Class: Labkit::Logging::Sanitizer
- Inherits:
-
Object
- Object
- Labkit::Logging::Sanitizer
- Defined in:
- lib/labkit/logging/sanitizer.rb
Overview
Sanitizer provides log message sanitization, removing confidential information from log messages
Constant Summary collapse
- SCP_URL_REGEXP =
%r{ (?:((?:[\-_.!~*()a-zA-Z\d;&=+$,]|%[a-fA-F\d]{2})+)(:(?:(?:[\-_.!~*()a-zA-Z\d;:&=+$,]|%[a-fA-F\d]{2})*))?@) (?# 1: username, 2: password) (?:((?:(?:[a-zA-Z0-9\-._])+|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|\[(?:(?:[a-fA-F\d]{1,4}:)*(?:[a-fA-F\d]{1,4}|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})|(?:(?:[a-fA-F\d]{1,4}:)*[a-fA-F\d]{1,4})?::(?:(?:[a-fA-F\d]{1,4}:)*(?:[a-fA-F\d]{1,4}|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}))?)\]))) (?# 3: host) : ((?:[\-_.!~*'()a-zA-Z\d:@&=+$,]|%[a-fA-F\d]{2})*(?:;(?:[\-_.!~*'()a-zA-Z\d:@&=+$,]|%[a-fA-F\d]{2})*)*(?:\/(?:[\-_.!~*'()a-zA-Z\d:@&=+$,]|%[a-fA-F\d]{2})*(?:;(?:[\-_.!~*'()a-zA-Z\d:@&=+$,]|%[a-fA-F\d]{2})*)*)*)? (?# 4: path) }x.freeze
- SCP_ANCHORED_URL_REGEXP =
/^#{SCP_URL_REGEXP}$/x.freeze
- ALLOWED_SCHEMES =
%w[http https ssh git].freeze
- URL_REGEXP =
URI::DEFAULT_PARSER.make_regexp(ALLOWED_SCHEMES).freeze
Class Method Summary collapse
-
.mask_scp_url(scp_url) ⇒ Object
Ensures that URLs of the form user:password@hostname:project.git are sanitized to hide credentials.
-
.mask_url(url) ⇒ Object
Ensures that URLS are sanitized to hide credentials.
- .sanitize_field(content) ⇒ Object
Class Method Details
.mask_scp_url(scp_url) ⇒ Object
Ensures that URLs of the form user:password@hostname:project.git are sanitized to hide credentials
39 40 41 42 43 44 45 46 47 48 49 50 51 |
# File 'lib/labkit/logging/sanitizer.rb', line 39 def self.mask_scp_url(scp_url) scp_url = scp_url.to_s.strip m = SCP_ANCHORED_URL_REGEXP.match(scp_url) return "" unless m password = m[2] host = m[3] path = m[4] return "*****@#{host}:#{path}" unless password.present? "*****:*****@#{host}:#{path}" end |
.mask_url(url) ⇒ Object
Ensures that URLS are sanitized to hide credentials
26 27 28 29 30 31 32 33 34 35 |
# File 'lib/labkit/logging/sanitizer.rb', line 26 def self.mask_url(url) url = url.to_s.strip p = URI::DEFAULT_PARSER.parse(url) p.password = "*****" if p.password.present? p.user = "*****" if p.user.present? p.to_s rescue URI::InvalidURIError "" end |
.sanitize_field(content) ⇒ Object
18 19 20 21 22 23 |
# File 'lib/labkit/logging/sanitizer.rb', line 18 def self.sanitize_field(content) content = content.gsub(URL_REGEXP) { |url| mask_url(url) } content = content.gsub(SCP_URL_REGEXP) { |scp_url| mask_scp_url(scp_url) } content end |