Merge pull request #13 from stackify/SF-3435

SF-3435: Mask HTTP Authorization and Cookie header

Author: eric-martin

.gitignore

@@ -0,0 +1,23 @@
+# See https://help.github.com/articles/ignoring-files for more about ignoring files.
+#
+# If you find yourself ignoring temporary files generated by your text editor
+# or operating system, you probably want to add a global ignore instead:
+#   git config --global core.excludesfile '~/.gitignore_global'
+
+# Ignore bundler config.
+/.bundle
+
+# Ignore built gem files
+/*.gem
+
+# Ignore the default SQLite database.
+/db/*.sqlite3
+/db/*.sqlite3-journal
+
+# Ignore all logfiles and tempfiles.
+/log/*.log
+/tmp
+
+# Ignore IntelliJ files
+/.idea
+*.iml

Gemfile.lock

@@ -1,13 +1,13 @@
 PATH
   remote: .
   specs:
-    stackify-api-ruby (1.0.3)
+    stackify-api-ruby (1.0.7)
       faraday (>= 0.8)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    faraday (0.9.0)
+    faraday (0.9.1)
       multipart-post (>= 1.2, < 3)
     multipart-post (2.0.0)
     rake (0.9.6)
@@ -19,3 +19,6 @@ DEPENDENCIES
   bundler (~> 1.6)
   rake (~> 0)
   stackify-api-ruby!
+
+BUNDLED WITH
+   1.10.6

lib/stackify/env_details.rb

@@ -6,6 +6,10 @@ class EnvDetails
     include Singleton
     attr_reader :request_details
 
+    @@masked_headers = %w(HTTP_AUTHORIZATION HTTP_COOKIE)
+    @@masked_value = 'X-MASKED-X'
+
+
     def initialize
       rails_info = defined?(Rails) ? Rails::Info.properties.to_h : nil
       @info =  rails_info || { 'Application root' => Dir.pwd, 'Environment' => 'development'}
@@ -77,7 +81,8 @@ def cookies env
     end
 
     def headers env
-      env.reject{ |k| !(k.start_with?'HTTP_') }
+      headers = env.reject{ |k| !(k.start_with?'HTTP_') }
+      headers.each_key { | key | headers[key] = @@masked_value if @@masked_headers.include?(key) }
     end
 
     def server_variables env