diff options
| author | Prem Sichanugrist & Xavier Noria <fxn@hashref.com> | 2011-01-01 23:51:05 +0700 |
|---|---|---|
| committer | Xavier Noria <fxn@hashref.com> | 2011-03-11 00:16:18 +0100 |
| commit | 68802d0fbe9d20ef8c5f6626d4b3279bd3a42d3e (patch) | |
| tree | 1b8b15255e7719ad947fc404299b7c7e62598b17 /actionpack/lib/action_dispatch | |
| parent | 51a269b2282ec09cf58614e738a2d0e40d2909d3 (diff) | |
| download | rails-68802d0fbe9d20ef8c5f6626d4b3279bd3a42d3e.tar.gz rails-68802d0fbe9d20ef8c5f6626d4b3279bd3a42d3e.tar.bz2 rails-68802d0fbe9d20ef8c5f6626d4b3279bd3a42d3e.zip | |
Filter sensitive query string parameters in the log [#6244 state:committed]
This provides more safety to applications that put secret information in the query string, such as API keys or SSO tokens.
Signed-off-by: Xavier Noria <fxn@hashref.com>
Diffstat (limited to 'actionpack/lib/action_dispatch')
| -rw-r--r-- | actionpack/lib/action_dispatch/http/filter_parameters.rb | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/actionpack/lib/action_dispatch/http/filter_parameters.rb b/actionpack/lib/action_dispatch/http/filter_parameters.rb index 1ab48ae04d..8dd1af7f3d 100644 --- a/actionpack/lib/action_dispatch/http/filter_parameters.rb +++ b/actionpack/lib/action_dispatch/http/filter_parameters.rb @@ -5,10 +5,10 @@ require 'active_support/core_ext/object/duplicable' module ActionDispatch module Http # Allows you to specify sensitive parameters which will be replaced from - # the request log by looking in all subhashes of the param hash for keys - # to filter. If a block is given, each key and value of the parameter - # hash and all subhashes is passed to it, the value or key can be replaced - # using String#replace or similar method. + # the request log by looking in the query string of the request and all + # subhashes of the params hash to filter. If a block is given, each key and + # value of the params hash and all subhashes is passed to it, the value + # or key can be replaced using String#replace or similar method. # # Examples: # @@ -38,6 +38,11 @@ module ActionDispatch @filtered_env ||= env_filter.filter(@env) end + # Reconstructed a path with all sensitive GET parameters replaced. + def filtered_path + @filtered_path ||= query_string.empty? ? path : "#{path}?#{filtered_query_string}" + end + protected def parameter_filter @@ -52,6 +57,14 @@ module ActionDispatch @@parameter_filter_for[filters] ||= ParameterFilter.new(filters) end + KV_RE = '[^&;=]+' + PAIR_RE = %r{(#{KV_RE})=(#{KV_RE})} + def filtered_query_string + query_string.gsub(PAIR_RE) do |_| + parameter_filter.filter([[$1, $2]]).first.join("=") + end + end + end end end |