Sha256: bdbfc73340d2c6605e531b04e429102eafc82a53c5d84aea2c0eceddb179b223

Contents?: true

Size: 1.44 KB

Versions: 5

Compression:

Stored size: 1.44 KB

Contents

# frozen_string_literal: true

module ElasticAPM
  module Transport
    module Filters
      # @api private
      class SecretsFilter
        FILTERED = '[FILTERED]'

        KEY_FILTERS = [
          /passw(or)?d/i,
          /^pw$/,
          /secret/i,
          /token/i,
          /api[-._]?key/i,
          /session[-._]?id/i
        ].freeze

        VALUE_FILTERS = [
          # (probably) credit card number
          /^\d{4}[- ]?\d{4}[- ]?\d{4}[- ]?\d{4}$/
        ].freeze

        def initialize(config)
          @config = config
          @key_filters = KEY_FILTERS + config.custom_key_filters
        end

        def call(payload)
          strip_from payload[:transaction], :context, :request, :headers
          strip_from payload[:transaction], :context, :response, :headers
          strip_from payload[:error], :context, :request, :headers
          strip_from payload[:error], :context, :response, :headers

          payload
        end

        def strip_from(event, *path)
          return unless event
          return unless (headers = event.dig(*path))

          headers.each do |k, v|
            if filter_key?(k) || filter_value?(v)
              headers[k] = FILTERED
            end
          end
        end

        def filter_key?(key)
          @key_filters.any? { |regex| key.match regex }
        end

        def filter_value?(value)
          VALUE_FILTERS.any? { |regex| value.match regex }
        end
      end
    end
  end
end

Version data entries

5 entries across 5 versions & 1 rubygems

Version Path
elastic-apm-2.1.2 lib/elastic_apm/transport/filters/secrets_filter.rb
elastic-apm-2.1.1 lib/elastic_apm/transport/filters/secrets_filter.rb
elastic-apm-2.1.0 lib/elastic_apm/transport/filters/secrets_filter.rb
elastic-apm-2.0.1 lib/elastic_apm/transport/filters/secrets_filter.rb
elastic-apm-2.0.0 lib/elastic_apm/transport/filters/secrets_filter.rb