diff options
| author | José Valim <jose.valim@gmail.com> | 2010-01-21 11:39:57 +0100 |
|---|---|---|
| committer | José Valim <jose.valim@gmail.com> | 2010-01-21 11:57:24 +0100 |
| commit | 31fddf2ace29518399f15f718ff408737e0031a0 (patch) | |
| tree | edd9ec04178e5082a0e5b79c7759fc07432dbc08 /actionpack/lib/action_dispatch | |
| parent | b1bc3b3cd352f68d79d7e232e9520eacb56ca41e (diff) | |
| download | rails-31fddf2ace29518399f15f718ff408737e0031a0.tar.gz rails-31fddf2ace29518399f15f718ff408737e0031a0.tar.bz2 rails-31fddf2ace29518399f15f718ff408737e0031a0.zip | |
Tidy up new filter_parameters implementation.
Diffstat (limited to 'actionpack/lib/action_dispatch')
| -rw-r--r-- | actionpack/lib/action_dispatch/http/filter_parameters.rb | 94 | ||||
| -rw-r--r-- | actionpack/lib/action_dispatch/http/parameters_filter.rb | 88 | ||||
| -rwxr-xr-x | actionpack/lib/action_dispatch/http/request.rb | 2 |
3 files changed, 95 insertions, 89 deletions
diff --git a/actionpack/lib/action_dispatch/http/filter_parameters.rb b/actionpack/lib/action_dispatch/http/filter_parameters.rb new file mode 100644 index 0000000000..0f4afb01d9 --- /dev/null +++ b/actionpack/lib/action_dispatch/http/filter_parameters.rb @@ -0,0 +1,94 @@ +require 'active_support/core_ext/hash/keys' + +module ActionDispatch + module Http + module FilterParameters + extend ActiveSupport::Concern + + INTERNAL_PARAMS = %w(controller action format _method only_path) + + module ClassMethods + # Specify sensitive parameters which will be replaced from the request log. + # Filters parameters that have any of the arguments as a substring. + # Looks in all subhashes of the param hash for keys to filter. + # If a block is given, each key and value of the parameter hash and all + # subhashes is passed to it, the value or key + # can be replaced using String#replace or similar method. + # + # Examples: + # + # ActionDispatch::Request.filter_parameters :password + # => replaces the value to all keys matching /password/i with "[FILTERED]" + # + # ActionDispatch::Request.filter_parameters :foo, "bar" + # => replaces the value to all keys matching /foo|bar/i with "[FILTERED]" + # + # ActionDispatch::Request.filter_parameters do |k,v| + # v.reverse! if k =~ /secret/i + # end + # => reverses the value to all keys matching /secret/i + # + # ActionDispatch::Request.filter_parameters(:foo, "bar") do |k,v| + # v.reverse! if k =~ /secret/i + # end + # => reverses the value to all keys matching /secret/i, and + # replaces the value to all keys matching /foo|bar/i with "[FILTERED]" + def filter_parameters(*filter_words, &block) + raise "You must filter at least one word" if filter_words.empty? + + parameter_filter = Regexp.new(filter_words.join('|'), true) + + define_method(:process_parameter_filter) do |original_params| + filtered_params = {} + + original_params.each do |key, value| + if key =~ parameter_filter + value = '[FILTERED]' + elsif value.is_a?(Hash) + value = process_parameter_filter(value) + elsif value.is_a?(Array) + value = value.map { |i| process_parameter_filter(i) } + elsif block_given? + key = key.dup + value = value.dup if value.duplicable? + yield key, value + end + + filtered_params[key] = value + end + + filtered_params.except!(*INTERNAL_PARAMS) + end + + protected :process_parameter_filter + end + end + + # Return a hash of parameters with all sensitive data replaced. + def filtered_parameters + @filtered_parameters ||= process_parameter_filter(parameters) + end + alias :fitered_params :filtered_parameters + + # Return a hash of request.env with all sensitive data replaced. + # TODO Josh should white list env to remove stuff like rack.input and rack.errors + def filtered_env + filtered_env = @env.dup + filtered_env.each do |key, value| + if (key =~ /RAW_POST_DATA/i) + filtered_env[key] = '[FILTERED]' + elsif value.is_a?(Hash) + filtered_env[key] = process_parameter_filter(value) + end + end + filtered_env + end + + protected + + def process_parameter_filter(original_parameters) + original_parameters.except(*INTERNAL_PARAMS) + end + end + end +end
\ No newline at end of file diff --git a/actionpack/lib/action_dispatch/http/parameters_filter.rb b/actionpack/lib/action_dispatch/http/parameters_filter.rb deleted file mode 100644 index bec5e7427d..0000000000 --- a/actionpack/lib/action_dispatch/http/parameters_filter.rb +++ /dev/null @@ -1,88 +0,0 @@ -require 'active_support/core_ext/hash/keys' - -module ActionDispatch - module Http - module ParametersFilter - INTERNAL_PARAMS = %w(controller action format _method only_path) - - @@filter_parameters = nil - @@filter_parameters_block = nil - - # Specify sensitive parameters which will be replaced from the request log. - # Filters parameters that have any of the arguments as a substring. - # Looks in all subhashes of the param hash for keys to filter. - # If a block is given, each key and value of the parameter hash and all - # subhashes is passed to it, the value or key - # can be replaced using String#replace or similar method. - # - # Examples: - # - # ActionDispatch::Http::ParametersFilter.filter_parameters :password - # => replaces the value to all keys matching /password/i with "[FILTERED]" - # - # ActionDispatch::Http::ParametersFilter.filter_parameters :foo, "bar" - # => replaces the value to all keys matching /foo|bar/i with "[FILTERED]" - # - # ActionDispatch::Http::ParametersFilter.filter_parameters do |k,v| - # v.reverse! if k =~ /secret/i - # end - # => reverses the value to all keys matching /secret/i - # - # ActionDispatch::Http::ParametersFilter.filter_parameters(:foo, "bar") do |k,v| - # v.reverse! if k =~ /secret/i - # end - # => reverses the value to all keys matching /secret/i, and - # replaces the value to all keys matching /foo|bar/i with "[FILTERED]" - def self.filter_parameters(*filter_words, &block) - raise "You must filter at least one word" if filter_words.empty? and !block_given? - - @@filter_parameters = filter_words.empty? ? nil : Regexp.new(filter_words.join('|'), true) - @@filter_parameters_block = block - end - - # Return a hash of parameters with all sensitive data replaced. - def filtered_parameters - @filtered_parameters ||= process_parameter_filter(parameters) - end - alias_method :fitered_params, :filtered_parameters - - # Return a hash of request.env with all sensitive data replaced. - def filtered_env - @env.merge(@env) do |key, value| - if (key =~ /RAW_POST_DATA/i) - '[FILTERED]' - else - process_parameter_filter({key => value}, false).values[0] - end - end - end - - protected - - def process_parameter_filter(original_parameters, validate_block = true) - if @@filter_parameters or @@filter_parameters_block - filtered_params = {} - - original_parameters.each do |key, value| - if key =~ @@filter_parameters - value = '[FILTERED]' - elsif value.is_a?(Hash) - value = process_parameter_filter(value) - elsif value.is_a?(Array) - value = value.map { |item| process_parameter_filter({key => item}, validate_block).values[0] } - elsif validate_block and @@filter_parameters_block - key = key.dup - value = value.dup if value.duplicable? - value = @@filter_parameters_block.call(key, value) || value - end - - filtered_params[key] = value - end - filtered_params.except!(*INTERNAL_PARAMS) - else - original_parameters.except(*INTERNAL_PARAMS) - end - end - end - end -end
\ No newline at end of file diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb index 7c3a228149..7a17023ed2 100755 --- a/actionpack/lib/action_dispatch/http/request.rb +++ b/actionpack/lib/action_dispatch/http/request.rb @@ -11,7 +11,7 @@ module ActionDispatch include ActionDispatch::Http::Cache::Request include ActionDispatch::Http::MimeNegotiation include ActionDispatch::Http::Parameters - include ActionDispatch::Http::ParametersFilter + include ActionDispatch::Http::FilterParameters include ActionDispatch::Http::Upload include ActionDispatch::Http::URL |