Class: Aspera::SecretHider

Inherits:
Object
  • Object
show all
Defined in:
lib/aspera/secret_hider.rb

Overview

remove secret from logs and output

Constant Summary collapse

FALSE_POSITIVES = 
[/^access_key$/].freeze

Class Attribute Summary collapse

Class Method Summary collapse

Class Attribute Details

.log_secretsObject

Returns the value of attribute log_secrets.



34
35
36
 
# File 'lib/aspera/secret_hider.rb', line 34

def log_secrets
  @log_secrets
end

Class Method Details

.deep_remove_secret(obj, is_name_value: false) ⇒ Object 



59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
 
# File 'lib/aspera/secret_hider.rb', line 59

def deep_remove_secret(obj, is_name_value: false)
  case obj
  when Array
    if is_name_value
      obj.each do |i|
        i['value'] = HIDDEN_PASSWORD if secret?(i['parameter'], i['value'])
      end
    else
      obj.each{|i|deep_remove_secret(i)}
    end
  when Hash
    obj.each do |k, v|
      if secret?(k, v)
        obj[k] = HIDDEN_PASSWORD
      elsif obj[k].is_a?(Hash)
        deep_remove_secret(obj[k])
      end
    end
  end
  return obj
end

.log_formatter(original_formatter) ⇒ Object 



36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/aspera/secret_hider.rb', line 36

def log_formatter(original_formatter)
  original_formatter ||= Logger::Formatter.new
  # NOTE: that @log_secrets may be set AFTER this init is done, so it's done at runtime
  return lambda do |severity, date_time, program_name, msg|
    if msg.is_a?(String) && !@log_secrets
      REGEX_LOG_REPLACES.each do |reg_ex|
        msg = msg.gsub(reg_ex){"#{Regexp.last_match(:begin)}#{HIDDEN_PASSWORD}#{Regexp.last_match(:end)}"}
      end
    end
    original_formatter.call(severity, date_time, program_name, msg)
  end
end

.secret?(keyword, value) ⇒ Boolean

Returns:

  • (Boolean) 


49
50
51
52
53
54
55
56
57
 
# File 'lib/aspera/secret_hider.rb', line 49

def secret?(keyword, value)
  keyword = keyword.to_s if keyword.is_a?(Symbol)
  # only Strings can be secrets, not booleans, or hash, arrays
  return false unless keyword.is_a?(String) && value.is_a?(String)
  # those are not secrets
  return false if FALSE_POSITIVES.any?{|f|f.match?(keyword)}
  # check if keyword (name) contains an element that designate it as a secret
  ALL_SECRETS.any?{|kw|keyword.include?(kw)}
end