Class: Datadog::DI::Redactor Private

Inherits:

Object

• Object
• Datadog::DI::Redactor

Defined in:

lib/datadog/di/redactor.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Provides logic to identify sensitive information in snapshots captured by dynamic instrumentation.

Redaction can be performed based on identifier or attribute name, or class name of said identifier or attribute. Redaction does not take into account variable values.

There is a built-in list of identifier names which will be subject to redaction. Additional names can be provided by the user via the settings.dynamic_instrumentation.redacted_identifiers setting or the DD_DYNAMIC_INSTRUMENTATION_REDACTED_IDENTIFIERS environment variable. Currently no class names are subject to redaction by default; class names can be provided via the settings.dynamic_instrumentation.redacted_type_names setting or DD_DYNAMIC_INSTRUMENTATION_REDACTED_TYPES environment variable.

Redacted identifiers must match exactly to an attribute name, a key in a hash or a variable name. Redacted types can either be matched exactly or, if the name is suffixed with an asterisk (*), any class whose name contains the specified prefix will be subject to redaction.

When specifying class (type) names to be redacted, user must specify fully-qualified names. For example, if ‘Token` or `Token*` are specified to be redacted, instances of ::Token will be redacted but instances of ::Foo::Token will not be. To redact the latter, specify `Foo::Token` or `::Foo::Token` as redacted types.

This class does not perform redaction itself (i.e., value replacement with a placeholder). This replacement is performed by Serializer.

Instance Attribute Summary

• #settings ⇒ Object readonly private

Instance Method Summary

• #initialize(settings) ⇒ Redactor constructor private

  A new instance of Redactor.

• #redact_identifier?(name) ⇒ Boolean private
• #redact_type?(value) ⇒ Boolean private

Constructor Details

#initialize(settings) ⇒ Redactor

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns a new instance of Redactor.

# File 'lib/datadog/di/redactor.rb', line 37

def initialize(settings)
  @settings = settings
end

Instance Attribute Details

#settings ⇒ Object (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/datadog/di/redactor.rb', line 41

def settings
  @settings
end

Instance Method Details

#redact_identifier?(name) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns:

• (Boolean)

# File 'lib/datadog/di/redactor.rb', line 43

def redact_identifier?(name)
  redacted_identifiers.include?(normalize(name))
end

#redact_type?(value) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns:

• (Boolean)

# File 'lib/datadog/di/redactor.rb', line 47

def redact_type?(value)
  # Classses can be nameless, do not attempt to redact in that case.
  if (cls_name = value.class.name)
    redacted_type_names_regexp.match?(cls_name)
  else
    false
  end
end