Class: Aspera::SecretHider

Inherits:
Object
  • Object
show all
Defined in:
lib/aspera/secret_hider.rb

Overview

remove secret from logs and output

Constant Summary collapse

ADDITIONAL_KEYS_TO_HIDE =

configurable:

[]
ALL_SECRETS2 = 
[KEY_SECRETS, HTTP_SECRETS].flatten.freeze

Class Attribute Summary collapse

Class Method Summary collapse

Class Attribute Details

.log_secretsObject

Returns the value of attribute log_secrets.



39
40
41
 
# File 'lib/aspera/secret_hider.rb', line 39

def log_secrets
  @log_secrets
end

Class Method Details

.deep_remove_secret(obj) ⇒ Object 



65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
 
# File 'lib/aspera/secret_hider.rb', line 65

def deep_remove_secret(obj)
  case obj
  when Array
    obj.each{|i|deep_remove_secret(i)}
  when Hash
    obj.each do |k, v|
      if secret?(k, v)
        obj[k] = HIDDEN_PASSWORD
      elsif obj[k].is_a?(Hash)
        deep_remove_secret(obj[k])
      end
    end
  end
  return obj
end

.log_formatter(original_formatter) ⇒ Object 



41
42
43
44
45
46
47
48
49
50
51
52
 
# File 'lib/aspera/secret_hider.rb', line 41

def log_formatter(original_formatter)
  original_formatter ||= Logger::Formatter.new
  # NOTE: that @log_secrets may be set AFTER this init is done, so it's done at runtime
  return lambda do |severity, date_time, program_name, msg|
    if msg.is_a?(String) && !@log_secrets
      REGEX_LOG_REPLACES.each do |reg_ex|
        msg = msg.gsub(reg_ex){"#{Regexp.last_match(:begin)}#{HIDDEN_PASSWORD}#{Regexp.last_match(:end)}"}
      end
    end
    original_formatter.call(severity, date_time, program_name, msg)
  end
end

.secret?(keyword, value) ⇒ Boolean

Returns:

  • (Boolean) 


54
55
56
57
58
59
60
61
62
63
 
# File 'lib/aspera/secret_hider.rb', line 54

def secret?(keyword, value)
  keyword = keyword.to_s if keyword.is_a?(Symbol)
  # only Strings can be secrets, not booleans, or hash, arrays
  return false unless keyword.is_a?(String) && value.is_a?(String)
  # those are not secrets
  return false if KEY_FALSE_POSITIVES.any?{|f|f.match?(keyword)}
  return true if ADDITIONAL_KEYS_TO_HIDE.include?(keyword)
  # check if keyword (name) contains an element that designate it as a secret
  ALL_SECRETS.any?{|kw|keyword.include?(kw)}
end