Merge pull request #28 from github/general-updates

General updates and new supported redaction classes

Author: GrantBirki

Gemfile.lock

@@ -1,7 +1,7 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (7.1.2)
+    activesupport (7.1.3.2)
       base64
       bigdecimal
       concurrent-ruby (~> 1.0, >= 1.0.2)
@@ -13,8 +13,8 @@ GEM
       tzinfo (~> 2.0)
     ast (2.4.2)
     base64 (0.2.0)
-    bigdecimal (3.1.4)
-    concurrent-ruby (1.2.2)
+    bigdecimal (3.1.6)
+    concurrent-ruby (1.2.3)
     connection_pool (2.4.1)
     diff-lcs (1.5.1)
     docile (1.4.0)
@@ -29,7 +29,7 @@ GEM
     json (2.7.1)
     language_server-protocol (3.17.0.3)
     logger (1.6.0)
-    minitest (5.20.0)
+    minitest (5.22.2)
     mutex_m (0.2.0)
     parallel (1.24.0)
     parser (3.3.0.5)
@@ -43,7 +43,7 @@ GEM
     rdoc (6.6.2)
       psych (>= 4.0.0)
     regexp_parser (2.9.0)
-    reline (0.4.2)
+    reline (0.4.3)
       io-console (~> 0.5)
     rexml (3.2.6)
     rspec (3.13.0)
@@ -58,7 +58,7 @@ GEM
     rspec-mocks (3.13.0)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-support (3.13.0)
+    rspec-support (3.13.1)
     rubocop (1.60.2)
       json (~> 2.3)
       language_server-protocol (>= 3.17.0)
@@ -83,10 +83,11 @@ GEM
     rubocop-performance (1.20.2)
       rubocop (>= 1.48.1, < 2.0)
       rubocop-ast (>= 1.30.0, < 2.0)
-    rubocop-rails (2.22.1)
+    rubocop-rails (2.23.1)
       activesupport (>= 4.2.0)
       rack (>= 1.1)
       rubocop (>= 1.33.0, < 2.0)
+      rubocop-ast (>= 1.30.0, < 2.0)
     rubocop-rspec (2.26.1)
       rubocop (~> 1.40)
       rubocop-capybara (~> 2.17)

lib/redacting_logger.rb

@@ -20,7 +20,7 @@ class RedactingLogger < Logger
   def initialize(
     logdev = $stdout,
     shift_age = 0,
-    shift_size = 1048576,
+    shift_size = 1_048_576,
     redact_patterns: [],
     redacted_msg: "[REDACTED]",
     use_default_patterns: true,
@@ -43,18 +43,18 @@ def add(severity, message = nil, progname = nil)
     @redact_patterns.each do |pattern|
       case message
 
-      when String
+      when String, Symbol, Numeric
         message = message.to_s.gsub(pattern, @redacted_msg)
 
       when Array
         message = message.map do |m|
-          m = m.to_s.gsub(pattern, @redacted_msg)
+          m.to_s.gsub(pattern, @redacted_msg)
         end
 
       when Hash
-        message = message.map do |k, v|
-          [k, v.to_s.gsub(pattern, @redacted_msg)]
-        end.to_h
+        message = message.transform_values do |v|
+          v.to_s.gsub(pattern, @redacted_msg)
+        end
       end
     end
 

lib/version.rb

@@ -2,6 +2,6 @@
 
 module RedactingLogger
   module Version
-    VERSION = "1.1.0"
+    VERSION = "1.2.0"
   end
 end

script/bootstrap

@@ -5,12 +5,33 @@ OFF='\033[0m'
 RED='\033[0;31m'
 GREEN='\033[0;32m'
 BLUE='\033[0;34m'
+PURPLE='\033[0;35m'
 
 set -e # Prevent any kind of script failures
 
+# if any of the following env vars are set, use them for the APP_ENV value
+if [ -n "$APP_ENV" ]; then
+  export APP_ENV="$APP_ENV"
+elif [ -n "$ENV" ]; then
+  export APP_ENV="$ENV"
+elif [ -n "$ENVIRONMENT" ]; then
+  export APP_ENV="$ENVIRONMENT"
+elif [ -n "$RAILS_ENV" ]; then
+  export APP_ENV="$RAILS_ENV"
+elif [ -n "$RACK_ENV" ]; then
+  export APP_ENV="$RACK_ENV"
+fi
+
+# set the working directory to the root of the project
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && cd .. && pwd )"
+
+# set the ruby version to the one specified in the .ruby-version file
 [ -z "$RBENV_VERSION" ] && export RBENV_VERSION=$(cat "$DIR/.ruby-version")
+
+# set the app environment to development if it's not set
 [ -z "$APP_ENV" ] && export APP_ENV="development"
+
+# set the path to include the rbenv shims if they exist
 [ -d "/usr/share/rbenv/shims" ] && export PATH=/usr/share/rbenv/shims:$PATH
 
 TRASHDIR=$(mktemp -d /tmp/bootstrap.XXXXXXXXXXXXXXXXX)
@@ -22,11 +43,12 @@ cleanup() {
 trap cleanup EXIT
 
 # Bootstrap gem dependencies.
-echo -e "💎 ${BLUE}Installing Gems...${OFF}"
 if [ "$APP_ENV" == "production" ]; then
-  bundle install --path vendor/gems --local --without development
-  bundle binstubs --all
+  echo -e "💎 ${BLUE}Installing Gems for ${GREEN}production${BLUE}...${OFF}"
+  BUNDLE_WITHOUT=development bundle install --local
+  BUNDLE_WITHOUT=development bundle binstubs --all
 else
-  bundle install --path vendor/gems --local --with development
+  echo -e "💎 ${BLUE}Installing Gems for ${PURPLE}development${BLUE}...${OFF}"
+  bundle install --local
   bundle binstubs --all
-fi
+fi

script/test

@@ -49,19 +49,12 @@ export DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && cd .. && pwd )"
 if [[ -z $no_bootstrap ]]; then
   # bootstrap
   echo -e "\n🥾 ${BLUE}Bootstrapping: $(date "+%H:%M:%S")${OFF}\n"
-  echo "%%%FOLD {bootstrap}%%%"
   cd "$DIR"
   script/bootstrap
-  echo "%%%END FOLD%%%"
 else
   echo -e "\n⏩ ${BLUE}Skipping Bootstrap${OFF}"
 fi
 
-# jump out to the lint build
-if [[ "$JOB_NAME" = *-lint ]]; then
-  exec script/cibuild-lint
-fi
-
 # Run Rubocop
 if [[ -z $no_linter ]]; then
   echo -e "\n🤖 ${BLUE}Running Rubocop: $(date "+%H:%M:%S")${OFF}\n"

spec/lib/redacting_logger_spec.rb

@@ -43,74 +43,94 @@
 
   context "#add" do
     let(:logdev) { StringIO.new }
-    let(:logger) { RedactingLogger.new(logdev, redact_patterns: [/secret/, /password/, /token_[A-Z]{5}/]) }
+    let(:logger) { RedactingLogger.new(logdev, redact_patterns: [/secret/, /password/, /token_[A-Z]{5}/, /999999999/]) }
 
     [
       {
         case: "secret message",
         message: "This is a secret password",
-        expected_message: "This is a [REDACTED] [REDACTED]",
+        expected_message: "This is a [REDACTED] [REDACTED]"
       },
       {
         case: "secret progname",
         progname: "secret progname",
-        expected_progname: "[REDACTED] progname",
+        expected_progname: "[REDACTED] progname"
       },
       {
         case: "secret substring",
         message: "This is a supersecretmessage",
-        expected_message: "This is a super[REDACTED]message",
+        expected_message: "This is a super[REDACTED]message"
       },
       {
         case: "github token",
         message: "token ghp_aBcdeFghIjklMnoPqRSTUvwXYZ1234567890",
-        expected_message: "token [REDACTED]",
+        expected_message: "token [REDACTED]"
       },
       {
         case: "github token hidden in another string",
         message: "token ghp_aBcdeFghIjklMnoPqRSTUvwXYZ1234567890ohnothisisnotgood",
-        expected_message: "token [REDACTED]",
+        expected_message: "token [REDACTED]"
       },
       {
         case: "fine-grained github pat",
         message: "token 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",
-        expected_message: "token [REDACTED]",
+        expected_message: "token [REDACTED]"
       },
       {
         case: "github action pat",
         message: "token ghs_1234567890abcdefghijklmnopqrstuvwxyz123456",
-        expected_message: "token [REDACTED]123456",
+        expected_message: "token [REDACTED]123456"
       },
       {
         case: "custom token",
         message: "token token_ABCDE",
-        expected_message: "token [REDACTED]",
+        expected_message: "token [REDACTED]"
       },
       {
         case: "custom token only if long enough",
         message: "token token_ABCD",
-        expected_message: "token token_ABCD",
+        expected_message: "token token_ABCD"
       },
       {
         case: "JWT token",
         message: "token eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
-        expected_message: "token [REDACTED]",
+        expected_message: "token [REDACTED]"
       },
       {
         case: "RSA private key",
         message: "token #{File.read("spec/fixtures/fake.private_key")}",
-        expected_message: "token [REDACTED]-\n",
+        expected_message: "token [REDACTED]-\n"
       },
       {
         case: "list of messages",
         message: ["this", "is", "a", "secret"],
-        expected_message: ["this", "is", "a", "[REDACTED]"],
+        expected_message: ["this", "is", "a", "[REDACTED]"]
       },
       {
         case: "hash of messages",
         message: { this: "is", "a" => "secret" },
-        expected_message: { this: "is", "a" => "[REDACTED]" },
+        expected_message: { this: "is", "a" => "[REDACTED]" }
       },
+      {
+        case: "hash of messages more complex",
+        message: { this: "is", "a" => "super top secret" },
+        expected_message: { this: "is", "a" => "super top [REDACTED]" }
+      },
+      {
+        case: "redacts from a symbol",
+        message: :top_secret,
+        expected_message: "top_[REDACTED]"
+      },
+      {
+        case: "redacts from a Numeric full match",
+        message: 999_999_999,
+        expected_message: "[REDACTED]"
+      },
+      {
+        case: "redacts from a Numeric match with extra numbers",
+        message: 123_999_999_999_123,
+        expected_message: "123[REDACTED]123"
+      }
     ].each do |test|
       it "redacts #{test[:case]}" do
         expect_any_instance_of(Logger).to receive(:add).with(0, test[:expected_message], test[:expected_progname])
@@ -126,6 +146,5 @@
 
       expect(log_output).to match(/This is a \[REDACTED\] \[REDACTED\]/)
     end
-
   end
 end