration.strategy)
22
24
  end
data/lib/verboten_keys/middleware.rb CHANGED
@@ -24,7 +24,7 @@ module VerbotenKeys
24
24
 
25
25
  new_response = VerbotenKeys::Filterer.filter_forbidden_keys(response_body_as_a_hash).to_json
26
26
 
27
- @headers['Content-Length'] = new_response.bytesize.to_s
27
+ @headers["Content-Length"] = new_response.bytesize.to_s
28
28
  @response = [new_response]
29
29
  end
30
30
 
@@ -34,16 +34,16 @@ module VerbotenKeys
34
34
  # @return [Boolean] True if the content type of the response if JSON, and
35
35
  # false if it is not.
36
36
  def content_type_is_json?
37
- return false if @headers['Content-Type'].nil?
37
+ return false if @headers["Content-Type"].nil?
38
38
 
39
- @headers['Content-Type'].split(';').first == 'application/json'
39
+ @headers["Content-Type"].split(";").first == "application/json"
40
40
  end
41
41
 
42
42
  def response_body_as_a_hash
43
43
  if @response.is_a? Array
44
- JSON.parse(@response.first || '{}')
44
+ JSON.parse(@response.first || "{}")
45
45
  else
46
- JSON.parse(@response.body || '{}')
46
+ JSON.parse(@response.body || "{}")
47
47
  end
48
48
  end
49
49
  end
data/lib/verboten_keys/railtie.rb CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  module VerbotenKeys
4
4
  class Railtie < ::Rails::Railtie
5
- initializer 'verboten_keys.middleware' do |app|
5
+ initializer "verboten_keys.middleware" do |app|
6
6
  app.middleware.use VerbotenKeys::Middleware
7
7
  end
8
8
  end
data/lib/verboten_keys/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module VerbotenKeys
4
- VERSION = '1.1.0'
4
+ VERSION = "1.2.0"
5
5
  end
data/lib/verboten_keys.rb CHANGED
@@ -1,15 +1,20 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require 'rack'
3
+ require "rack"
4
4
 
5
- require_relative 'verboten_keys/version'
6
- require_relative 'verboten_keys/errors'
7
- require_relative 'verboten_keys/configuration'
8
- require_relative 'verboten_keys/filterer'
9
- require_relative 'verboten_keys/middleware'
10
- require_relative 'verboten_keys/railtie' if defined?(::Rails)
5
+ require_relative "verboten_keys/version"
6
+ require_relative "verboten_keys/errors"
7
+ require_relative "verboten_keys/configuration"
8
+ require_relative "verboten_keys/filterer"
9
+ require_relative "verboten_keys/middleware"
10
+ require_relative "verboten_keys/railtie" if defined?(Rails)
11
11
 
12
12
  module VerbotenKeys
13
+ class ForbiddenKeyError < StandardError
14
+ def initialize(key)
15
+ super("Forbidden key '#{key}' found in response")
16
+ end
17
+ end
13
18
  class << self
14
19
  attr_accessor :configuration
15
20
 
data/verboten_keys.gemspec CHANGED
@@ -1,34 +1,34 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require_relative 'lib/verboten_keys/version'
3
+ require_relative "lib/verboten_keys/version"
4
4
 
5
5
  Gem::Specification.new do |spec|
6
- spec.name = 'verboten_keys'
6
+ spec.name = "verboten_keys"
7
7
  spec.version = VerbotenKeys::VERSION
8
- spec.authors = ['Tom Pritchard']
9
- spec.email = ['tom@tpritc.com']
8
+ spec.authors = ["Tom Pritchard"]
9
+ spec.email = ["tom@tpritc.com"]
10
10
 
11
- spec.summary = 'Verboten Keys is a last line of defense to help prevent you and your team from accidentally leaking private information via your APIs.'
12
- spec.homepage = 'https://github.com/tpritc/verboten_keys'
13
- spec.license = 'MIT'
14
- spec.required_ruby_version = Gem::Requirement.new('>= 2.7.0')
11
+ spec.summary = "Verboten Keys is a last line of defense to help prevent you and your team from accidentally leaking private information via your APIs."
12
+ spec.homepage = "https://github.com/tpritc/verboten_keys"
13
+ spec.license = "MIT"
14
+ spec.required_ruby_version = Gem::Requirement.new(">= 3.2.0")
15
15
 
16
- spec.metadata['source_code_uri'] = 'https://github.com/tpritc/verboten_keys'
17
- spec.metadata['changelog_uri'] = 'https://github.com/tpritc/verboten_keys/blob/main/CHANGELOG.md'
16
+ spec.metadata["source_code_uri"] = "https://github.com/tpritc/verboten_keys"
17
+ spec.metadata["changelog_uri"] = "https://github.com/tpritc/verboten_keys/blob/main/CHANGELOG.md"
18
18
 
19
19
  spec.files = Dir.chdir(File.expand_path(__dir__)) do
20
20
  `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
21
21
  end
22
22
  spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
23
- spec.require_paths = ['lib']
23
+ spec.require_paths = ["lib"]
24
24
 
25
- spec.add_runtime_dependency 'rack', '>= 1.0', '< 3'
26
- spec.add_development_dependency 'activesupport', '~> 6.1'
27
- spec.add_development_dependency 'railties', '>= 4.2'
28
- spec.add_development_dependency 'rake', '~> 13.0'
29
- spec.add_development_dependency 'rspec', '~> 3.0'
30
- spec.add_development_dependency 'rubocop', '~> 1.7'
31
- spec.add_development_dependency 'rubocop-rake', '~> 0.5'
32
- spec.add_development_dependency 'rubocop-rspec', '~> 2.3'
33
- spec.metadata['rubygems_mfa_required'] = 'true'
25
+ spec.add_dependency "rack", ">= 1.0", "< 4"
26
+ spec.add_development_dependency "activesupport"
27
+ spec.add_development_dependency "railties", ">= 4.2"
28
+ spec.add_development_dependency "rake"
29
+ spec.add_development_dependency "rspec"
30
+ spec.add_development_dependency "rubocop"
31
+ spec.add_development_dependency "rubocop-rake"
32
+ spec.add_development_dependency "rubocop-rspec"
33
+ spec.metadata["rubygems_mfa_required"] = "true"
34
34
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: verboten_keys
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.0
4
+ version: 1.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tom Pritchard
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-10-16 00:00:00.000000000 Z
11
+ date: 2025-06-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rack
@@ -19,7 +19,7 @@ dependencies:
19
19
  version: '1.0'
20
20
  - - "<"
21
21
  - !ruby/object:Gem::Version
22
- version: '3'
22
+ version: '4'
23
23
  type: :runtime
24
24
  prerelease: false
25
25
  version_requirements: !ruby/object:Gem::Requirement
@@ -29,21 +29,21 @@ dependencies:
29
29
  version: '1.0'
30
30
  - - "<"
31
31
  - !ruby/object:Gem::Version
32
- version: '3'
32
+ version: '4'
33
33
  - !ruby/object:Gem::Dependency
34
34
  name: activesupport
35
35
  requirement: !ruby/object:Gem::Requirement
36
36
  requirements:
37
- - - "~>"
37
+ - - ">="
38
38
  - !ruby/object:Gem::Version
39
- version: '6.1'
39
+ version: '0'
40
40
  type: :development
41
41
  prerelease: false
42
42
  version_requirements: !ruby/object:Gem::Requirement
43
43
  requirements:
44
- - - "~>"
44
+ - - ">="
45
45
  - !ruby/object:Gem::Version
46
- version: '6.1'
46
+ version: '0'
47
47
  - !ruby/object:Gem::Dependency
48
48
  name: railties
49
49
  requirement: !ruby/object:Gem::Requirement
@@ -62,77 +62,79 @@ dependencies:
62
62
  name: rake
63
63
  requirement: !ruby/object:Gem::Requirement
64
64
  requirements:
65
- - - "~>"
65
+ - - ">="
66
66
  - !ruby/object:Gem::Version
67
- version: '13.0'
67
+ version: '0'
68
68
  type: :development
69
69
  prerelease: false
70
70
  version_requirements: !ruby/object:Gem::Requirement
71
71
  requirements:
72
- - - "~>"
72
+ - - ">="
73
73
  - !ruby/object:Gem::Version
74
- version: '13.0'
74
+ version: '0'
75
75
  - !ruby/object:Gem::Dependency
76
76
  name: rspec
77
77
  requirement: !ruby/object:Gem::Requirement
78
78
  requirements:
79
- - - "~>"
79
+ - - ">="
80
80
  - !ruby/object:Gem::Version
81
- version: '3.0'
81
+ version: '0'
82
82
  type: :development
83
83
  prerelease: false
84
84
  version_requirements: !ruby/object:Gem::Requirement
85
85
  requirements:
86
- - - "~>"
86
+ - - ">="
87
87
  - !ruby/object:Gem::Version
88
- version: '3.0'
88
+ version: '0'
89
89
  - !ruby/object:Gem::Dependency
90
90
  name: rubocop
91
91
  requirement: !ruby/object:Gem::Requirement
92
92
  requirements:
93
- - - "~>"
93
+ - - ">="
94
94
  - !ruby/object:Gem::Version
95
- version: '1.7'
95
+ version: '0'
96
96
  type: :development
97
97
  prerelease: false
98
98
  version_requirements: !ruby/object:Gem::Requirement
99
99
  requirements:
100
- - - "~>"
100
+ - - ">="
101
101
  - !ruby/object:Gem::Version
102
- version: '1.7'
102
+ version: '0'
103
103
  - !ruby/object:Gem::Dependency
104
104
  name: rubocop-rake
105
105
  requirement: !ruby/object:Gem::Requirement
106
106
  requirements:
107
- - - "~>"
107
+ - - ">="
108
108
  - !ruby/object:Gem::Version
109
- version: '0.5'
109
+ version: '0'
110
110
  type: :development
111
111
  prerelease: false
112
112
  version_requirements: !ruby/object:Gem::Requirement
113
113
  requirements:
114
- - - "~>"
114
+ - - ">="
115
115
  - !ruby/object:Gem::Version
116
- version: '0.5'
116
+ version: '0'
117
117
  - !ruby/object:Gem::Dependency
118
118
  name: rubocop-rspec
119
119
  requirement: !ruby/object:Gem::Requirement
120
120
  requirements:
121
- - - "~>"
121
+ - - ">="
122
122
  - !ruby/object:Gem::Version
123
- version: '2.3'
123
+ version: '0'
124
124
  type: :development
125
125
  prerelease: false
126
126
  version_requirements: !ruby/object:Gem::Requirement
127
127
  requirements:
128
- - - "~>"
128
+ - - ">="
129
129
  - !ruby/object:Gem::Version
130
- version: '2.3'
130
+ version: '0'
131
131
  description:
132
132
  email:
133
133
  - tom@tpritc.com
134
134
  executables:
135
135
  - console
136
+ - rspec
137
+ - rubocop
136
138
  - setup
137
139
  extensions: []
138
140
  extra_rdoc_files: []
@@ -150,6 +152,8 @@ files:
150
152
  - README.md
151
153
  - Rakefile
152
154
  - bin/console
155
+ - bin/rspec
156
+ - bin/rubocop
153
157
  - bin/setup
154
158
  - lib/verboten_keys.rb
155
159
  - lib/verboten_keys/configuration.rb
@@ -174,14 +178,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
174
178
  requirements:
175
179
  - - ">="
176
180
  - !ruby/object:Gem::Version
177
- version: 2.7.0
181
+ version: 3.2.0
178
182
  required_rubygems_version: !ruby/object:Gem::Requirement
179
183
  requirements:
180
184
  - - ">="
181
185
  - !ruby/object:Gem::Version
182
186
  version: '0'
183
187
  requirements: []
184
- rubygems_version: 3.1.6
188
+ rubygems_version: 3.4.1
185
189
  signing_key:
186
190
  specification_version: 4
187
191
  summary: Verboten Keys is a last line of defense to help prevent you and your team