Class: SecureKeys::Validation::Validator

Inherits:
Object
  • Object
show all
Defined in:
lib/validation/validator.rb

Overview

Validates individual secret values against known patterns and security rules

Instance Method Summary collapse

Constructor Details

#initializeValidator

Initialize a new validator



22
23
24
 
# File 'lib/validation/validator.rb', line 22

def initialize
  self.issues = []
end

Instance Method Details

#detect_type(value:) ⇒ Hash?

Detect the secret type of a value by matching against known patterns

Parameters:

  • value (String)

    The value to analyze

Returns:

  • (Hash, nil)

    The matching pattern config merged with :type key, or nil if no match



49
50
51
52
53
54
55
 
# File 'lib/validation/validator.rb', line 49

def detect_type(value:)
  PATTERNS.each do |type, config|
    return config.merge(type:) if value.to_s.match?(config[:pattern])
  end

  nil
end

#recommendations(key:) ⇒ Array<String>

Returns security recommendations for a given key name

Parameters:

  • key (Symbol)

    The key identifier

Returns:

  • (Array<String>)

    List of actionable recommendations



60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
 
# File 'lib/validation/validator.rb', line 60

def recommendations(key:)
  result = []
  formatted_key = key.to_s.downcase

  if formatted_key.include?('github')
    result << 'Use GitHub Personal Access Tokens with minimal required scopes'
    result << 'Consider fine-grained tokens with repository-specific access'
  end

  if formatted_key.include?('aws')
    result << 'Use AWS IAM roles instead of long-lived access keys when possible'
    result << 'Enable MFA for all IAM users with access keys'
    result << 'Rotate AWS access keys every 90 days'
  end

  if formatted_key.include?('stripe')
    result << 'Never commit live Stripe keys to version control'
    result << 'Use Stripe test keys for development and staging'
    result << 'Consider Stripe restricted keys with minimal permissions'
  end

  if formatted_key.include?('api') || formatted_key.include?('key')
    result << 'Rotate this key regularly (every 90 days recommended)'
    result << 'Use environment-specific keys for dev, staging, and production'
  end

  result
end

#validate(key:, value:, options: {}) ⇒ ValidationResult

Validate a single secret value against all configured rules

Parameters:

  • key (Symbol)

    The key identifier for the secret

  • value (String)

    The value to validate

  • options (Hash) (defaults to: {})

    Additional validation options

Options Hash (options:):

  • :check_entropy (Boolean)

    Enable Shannon entropy checking (default: false)

  • :allow_production (Boolean)

    Skip production key warnings (default: false)

  • :warn_on_pattern (Boolean)

    Emit informational notices for matched patterns (default: false)

Returns:



34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/validation/validator.rb', line 34

def validate(key:, value:, options: {})
  self.issues = []

  check_empty(key:, value:)
  check_weak_secret(key:, value:)
  check_minimum_length(key:, value:)
  check_pattern_match(key:, value:, options:)
  check_entropy(key:, value:) if options[:check_entropy]

  ValidationResult.new(key:, value:, issues:, detected_type: detect_type(value:))
end