Merge 40c655c into 8e2252b

.gitignore

@@ -1,3 +1,4 @@
+## Common files
 *.gem
 *.rbc
 /.config
@@ -10,25 +11,6 @@
 /test/version_tmp/
 /tmp/
 
-# Used by dotenv library to load environment variables.
-# .env
-
-## Specific to RubyMotion:
-.dat*
-.repl_history
-build/
-*.bridgesupport
-build-iPhoneOS/
-build-iPhoneSimulator/
-
-## Specific to RubyMotion (use of CocoaPods):
-#
-# We recommend against adding the Pods directory to your .gitignore. However
-# you should judge for yourself, the pros and cons are mentioned at:
-# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
-#
-# vendor/Pods/
-
 ## Documentation cache and generated files:
 /.yardoc/
 /_yardoc/
@@ -37,14 +19,13 @@ build-iPhoneSimulator/
 
 ## Environment normalization:
 /.bundle/
-/vendor/bundle
+/vendor/
 /lib/bundler/man/
+/Gemfile.lock
 
-# for a library or gem, you might want to ignore these files since the code is
-# intended to run in multiple environments; otherwise, check them in:
-# Gemfile.lock
-# .ruby-version
-# .ruby-gemset
+## Project files
+/.idea/
 
-# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
-.rvmrc
+## System files
+/.env
+/.DS_Store

.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

.rubocop.yml

@@ -0,0 +1,21 @@
+Metrics/LineLength:
+  Max: 100
+
+Documentation:
+  Enabled: false
+
+Style/BlockDelimiters:
+  EnforcedStyle: semantic
+
+Style/TrivialAccessors:
+  AllowPredicates: true
+
+Style/SignalException:
+  EnforcedStyle: semantic
+
+Style/SafeNavigation:
+  Enabled: false
+
+Style/FileName:
+  Exclude:
+    - gemfiles/Gemfile.*.rb

.ruby-version

@@ -0,0 +1 @@
+2.3.3

.travis.yml

@@ -0,0 +1,14 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.3.0 # The version of RVM installed on Travis doesn't yet recognise 2.3 as an alias of 2.3.0
+matrix:
+  include:
+    - rvm: 2.1
+      gemfile: gemfiles/Gemfile.ruby-2.1.rb
+    - rvm: 2.2
+      gemfile: gemfiles/Gemfile.ruby-2.2.rb
+before_install: gem install bundler -v 1.13.6
+notifications:
+  email:
+    - support@travellink.com.au

CHANGELOG.md

@@ -0,0 +1,9 @@
+# Change Log
+All notable changes to this project will be documented in this file.
+This project adheres to [Semantic Versioning](http://semver.org/).
+This changelog adheres to [Keep a CHANGELOG](http://keepachangelog.com/).
+
+## [Unreleased]
+### Added
+- Whitelisting of matches
+- Initial release

CODE_OF_CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at berardialessandro@gmail.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

Gemfile

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in sensitive_data_filter.gemspec
+gemspec

README.md

@@ -1,2 +1,89 @@
-# sensitive_data_filter
-A Rack Middleware level Rails filter for sensitive data
+# SensitiveDataFilter
+
+[![Gem Version](https://badge.fury.io/rb/sensitive_data_filter.svg)](http://badge.fury.io/rb/sensitive_data_filter)
+[![Build Status](https://travis-ci.org/sealink/sensitive_data_filter.svg?branch=master)](https://travis-ci.org/sealink/sensitive_data_filter)
+[![Coverage Status](https://coveralls.io/repos/sealink/sensitive_data_filter/badge.svg)](https://coveralls.io/r/sealink/sensitive_data_filter)
+[![Dependency Status](https://gemnasium.com/sealink/sensitive_data_filter.svg)](https://gemnasium.com/sealink/sensitive_data_filter)
+[![Code Climate](https://codeclimate.com/github/sealink/sensitive_data_filter/badges/gpa.svg)](https://codeclimate.com/github/sealink/sensitive_data_filter)
+
+A Rack Middleware filter for sensitive data
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'sensitive_data_filter'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install sensitive_data_filter
+
+## Usage
+
+### Enable the middleware
+
+E.g. for Rails, add the following in application.rb
+
+```ruby
+# --- Sensitive Data Filtering ---
+config.middleware.use SensitiveDataFilter::Middleware::Filter
+```
+
+### Configuration
+
+```ruby
+SensitiveDataFilter.config do |config|
+  config.enable_types :credit_card # Already defaults to :credit_card if not specified
+  config.on_occurrence do |occurrence| 
+    # Report occurrence
+  end
+  config.whitelist pattern1, pattern2 # Allows specifying patterns to whitelist matches
+end
+```
+
+An occurrence object has the following properties:
+
+* origin_ip:       the IP address that originated the request
+* request_method:  the HTTP method for the request (GET, POST, etc.)
+* url:             the URL of the request
+* original_params: the parameters sent with the request
+* filtered_params: the parameters sent with the request, with sensitive data filtered
+* session:         the session properties for the request
+* matches:         the matched sensitive data
+* matches_count:   the number of matches per data type, e.g. { 'CreditCard' => 1 }
+
+It also exposes `to_h` and `to_s` methods for hash and string representation respectively.  
+Please note that these representations omit sensitive data, i.e. `original_params` and `matches` are not included.
+
+#### Important Note
+
+You might want to filter sensitive parameters (e.g: passwords).
+In Rails you can do something like:
+
+```ruby
+filters = Rails.application.config.filter_parameters
+filter  = ActionDispatch::Http::ParameterFilter.new filters
+filter.filter @occurrence.filtered_params
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/sealink/sensitive_data_filter. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
+

Rakefile

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

bin/console

@@ -0,0 +1,15 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'bundler/setup'
+require 'sensitive_data_filter'
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require 'irb'
+IRB.start

bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

gemfiles/Gemfile.ruby-2.1.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+source 'https://rubygems.org'
+
+# ruby-2.1 compatible gems
+gem 'rack', '~> 1.4'
+
+# Specify your gem's dependencies in sensitive_data_filter.gemspec
+gemspec path: '../'

gemfiles/Gemfile.ruby-2.2.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+source 'https://rubygems.org'
+
+# ruby-2.2 compatible gems
+gem 'rack', '~> 1.4'
+
+# Specify your gem's dependencies in sensitive_data_filter.gemspec
+gemspec path: '../'

lib/sensitive_data_filter.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+require 'sensitive_data_filter/version'
+
+module SensitiveDataFilter
+end
+
+require 'sensitive_data_filter/config'
+require 'sensitive_data_filter/mask'
+require 'sensitive_data_filter/scan'
+require 'sensitive_data_filter/types'
+require 'sensitive_data_filter/middleware'

lib/sensitive_data_filter/config.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+require 'facets/string/modulize'
+
+module SensitiveDataFilter
+  def self.config
+    yield @config = Config.new if block_given?
+    @config ||= Config.new
+  end
+
+  def self.enabled_types
+    config.enabled_types
+  end
+
+  def self.handle_occurrence(occurrence)
+    handler = config.occurrence_handler
+    handler.call(occurrence) if handler
+  end
+
+  def self.whitelisted?(value)
+    config.whitelist_patterns.any? { |pattern| value.match pattern }
+  end
+
+  class Config
+    DEFAULT_TYPES = %i(credit_card).freeze
+
+    attr_reader :occurrence_handler
+
+    def enable_types(*types)
+      @enabled_types = types.map { |type| SensitiveDataFilter::Types.const_get type.to_s.modulize }
+    end
+
+    def enabled_types
+      @enabled_types || enable_types(*DEFAULT_TYPES)
+    end
+
+    def on_occurrence(&block)
+      @occurrence_handler = block
+    end
+
+    def whitelist(*patterns)
+      @whitelist_patterns = patterns
+    end
+
+    def whitelist_patterns
+      @whitelist_patterns ||= []
+    end
+  end
+end