Configuration item `config.filter_parameters` could also filter out sensitive value of database column when call `#inspect`

* Why
Some sensitive data will be exposed in log accidentally by calling `#inspect`, e.g.

```ruby
@account = Account.find params[:id]
payload = { account: @account }
logger.info "payload will be #{ payload }"
```

All the information of `@account` will be exposed in log.

* Solution
Add a class attribute filter_attributes to specify which values of columns shouldn't be exposed.
This attribute equals to `Rails.application.config.filter_parameters` by default.

```ruby
Rails.application.config.filter_parameters += [:credit_card_number]
Account.last.insepct # => #<Account id: 123, credit_card_number: [FILTERED] ...>
```

1 files changed, 80 insertions, 0 deletions

diff --git a/activerecord/test/cases/filter_attributes_test.rb b/activerecord/test/cases/filter_attributes_test.rb
new file mode 100644
index 0000000000..f88cecfe2b
--- /dev/null
+++ b/activerecord/test/cases/filter_attributes_test.rb
@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+
+require "cases/helper"
+require "models/admin"
+require "models/admin/user"
+require "models/admin/account"
+require "pp"
+
+class FilterAttributesTest < ActiveRecord::TestCase
+  fixtures :"admin/users", :"admin/accounts"
+
+  setup do
+    ActiveRecord::Base.filter_attributes = [:name]
+  end
+
+  teardown do
+    ActiveRecord::Base.filter_attributes = []
+  end
+
+  test "filter_attributes" do
+    Admin::User.all.each do |user|
+      assert_includes user.inspect, "name: [FILTERED]"
+      assert_equal 1, user.inspect.scan("[FILTERED]").length
+    end
+
+    Admin::Account.all.each do |account|
+      assert_includes account.inspect, "name: [FILTERED]"
+      assert_equal 1, account.inspect.scan("[FILTERED]").length
+    end
+  end
+
+  test "filter_attributes could be overwritten by models" do
+    Admin::Account.all.each do |account|
+      assert_includes account.inspect, "name: [FILTERED]"
+      assert_equal 1, account.inspect.scan("[FILTERED]").length
+    end
+
+    Admin::Account.filter_attributes = []
+
+    # Above changes should not impact other models
+    Admin::User.all.each do |user|
+      assert_includes user.inspect, "name: [FILTERED]"
+      assert_equal 1, user.inspect.scan("[FILTERED]").length
+    end
+
+    Admin::Account.all.each do |account|
+      assert_not_includes account.inspect, "name: [FILTERED]"
+      assert_equal 0, account.inspect.scan("[FILTERED]").length
+    end
+
+    Admin::Account.filter_attributes = [:name]
+  end
+
+  test "filter_attributes should not filter nil value" do
+    account = Admin::Account.new
+
+    assert_includes account.inspect, "name: nil"
+    assert_not_includes account.inspect, "name: [FILTERED]"
+    assert_equal 0, account.inspect.scan("[FILTERED]").length
+  end
+
+  test "filter_attributes on pretty_print" do
+    user = admin_users(:david)
+    actual = "".dup
+    PP.pp(user, StringIO.new(actual))
+
+    assert_includes actual, "name: [FILTERED]"
+    assert_equal 1, actual.scan("[FILTERED]").length
+  end
+
+  test "filter_attributes on pretty_print should not filter nil value" do
+    user = Admin::User.new
+    actual = "".dup
+    PP.pp(user, StringIO.new(actual))
+
+    assert_includes actual, "name: nil"
+    assert_not_includes actual, "name: [FILTERED]"
+    assert_equal 0, actual.scan("[FILTERED]").length
+  end
+end