Class: Aspera::SecretHider

Inherits:

Object

• Object
• Aspera::SecretHider

Defined in:

lib/aspera/secret_hider.rb

Overview

remove secret from logs and output

Constant Summary

ADDITIONAL_KEYS_TO_HIDE =

configurable:

[]

ALL_SECRETS2 =

[KEY_SECRETS, HTTP_SECRETS].flatten.freeze

Class Attribute Summary

• .log_secrets ⇒ Object

  Returns the value of attribute log_secrets.

Class Method Summary

• .deep_remove_secret(obj) ⇒ Object

  Hides recursively secrets in Hash or Array of Hash.

• .hide_secrets_in_string(value) ⇒ Object
• .log_formatter(original_formatter) ⇒ Object

  New log formatter that hides secrets.

• .secret?(keyword, value) ⇒ Boolean

  True if the key denotes a secret.

Class Attribute Details

.log_secrets ⇒ Object

Returns the value of attribute log_secrets.

# File 'lib/aspera/secret_hider.rb', line 39

def log_secrets
  @log_secrets
end

Class Method Details

.deep_remove_secret(obj) ⇒ Object

Hides recursively secrets in Hash or Array of Hash

# File 'lib/aspera/secret_hider.rb', line 72

def deep_remove_secret(obj)
  case obj
  when Array
    obj.each{|i|deep_remove_secret(i)}
  when Hash
    obj.each do |k, v|
      if secret?(k, v)
        obj[k] = HIDDEN_PASSWORD
      elsif obj[k].is_a?(Hash)
        deep_remove_secret(obj[k])
      end
    end
  end
  return obj
end

.hide_secrets_in_string(value) ⇒ Object

# File 'lib/aspera/secret_hider.rb', line 55

def hide_secrets_in_string(value)
  return value.gsub(REGEX_LOG_REPLACES.first){"#{Regexp.last_match(:begin)}#{HIDDEN_PASSWORD}#{Regexp.last_match(:end)}"}
end

.log_formatter(original_formatter) ⇒ Object

Returns new log formatter that hides secrets.

Returns:

• new log formatter that hides secrets

# File 'lib/aspera/secret_hider.rb', line 42

def log_formatter(original_formatter)
  original_formatter ||= Logger::Formatter.new
  # NOTE: that @log_secrets may be set AFTER this init is done, so it's done at runtime
  return lambda do |severity, date_time, program_name, msg|
    if msg.is_a?(String) && !@log_secrets
      REGEX_LOG_REPLACES.each do |reg_ex|
        msg = msg.gsub(reg_ex){"#{Regexp.last_match(:begin)}#{HIDDEN_PASSWORD}#{Regexp.last_match(:end)}"}
      end
    end
    original_formatter.call(severity, date_time, program_name, msg)
  end
end

.secret?(keyword, value) ⇒ Boolean

Returns true if the key denotes a secret.

Returns:

• (Boolean) —

  true if the key denotes a secret

# File 'lib/aspera/secret_hider.rb', line 60

def secret?(keyword, value)
  keyword = keyword.to_s if keyword.is_a?(Symbol)
  # only Strings can be secrets, not booleans, or hash, arrays
  return false unless keyword.is_a?(String) && value.is_a?(String)
  # those are not secrets
  return false if KEY_FALSE_POSITIVES.any?{|f|f.match?(keyword)}
  return true if ADDITIONAL_KEYS_TO_HIDE.include?(keyword)
  # check if keyword (name) contains an element that designate it as a secret
  ALL_SECRETS.any?{|kw|keyword.include?(kw)}
end