Skip to content

Mask sensitive information#73

Merged
trusche merged 8 commits intotrusche:developfrom
coverwallet:feature/filter-out-sensitive-info
May 13, 2019
Merged

Mask sensitive information#73
trusche merged 8 commits intotrusche:developfrom
coverwallet:feature/filter-out-sensitive-info

Conversation

@bustikiller
Copy link
Copy Markdown
Collaborator

@bustikiller bustikiller commented May 10, 2019

We need to mask some sensitive information such as credentials and API tokens.

@trusche
Copy link
Copy Markdown
Owner

trusche commented May 10, 2019

Hi @bustikiller, thanks for the PR, and that's a cool feature in principle.

I'll have to spend some time reviewing it and thinking through how this would cover the most common use cases - this implementation, at a glance, would only filter out key=value pairs, and for example not work on quoted value strings or JSON. If you want to take a shot at that, go ahead, otherwise I'll take it from here, but it will take a bit to get merged then.

Copy link
Copy Markdown
Owner

@trusche trusche left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd use the term "mask" instead of "filter", it describes better what this is doing. "Filtering" implies removing, which could be misunderstood. "Masking" just means "don't show" more specifically.

Could we add test cases and implementation to support JSON as well as quoted strings as values?

Comment thread lib/httplog/http_log.rb Outdated
Comment thread lib/httplog/http_log.rb Outdated
@bustikiller
Copy link
Copy Markdown
Collaborator Author

@trusche thanks for the fast feedback.

I will try to find some time to make this work with keywords inside JSON. However, I don't understand what you mean by "will not work on quoted string values". Could you please provide an example?

Thanks

@bustikiller bustikiller changed the title Filter out sensitive information Mask sensitive information May 10, 2019
@bustikiller
Copy link
Copy Markdown
Collaborator Author

@trusche I added tests with some JSON-body examples that came to my mind and fixed the masked_data method accordingly.

@trusche trusche changed the base branch from master to develop May 13, 2019 09:05
@trusche trusche merged commit 9f93df1 into trusche:develop May 13, 2019
@trusche
Copy link
Copy Markdown
Owner

trusche commented May 13, 2019

Cool, thanks. I'll tweak this a bit, should go live shortly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants