CD2H gitForager

cookpad/blouson

Name: blouson

Owner: Cookpad Inc.

Description: Filter tools to mask sensitive log data for rails

Created: 2017-03-08 08:46:21.0

Updated: 2018-04-23 16:10:14.0

Pushed: 2017-09-21 06:38:56.0

Homepage: null

Size: 24

Language: Ruby

GitHub Committers

User	Most Recent Commit	# Commits

Other Committers

User	Email	Most Recent Commit	# Commits

README

Blouson

Blouson is a filter tool for Rails to conceal sensitive data from various logs.

HTTP Request parameters in Rails log
SQL query in Rails log
Exception messages in ActiveRecord::StatementInvalid
Sentry Raven parameters

Installation

Add this line to your application's Gemfile:

'blouson'

And then execute:

$ bundle

Or install it yourself as:

$ gem install blouson

Usage

SensitiveParamsSilencer

If there is a HTTP request parameter prefixed with `secure_`, Blouson conceals sensitive data from logging. Blouson enables this filter automatically.

Example:

ted PUT "/employees/1" for 127.0.0.1 at Tue Jan 1 00:00:00 +0900 2013
essing by EmployeesController#update as HTML
rameters: {"commit"=>"Update Employee", "id"=>"1", "employee"=>{"name"=>"", "secure_personal_information"=>"[FILTERED]"}, "utf8"=>"?"}
louson::SensitiveParamsSilencer] SQL Log is skipped for sensitive data

SensitiveQueryFilter

If there is a table prefixed with secure_, in exception message of ActiveRecord::StatementInvalid, Blouson conceals sensitive data from exception messages. Blouson enables this filter automatically.

Example:

imeError: error: SELECT  `secure_users`.* FROM `secure_users` WHERE `secure_users`.`email` = '[FILTERED]'  ORDER BY `secure_users`.`id` ASC LIMIT 1

SensitiveTableQueryLogSilencer

Blouson provides an Arproxy module to suppress query logs for secure_ prefix tables. If there is a query log for secure_ prefix table, Blouson conceals it. This proxy does not works automatically, so that you have to set Blouson::SensitiveTableQueryLogSilencer in your Arproxy initializer.

ire 'blouson/sensitive_table_query_log_silencer'
ur initializers

oxy.configure do |config|
nfig.adapter = "mysql2"
nfig.use Blouson::SensitiveTableQueryLogSilencer

oxy.enable!

RavenParameterFilterProcessor

Blouson provides an Raven-Ruby processor to conceal sensitive data from query string, request body, request headers and cookie values.

ire 'blouson/raven_parameter_filter_processor'

er_pattern = Rails.application.config.filter_parameters
re_headers = %w(secret_token)

n.configure do |config|
.
nfig.processors = [Blouson::RavenParameterFilterProcessor.create(filter_pattern, secure_headers)]
.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/cookpad/blouson.

License

The gem is available as open source under the terms of the MIT License.

This work is supported by the National Institutes of Health's National Center for Advancing Translational Sciences, Grant Number U24TR002306. This work is solely the responsibility of the creators and does not necessarily represent the official views of the National Institutes of Health.