Class: Tracekit::Security::Detector

Inherits:

Object

Object
Tracekit::Security::Detector

show all

Defined in:: lib/tracekit/security/detector.rb

Overview

Detects and redacts sensitive data (PII, credentials) from variable snapshots. Uses typed [REDACTED:type] markers. PII scrubbing is enabled by default.

Defined Under Namespace

Classes: ScanResult, SecurityFlag

Instance Attribute Summary collapse

#pii_scrubbing ⇒ Object

Returns the value of attribute pii_scrubbing.

Instance Method Summary collapse

#initialize(pii_scrubbing: true, custom_patterns: []) ⇒ Detector constructor

A new instance of Detector.
#scan(variables) ⇒ Object

Constructor Details

#initialize(pii_scrubbing: true, custom_patterns: []) ⇒ `Detector`

Returns a new instance of Detector.

Parameters:

pii_scrubbing (Boolean) (defaults to: true) —

whether PII scrubbing is enabled (default: true)
custom_patterns (Array<Hash>) (defaults to: []) —

custom patterns, each with :pattern (Regexp) and :marker (String)

# File 'lib/tracekit/security/detector.rb', line 15

def initialize(pii_scrubbing: true, custom_patterns: [])
  @pii_scrubbing = pii_scrubbing
  @custom_patterns = custom_patterns.map { |p| [p[:pattern], p[:marker]] }
end

Instance Attribute Details

#pii_scrubbing ⇒ `Object`

Returns the value of attribute pii_scrubbing.



11
12
13

# File 'lib/tracekit/security/detector.rb', line 11

def pii_scrubbing
  @pii_scrubbing
end

Instance Method Details

#scan(variables) ⇒ `Object`

# File 'lib/tracekit/security/detector.rb', line 20

def scan(variables)
  sanitized = {}
  flags = []

  # If PII scrubbing is disabled, return as-is
  unless @pii_scrubbing
    return ScanResult.new(sanitized_variables: variables.dup, security_flags: [])
  end

  variables.each do |key, value|
    sanitized_value, detected_flags = scan_value(key, value)
    sanitized[key] = sanitized_value
    flags.concat(detected_flags)
  end

  ScanResult.new(sanitized_variables: sanitized, security_flags: flags)
end