Class: Findbug::Processing::DataScrubber

Inherits:

Object

Object
Findbug::Processing::DataScrubber

show all

Defined in:: lib/findbug/processing/data_scrubber.rb

Overview

DataScrubber removes sensitive data from captured events.

WHY SCRUBBING IS CRITICAL

Error data often contains sensitive information:

User passwords (in form params)
API keys (in headers)
Credit card numbers (in payment flows)
Personal data (in user context)

Even though Findbug is self-hosted, you don’t want this data:

Stored in your database
Visible in the dashboard
In logs or backups
Accessible to developers who shouldn’t see it

SCRUBBING STRATEGY

We replace sensitive values with “[FILTERED]” rather than removing them. This way you can see that the field existed (helpful for debugging) without exposing the actual value.

WHAT WE SCRUB

Known field names (password, api_key, etc.)
Credit card patterns (16 digits)
SSN patterns (XXX-XX-XXXX)
Sensitive headers (Authorization, Cookie)
Custom fields from configuration

Constant Summary collapse

FILTERED =

"[FILTERED]"

CREDIT_CARD_PATTERN = Credit card patterns (Visa, MasterCard, Amex, etc.)

/\b(?:\d{4}[-\s]?){3}\d{4}\b/

SSN_PATTERN = SSN pattern

/\b\d{3}[-\s]?\d{2}[-\s]?\d{4}\b/

BEARER_TOKEN_PATTERN = Bearer token in text

/Bearer\s+[A-Za-z0-9\-_.~+\/]+=*/i

API_KEY_PATTERN = API key-like patterns (long alphanumeric strings)

/\b[A-Za-z0-9]{32,}\b/

Class Method Summary collapse

.scrub(event) ⇒ Hash

Scrub an entire event hash.
.scrub_string(value) ⇒ String

Scrub a string value for patterns.

Class Method Details

.scrub(event) ⇒ `Hash`

Scrub an entire event hash

Parameters:

event (Hash) —

the event data to scrub

Returns:

(Hash) —

scrubbed event data



59
60
61

# File 'lib/findbug/processing/data_scrubber.rb', line 59

def scrub(event)
  deep_scrub(event)
end

.scrub_string(value) ⇒ `String`

Scrub a string value for patterns