Class: Aspera::SecretHider
- Inherits:
-
Object
- Object
- Aspera::SecretHider
- Defined in:
- lib/aspera/secret_hider.rb
Overview
remove secret from logs and output
Constant Summary collapse
- ADDITIONAL_KEYS_TO_HIDE =
configurable:
[]
Class Attribute Summary collapse
-
.log_secrets ⇒ Object
Returns the value of attribute log_secrets.
Class Method Summary collapse
- .deep_remove_secret(obj) ⇒ Object
- .log_formatter(original_formatter) ⇒ Object
- .secret?(keyword, value) ⇒ Boolean
Class Attribute Details
.log_secrets ⇒ Object
Returns the value of attribute log_secrets.
40 41 42 |
# File 'lib/aspera/secret_hider.rb', line 40 def log_secrets @log_secrets end |
Class Method Details
.deep_remove_secret(obj) ⇒ Object
66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 |
# File 'lib/aspera/secret_hider.rb', line 66 def deep_remove_secret(obj) case obj when Array obj.each{|i|deep_remove_secret(i)} when Hash obj.each do |k, v| if secret?(k, v) obj[k] = HIDDEN_PASSWORD elsif obj[k].is_a?(Hash) deep_remove_secret(obj[k]) end end end return obj end |
.log_formatter(original_formatter) ⇒ Object
42 43 44 45 46 47 48 49 50 51 52 53 |
# File 'lib/aspera/secret_hider.rb', line 42 def log_formatter(original_formatter) original_formatter ||= Logger::Formatter.new # NOTE: that @log_secrets may be set AFTER this init is done, so it's done at runtime return lambda do |severity, date_time, program_name, msg| if msg.is_a?(String) && !@log_secrets REGEX_LOG_REPLACES.each do |reg_ex| msg = msg.gsub(reg_ex){"#{Regexp.last_match(:begin)}#{HIDDEN_PASSWORD}#{Regexp.last_match(:end)}"} end end original_formatter.call(severity, date_time, program_name, msg) end end |
.secret?(keyword, value) ⇒ Boolean
55 56 57 58 59 60 61 62 63 64 |
# File 'lib/aspera/secret_hider.rb', line 55 def secret?(keyword, value) keyword = keyword.to_s if keyword.is_a?(Symbol) # only Strings can be secrets, not booleans, or hash, arrays return false unless keyword.is_a?(String) && value.is_a?(String) # those are not secrets return false if KEY_FALSE_POSITIVES.any?{|f|f.match?(keyword)} return true if ADDITIONAL_KEYS_TO_HIDE.include?(keyword) # check if keyword (name) contains an element that designate it as a secret ALL_SECRETS.any?{|kw|keyword.include?(kw)} end |