Module: LogStruct::StringScrubber

Extended by:
T::Sig
Defined in:
lib/log_struct/string_scrubber.rb

Overview

StringScrubber is inspired by logstop by @ankane: https://github.com/ankane/logstop Enhancements:

  • Shows which type of data was filtered
  • Includes an SHA256 hash with filtered emails for request tracing
  • Uses configuration options from LogStruct.config

Constant Summary collapse

URL_PASSWORD_REGEX =

Also supports URL-encoded URLs like https%3A%2F%2Fuser%3Asecret%40example.com cspell:ignore Fuser Asecret

/((?:\/\/|%2F%2F)[^\s\/]+(?::|%3A))[^\s\/]+(@|%40)/
URL_PASSWORD_REPLACEMENT = 
'\1[PASSWORD]\2'
EMAIL_REGEX = 
/\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}\b/i
CREDIT_CARD_REGEX_SHORT = 
/\b[3456]\d{15}\b/
CREDIT_CARD_REGEX_DELIMITERS = 
/\b[3456]\d{3}[\s-]\d{4}[\s-]\d{4}[\s-]\d{4}\b/
CREDIT_CARD_REPLACEMENT = 
"[CREDIT_CARD]"
PHONE_REGEX = 
/\b\d{3}[\s-]\d{3}[\s-]\d{4}\b/
PHONE_REPLACEMENT = 
"[PHONE]"
SSN_REGEX = 
/\b\d{3}[\s-]\d{2}[\s-]\d{4}\b/
SSN_REPLACEMENT = 
"[SSN]"
IP_REGEX = 
/\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b/
IP_REPLACEMENT = 
"[IP]"
MAC_REGEX = 
/\b[0-9a-f]{2}(:[0-9a-f]{2}){5}\b/i
MAC_REPLACEMENT = 
"[MAC]"

Class Method Summary collapse

Class Method Details

.scrub(string) ⇒ String

Scrub sensitive information from a string

Parameters:

  • string (String)

Returns:

  • (String) 


41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
 
# File 'lib/log_struct/string_scrubber.rb', line 41

def scrub(string)
  return string if string.empty?

  string = string.to_s.dup
  config = LogStruct.config.filters

  # Passwords in URLs
  string.gsub!(URL_PASSWORD_REGEX, URL_PASSWORD_REPLACEMENT) if config.url_passwords

  # Emails
  if config.email_addresses
    string.gsub!(EMAIL_REGEX) do |email|
      email_hash = HashUtils.hash_value(email)
      "[EMAIL:#{email_hash}]"
    end
  end

  # Credit card numbers
  if config.credit_card_numbers
    string.gsub!(CREDIT_CARD_REGEX_SHORT, CREDIT_CARD_REPLACEMENT)
    string.gsub!(CREDIT_CARD_REGEX_DELIMITERS, CREDIT_CARD_REPLACEMENT)
  end

  # Phone numbers
  string.gsub!(PHONE_REGEX, PHONE_REPLACEMENT) if config.phone_numbers

  # SSNs
  string.gsub!(SSN_REGEX, SSN_REPLACEMENT) if config.ssns

  # IPs
  string.gsub!(IP_REGEX, IP_REPLACEMENT) if config.ip_addresses

  # MAC addresses
  string.gsub!(MAC_REGEX, MAC_REPLACEMENT) if config.mac_addresses

  # Custom scrubber
  custom_scrubber = LogStruct.config.string_scrubbing_handler
  string = custom_scrubber.call(string) if !custom_scrubber.nil?

  string
end