Class: Aspera::SecretHider

Inherits:

Object

• Object
• Aspera::SecretHider

Includes:

Singleton

Defined in:

lib/aspera/secret_hider.rb

Overview

remove secret from logs and output

Constant Summary

ADDITIONAL_KEYS_TO_HIDE =

configurable:

[]

ALL_SECRETS2 =

(KEY_SECRETS + HTTP_SECRETS).freeze

Instance Attribute Summary

• #log_secrets ⇒ Object

  Returns the value of attribute log_secrets.

Instance Method Summary

• #deep_remove_secret(obj) ⇒ Object

  Hides recursively secrets in Hash or Array of Hash.

• #hide_secrets_in_string(value) ⇒ Object
• #log_formatter(original_formatter) ⇒ Object

  New log formatter that hides secrets.

• #secret?(keyword, value) ⇒ Boolean

  True if the key denotes a secret.

Instance Attribute Details

#log_secrets ⇒ Object

Returns the value of attribute log_secrets.

# File 'lib/aspera/secret_hider.rb', line 40

def log_secrets
  @log_secrets
end

Instance Method Details

#deep_remove_secret(obj) ⇒ Object

Hides recursively secrets in Hash or Array of Hash

# File 'lib/aspera/secret_hider.rb', line 73

def deep_remove_secret(obj)
  case obj
  when Array
    obj.each{ |i| deep_remove_secret(i)}
  when Hash
    obj.each do |k, v|
      if secret?(k, v)
        obj[k] = HIDDEN_PASSWORD
      elsif obj[k].is_a?(Hash)
        deep_remove_secret(obj[k])
      end
    end
  end
  return obj
end

#hide_secrets_in_string(value) ⇒ Object

# File 'lib/aspera/secret_hider.rb', line 56

def hide_secrets_in_string(value)
  return value.gsub(REGEX_LOG_REPLACES.first){"#{Regexp.last_match(:begin)}#{HIDDEN_PASSWORD}#{Regexp.last_match(:end)}"}
end

#log_formatter(original_formatter) ⇒ Object

Returns new log formatter that hides secrets.

Returns:

• new log formatter that hides secrets

# File 'lib/aspera/secret_hider.rb', line 43

def log_formatter(original_formatter)
  original_formatter ||= Logger::Formatter.new
  # NOTE: that @log_secrets may be set AFTER this init is done, so it's done at runtime
  return lambda do |severity, date_time, program_name, msg|
    if msg.is_a?(String) && !@log_secrets
      REGEX_LOG_REPLACES.each do |reg_ex|
        msg = msg.gsub(reg_ex){"#{Regexp.last_match(:begin)}#{HIDDEN_PASSWORD}#{Regexp.last_match(:end)}"}
      end
    end
    original_formatter.call(severity, date_time, program_name, msg)
  end
end

#secret?(keyword, value) ⇒ Boolean

Returns true if the key denotes a secret.

Returns:

• (Boolean) —

  true if the key denotes a secret

# File 'lib/aspera/secret_hider.rb', line 61

def secret?(keyword, value)
  keyword = keyword.to_s if keyword.is_a?(Symbol)
  # only Strings can be secrets, not booleans, or hash, arrays
  return false unless keyword.is_a?(String) && value.is_a?(String)
  # those are not secrets
  return false if KEY_FALSE_POSITIVES.any?{ |f| f.match?(keyword)}
  return true if ADDITIONAL_KEYS_TO_HIDE.include?(keyword)
  # check if keyword (name) contains an element that designate it as a secret
  ALL_SECRETS.any?{ |kw| keyword.include?(kw)}
end