From bd4f21fbac495fb28b6be993be808509e567239e Mon Sep 17 00:00:00 2001 From: Prem Sichanugrist Date: Thu, 21 Jan 2010 04:37:10 +0700 Subject: Move filter_parameter_logging logic out of the controller and create ActionDispatch::ParametersFilter to handle parameter filteration instead. This will make filteration not depending on controller anymore. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: José Valim --- .../metal/filter_parameter_logging.rb | 36 +-------- .../lib/action_controller/metal/instrumentation.rb | 2 +- actionpack/lib/action_dispatch.rb | 1 + actionpack/lib/action_dispatch/http/parameters.rb | 23 ------ .../lib/action_dispatch/http/parameters_filter.rb | 88 ++++++++++++++++++++++ actionpack/lib/action_dispatch/http/request.rb | 1 + .../action_dispatch/middleware/notifications.rb | 2 +- 7 files changed, 96 insertions(+), 57 deletions(-) create mode 100644 actionpack/lib/action_dispatch/http/parameters_filter.rb (limited to 'actionpack/lib') diff --git a/actionpack/lib/action_controller/metal/filter_parameter_logging.rb b/actionpack/lib/action_controller/metal/filter_parameter_logging.rb index 9e03f50759..befb4a58cc 100644 --- a/actionpack/lib/action_controller/metal/filter_parameter_logging.rb +++ b/actionpack/lib/action_controller/metal/filter_parameter_logging.rb @@ -2,8 +2,6 @@ module ActionController module FilterParameterLogging extend ActiveSupport::Concern - INTERNAL_PARAMS = %w(controller action format _method only_path) - module ClassMethods # Replace sensitive parameter data from the request log. # Filters parameters that have any of the arguments as a substring. @@ -27,40 +25,14 @@ module ActionController # => reverses the value to all keys matching /secret/i, and # replaces the value to all keys matching /foo|bar/i with "[FILTERED]" def filter_parameter_logging(*filter_words, &block) - raise "You must filter at least one word from logging" if filter_words.empty? - - parameter_filter = Regexp.new(filter_words.join('|'), true) - - define_method(:filter_parameters) do |original_params| - filtered_params = {} - - original_params.each do |key, value| - if key =~ parameter_filter - value = '[FILTERED]' - elsif value.is_a?(Hash) - value = filter_parameters(value) - elsif value.is_a?(Array) - value = value.map { |item| filter_parameters(item) } - elsif block_given? - key = key.dup - value = value.dup if value.duplicable? - yield key, value - end - - filtered_params[key] = value - end - - filtered_params.except!(*INTERNAL_PARAMS) - end - protected :filter_parameters + ActionDispatch::Http::ParametersFilter.filter_parameters(*filter_words, &block) end end - + protected - + def filter_parameters(params) - params.dup.except!(*INTERNAL_PARAMS) + request.send(:process_parameter_filter, params) end - end end diff --git a/actionpack/lib/action_controller/metal/instrumentation.rb b/actionpack/lib/action_controller/metal/instrumentation.rb index 19c962bafa..0f22bf96cf 100644 --- a/actionpack/lib/action_controller/metal/instrumentation.rb +++ b/actionpack/lib/action_controller/metal/instrumentation.rb @@ -18,7 +18,7 @@ module ActionController raw_payload = { :controller => self.class.name, :action => self.action_name, - :params => filter_parameters(params), + :params => request.filtered_parameters, :formats => request.formats.map(&:to_sym) } diff --git a/actionpack/lib/action_dispatch.rb b/actionpack/lib/action_dispatch.rb index 082562d921..e2d64fcd53 100644 --- a/actionpack/lib/action_dispatch.rb +++ b/actionpack/lib/action_dispatch.rb @@ -63,6 +63,7 @@ module ActionDispatch autoload :Headers autoload :MimeNegotiation autoload :Parameters + autoload :ParametersFilter autoload :Upload autoload :UploadedFile, 'action_dispatch/http/upload' autoload :URL diff --git a/actionpack/lib/action_dispatch/http/parameters.rb b/actionpack/lib/action_dispatch/http/parameters.rb index 68ba3637bf..40b40ea94e 100644 --- a/actionpack/lib/action_dispatch/http/parameters.rb +++ b/actionpack/lib/action_dispatch/http/parameters.rb @@ -30,29 +30,6 @@ module ActionDispatch @env["action_dispatch.request.path_parameters"] ||= {} end - def filter_parameters - # TODO: Remove dependency on controller - if controller = @env['action_controller.instance'] - controller.send(:filter_parameters, params) - else - params - end - end - - def filter_env - if controller = @env['action_controller.instance'] - @env.map do |key, value| - if (key =~ /RAW_POST_DATA/i) - '[FILTERED]' - else - controller.send(:filter_parameters, {key => value}).values[0] - end - end - else - env - end - end - private # Convert nested Hashs to HashWithIndifferentAccess def normalize_parameters(value) diff --git a/actionpack/lib/action_dispatch/http/parameters_filter.rb b/actionpack/lib/action_dispatch/http/parameters_filter.rb new file mode 100644 index 0000000000..bec5e7427d --- /dev/null +++ b/actionpack/lib/action_dispatch/http/parameters_filter.rb @@ -0,0 +1,88 @@ +require 'active_support/core_ext/hash/keys' + +module ActionDispatch + module Http + module ParametersFilter + INTERNAL_PARAMS = %w(controller action format _method only_path) + + @@filter_parameters = nil + @@filter_parameters_block = nil + + # Specify sensitive parameters which will be replaced from the request log. + # Filters parameters that have any of the arguments as a substring. + # Looks in all subhashes of the param hash for keys to filter. + # If a block is given, each key and value of the parameter hash and all + # subhashes is passed to it, the value or key + # can be replaced using String#replace or similar method. + # + # Examples: + # + # ActionDispatch::Http::ParametersFilter.filter_parameters :password + # => replaces the value to all keys matching /password/i with "[FILTERED]" + # + # ActionDispatch::Http::ParametersFilter.filter_parameters :foo, "bar" + # => replaces the value to all keys matching /foo|bar/i with "[FILTERED]" + # + # ActionDispatch::Http::ParametersFilter.filter_parameters do |k,v| + # v.reverse! if k =~ /secret/i + # end + # => reverses the value to all keys matching /secret/i + # + # ActionDispatch::Http::ParametersFilter.filter_parameters(:foo, "bar") do |k,v| + # v.reverse! if k =~ /secret/i + # end + # => reverses the value to all keys matching /secret/i, and + # replaces the value to all keys matching /foo|bar/i with "[FILTERED]" + def self.filter_parameters(*filter_words, &block) + raise "You must filter at least one word" if filter_words.empty? and !block_given? + + @@filter_parameters = filter_words.empty? ? nil : Regexp.new(filter_words.join('|'), true) + @@filter_parameters_block = block + end + + # Return a hash of parameters with all sensitive data replaced. + def filtered_parameters + @filtered_parameters ||= process_parameter_filter(parameters) + end + alias_method :fitered_params, :filtered_parameters + + # Return a hash of request.env with all sensitive data replaced. + def filtered_env + @env.merge(@env) do |key, value| + if (key =~ /RAW_POST_DATA/i) + '[FILTERED]' + else + process_parameter_filter({key => value}, false).values[0] + end + end + end + + protected + + def process_parameter_filter(original_parameters, validate_block = true) + if @@filter_parameters or @@filter_parameters_block + filtered_params = {} + + original_parameters.each do |key, value| + if key =~ @@filter_parameters + value = '[FILTERED]' + elsif value.is_a?(Hash) + value = process_parameter_filter(value) + elsif value.is_a?(Array) + value = value.map { |item| process_parameter_filter({key => item}, validate_block).values[0] } + elsif validate_block and @@filter_parameters_block + key = key.dup + value = value.dup if value.duplicable? + value = @@filter_parameters_block.call(key, value) || value + end + + filtered_params[key] = value + end + filtered_params.except!(*INTERNAL_PARAMS) + else + original_parameters.except(*INTERNAL_PARAMS) + end + end + end + end +end \ No newline at end of file diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb index 187ce7c15d..7c3a228149 100755 --- a/actionpack/lib/action_dispatch/http/request.rb +++ b/actionpack/lib/action_dispatch/http/request.rb @@ -11,6 +11,7 @@ module ActionDispatch include ActionDispatch::Http::Cache::Request include ActionDispatch::Http::MimeNegotiation include ActionDispatch::Http::Parameters + include ActionDispatch::Http::ParametersFilter include ActionDispatch::Http::Upload include ActionDispatch::Http::URL diff --git a/actionpack/lib/action_dispatch/middleware/notifications.rb b/actionpack/lib/action_dispatch/middleware/notifications.rb index ce3732b740..65409f57fd 100644 --- a/actionpack/lib/action_dispatch/middleware/notifications.rb +++ b/actionpack/lib/action_dispatch/middleware/notifications.rb @@ -10,7 +10,7 @@ module ActionDispatch def call(env) request = Request.new(env) - payload = retrieve_payload_from_env(request.filter_env) + payload = retrieve_payload_from_env(request.filtered_env) ActiveSupport::Notifications.instrument("action_dispatch.before_dispatch", payload) -- cgit v1.2.3 From b1bc3b3cd352f68d79d7e232e9520eacb56ca41e Mon Sep 17 00:00:00 2001 From: Prem Sichanugrist Date: Thu, 21 Jan 2010 11:48:27 +0700 Subject: Add deprecation warning for calling filter_parameter_logging ActionController::Base, and allow it to be configured in config.filter_parameters MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: José Valim --- .../metal/filter_parameter_logging.rb | 29 ++-------------------- 1 file changed, 2 insertions(+), 27 deletions(-) (limited to 'actionpack/lib') diff --git a/actionpack/lib/action_controller/metal/filter_parameter_logging.rb b/actionpack/lib/action_controller/metal/filter_parameter_logging.rb index befb4a58cc..b59f6df244 100644 --- a/actionpack/lib/action_controller/metal/filter_parameter_logging.rb +++ b/actionpack/lib/action_controller/metal/filter_parameter_logging.rb @@ -3,36 +3,11 @@ module ActionController extend ActiveSupport::Concern module ClassMethods - # Replace sensitive parameter data from the request log. - # Filters parameters that have any of the arguments as a substring. - # Looks in all subhashes of the param hash for keys to filter. - # If a block is given, each key and value of the parameter hash and all - # subhashes is passed to it, the value or key - # can be replaced using String#replace or similar method. - # - # Examples: - # - # filter_parameter_logging :password - # => replaces the value to all keys matching /password/i with "[FILTERED]" - # - # filter_parameter_logging :foo, "bar" - # => replaces the value to all keys matching /foo|bar/i with "[FILTERED]" - # - # filter_parameter_logging { |k,v| v.reverse! if k =~ /secret/i } - # => reverses the value to all keys matching /secret/i - # - # filter_parameter_logging(:foo, "bar") { |k,v| v.reverse! if k =~ /secret/i } - # => reverses the value to all keys matching /secret/i, and - # replaces the value to all keys matching /foo|bar/i with "[FILTERED]" + # This method has been moved to ActionDispatch::Http::ParametersFilter.filter_parameters def filter_parameter_logging(*filter_words, &block) + ActiveSupport::Deprecation.warn("Setting filter_parameter_logging in ActionController is deprecated, please set 'config.filter_parameters' in application.rb or environments/[environment_name].rb instead.", caller) ActionDispatch::Http::ParametersFilter.filter_parameters(*filter_words, &block) end end - - protected - - def filter_parameters(params) - request.send(:process_parameter_filter, params) - end end end -- cgit v1.2.3 From 31fddf2ace29518399f15f718ff408737e0031a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Thu, 21 Jan 2010 11:39:57 +0100 Subject: Tidy up new filter_parameters implementation. --- actionpack/lib/action_controller.rb | 1 - actionpack/lib/action_controller/base.rb | 6 +- .../metal/filter_parameter_logging.rb | 13 --- .../lib/action_controller/metal/instrumentation.rb | 1 - actionpack/lib/action_dispatch.rb | 2 +- .../lib/action_dispatch/http/filter_parameters.rb | 94 ++++++++++++++++++++++ .../lib/action_dispatch/http/parameters_filter.rb | 88 -------------------- actionpack/lib/action_dispatch/http/request.rb | 2 +- 8 files changed, 101 insertions(+), 106 deletions(-) delete mode 100644 actionpack/lib/action_controller/metal/filter_parameter_logging.rb create mode 100644 actionpack/lib/action_dispatch/http/filter_parameters.rb delete mode 100644 actionpack/lib/action_dispatch/http/parameters_filter.rb (limited to 'actionpack/lib') diff --git a/actionpack/lib/action_controller.rb b/actionpack/lib/action_controller.rb index fa4a253ec1..33e107d216 100644 --- a/actionpack/lib/action_controller.rb +++ b/actionpack/lib/action_controller.rb @@ -16,7 +16,6 @@ module ActionController autoload :ConditionalGet autoload :Configuration autoload :Cookies - autoload :FilterParameterLogging autoload :Flash autoload :Head autoload :Helpers diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/action_controller/base.rb index 21a811c004..cf66e99fa5 100644 --- a/actionpack/lib/action_controller/base.rb +++ b/actionpack/lib/action_controller/base.rb @@ -27,7 +27,6 @@ module ActionController include ActionController::Compatibility include ActionController::Cookies - include ActionController::FilterParameterLogging include ActionController::Flash include ActionController::Verification include ActionController::RequestForgeryProtection @@ -74,6 +73,11 @@ module ActionController @subclasses ||= [] end + # This method has been moved to ActionDispatch::Request.filter_parameters + def self.filter_parameter_logging(*) + ActiveSupport::Deprecation.warn("Setting filter_parameter_logging in ActionController is deprecated and has no longer effect, please set 'config.filter_parameters' in config/application.rb instead", caller) + end + def _normalize_options(action=nil, options={}, &blk) case action when NilClass diff --git a/actionpack/lib/action_controller/metal/filter_parameter_logging.rb b/actionpack/lib/action_controller/metal/filter_parameter_logging.rb deleted file mode 100644 index b59f6df244..0000000000 --- a/actionpack/lib/action_controller/metal/filter_parameter_logging.rb +++ /dev/null @@ -1,13 +0,0 @@ -module ActionController - module FilterParameterLogging - extend ActiveSupport::Concern - - module ClassMethods - # This method has been moved to ActionDispatch::Http::ParametersFilter.filter_parameters - def filter_parameter_logging(*filter_words, &block) - ActiveSupport::Deprecation.warn("Setting filter_parameter_logging in ActionController is deprecated, please set 'config.filter_parameters' in application.rb or environments/[environment_name].rb instead.", caller) - ActionDispatch::Http::ParametersFilter.filter_parameters(*filter_words, &block) - end - end - end -end diff --git a/actionpack/lib/action_controller/metal/instrumentation.rb b/actionpack/lib/action_controller/metal/instrumentation.rb index 0f22bf96cf..7f9a7c068b 100644 --- a/actionpack/lib/action_controller/metal/instrumentation.rb +++ b/actionpack/lib/action_controller/metal/instrumentation.rb @@ -10,7 +10,6 @@ module ActionController extend ActiveSupport::Concern include AbstractController::Logger - include ActionController::FilterParameterLogging attr_internal :view_runtime diff --git a/actionpack/lib/action_dispatch.rb b/actionpack/lib/action_dispatch.rb index e2d64fcd53..42ff9ca2e4 100644 --- a/actionpack/lib/action_dispatch.rb +++ b/actionpack/lib/action_dispatch.rb @@ -63,7 +63,7 @@ module ActionDispatch autoload :Headers autoload :MimeNegotiation autoload :Parameters - autoload :ParametersFilter + autoload :FilterParameters autoload :Upload autoload :UploadedFile, 'action_dispatch/http/upload' autoload :URL diff --git a/actionpack/lib/action_dispatch/http/filter_parameters.rb b/actionpack/lib/action_dispatch/http/filter_parameters.rb new file mode 100644 index 0000000000..0f4afb01d9 --- /dev/null +++ b/actionpack/lib/action_dispatch/http/filter_parameters.rb @@ -0,0 +1,94 @@ +require 'active_support/core_ext/hash/keys' + +module ActionDispatch + module Http + module FilterParameters + extend ActiveSupport::Concern + + INTERNAL_PARAMS = %w(controller action format _method only_path) + + module ClassMethods + # Specify sensitive parameters which will be replaced from the request log. + # Filters parameters that have any of the arguments as a substring. + # Looks in all subhashes of the param hash for keys to filter. + # If a block is given, each key and value of the parameter hash and all + # subhashes is passed to it, the value or key + # can be replaced using String#replace or similar method. + # + # Examples: + # + # ActionDispatch::Request.filter_parameters :password + # => replaces the value to all keys matching /password/i with "[FILTERED]" + # + # ActionDispatch::Request.filter_parameters :foo, "bar" + # => replaces the value to all keys matching /foo|bar/i with "[FILTERED]" + # + # ActionDispatch::Request.filter_parameters do |k,v| + # v.reverse! if k =~ /secret/i + # end + # => reverses the value to all keys matching /secret/i + # + # ActionDispatch::Request.filter_parameters(:foo, "bar") do |k,v| + # v.reverse! if k =~ /secret/i + # end + # => reverses the value to all keys matching /secret/i, and + # replaces the value to all keys matching /foo|bar/i with "[FILTERED]" + def filter_parameters(*filter_words, &block) + raise "You must filter at least one word" if filter_words.empty? + + parameter_filter = Regexp.new(filter_words.join('|'), true) + + define_method(:process_parameter_filter) do |original_params| + filtered_params = {} + + original_params.each do |key, value| + if key =~ parameter_filter + value = '[FILTERED]' + elsif value.is_a?(Hash) + value = process_parameter_filter(value) + elsif value.is_a?(Array) + value = value.map { |i| process_parameter_filter(i) } + elsif block_given? + key = key.dup + value = value.dup if value.duplicable? + yield key, value + end + + filtered_params[key] = value + end + + filtered_params.except!(*INTERNAL_PARAMS) + end + + protected :process_parameter_filter + end + end + + # Return a hash of parameters with all sensitive data replaced. + def filtered_parameters + @filtered_parameters ||= process_parameter_filter(parameters) + end + alias :fitered_params :filtered_parameters + + # Return a hash of request.env with all sensitive data replaced. + # TODO Josh should white list env to remove stuff like rack.input and rack.errors + def filtered_env + filtered_env = @env.dup + filtered_env.each do |key, value| + if (key =~ /RAW_POST_DATA/i) + filtered_env[key] = '[FILTERED]' + elsif value.is_a?(Hash) + filtered_env[key] = process_parameter_filter(value) + end + end + filtered_env + end + + protected + + def process_parameter_filter(original_parameters) + original_parameters.except(*INTERNAL_PARAMS) + end + end + end +end \ No newline at end of file diff --git a/actionpack/lib/action_dispatch/http/parameters_filter.rb b/actionpack/lib/action_dispatch/http/parameters_filter.rb deleted file mode 100644 index bec5e7427d..0000000000 --- a/actionpack/lib/action_dispatch/http/parameters_filter.rb +++ /dev/null @@ -1,88 +0,0 @@ -require 'active_support/core_ext/hash/keys' - -module ActionDispatch - module Http - module ParametersFilter - INTERNAL_PARAMS = %w(controller action format _method only_path) - - @@filter_parameters = nil - @@filter_parameters_block = nil - - # Specify sensitive parameters which will be replaced from the request log. - # Filters parameters that have any of the arguments as a substring. - # Looks in all subhashes of the param hash for keys to filter. - # If a block is given, each key and value of the parameter hash and all - # subhashes is passed to it, the value or key - # can be replaced using String#replace or similar method. - # - # Examples: - # - # ActionDispatch::Http::ParametersFilter.filter_parameters :password - # => replaces the value to all keys matching /password/i with "[FILTERED]" - # - # ActionDispatch::Http::ParametersFilter.filter_parameters :foo, "bar" - # => replaces the value to all keys matching /foo|bar/i with "[FILTERED]" - # - # ActionDispatch::Http::ParametersFilter.filter_parameters do |k,v| - # v.reverse! if k =~ /secret/i - # end - # => reverses the value to all keys matching /secret/i - # - # ActionDispatch::Http::ParametersFilter.filter_parameters(:foo, "bar") do |k,v| - # v.reverse! if k =~ /secret/i - # end - # => reverses the value to all keys matching /secret/i, and - # replaces the value to all keys matching /foo|bar/i with "[FILTERED]" - def self.filter_parameters(*filter_words, &block) - raise "You must filter at least one word" if filter_words.empty? and !block_given? - - @@filter_parameters = filter_words.empty? ? nil : Regexp.new(filter_words.join('|'), true) - @@filter_parameters_block = block - end - - # Return a hash of parameters with all sensitive data replaced. - def filtered_parameters - @filtered_parameters ||= process_parameter_filter(parameters) - end - alias_method :fitered_params, :filtered_parameters - - # Return a hash of request.env with all sensitive data replaced. - def filtered_env - @env.merge(@env) do |key, value| - if (key =~ /RAW_POST_DATA/i) - '[FILTERED]' - else - process_parameter_filter({key => value}, false).values[0] - end - end - end - - protected - - def process_parameter_filter(original_parameters, validate_block = true) - if @@filter_parameters or @@filter_parameters_block - filtered_params = {} - - original_parameters.each do |key, value| - if key =~ @@filter_parameters - value = '[FILTERED]' - elsif value.is_a?(Hash) - value = process_parameter_filter(value) - elsif value.is_a?(Array) - value = value.map { |item| process_parameter_filter({key => item}, validate_block).values[0] } - elsif validate_block and @@filter_parameters_block - key = key.dup - value = value.dup if value.duplicable? - value = @@filter_parameters_block.call(key, value) || value - end - - filtered_params[key] = value - end - filtered_params.except!(*INTERNAL_PARAMS) - else - original_parameters.except(*INTERNAL_PARAMS) - end - end - end - end -end \ No newline at end of file diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb index 7c3a228149..7a17023ed2 100755 --- a/actionpack/lib/action_dispatch/http/request.rb +++ b/actionpack/lib/action_dispatch/http/request.rb @@ -11,7 +11,7 @@ module ActionDispatch include ActionDispatch::Http::Cache::Request include ActionDispatch::Http::MimeNegotiation include ActionDispatch::Http::Parameters - include ActionDispatch::Http::ParametersFilter + include ActionDispatch::Http::FilterParameters include ActionDispatch::Http::Upload include ActionDispatch::Http::URL -- cgit v1.2.3 From 378464a2e47bb849f3351cb8c87366554b7ce74d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Thu, 21 Jan 2010 13:05:30 +0100 Subject: Default to sync instrumentation. --- actionpack/lib/action_dispatch.rb | 1 - .../action_dispatch/middleware/notifications.rb | 32 ---------------------- actionpack/lib/action_dispatch/railtie.rb | 3 -- .../lib/action_dispatch/railties/subscriber.rb | 17 ------------ 4 files changed, 53 deletions(-) delete mode 100644 actionpack/lib/action_dispatch/middleware/notifications.rb delete mode 100644 actionpack/lib/action_dispatch/railties/subscriber.rb (limited to 'actionpack/lib') diff --git a/actionpack/lib/action_dispatch.rb b/actionpack/lib/action_dispatch.rb index 42ff9ca2e4..f0490a5619 100644 --- a/actionpack/lib/action_dispatch.rb +++ b/actionpack/lib/action_dispatch.rb @@ -46,7 +46,6 @@ module ActionDispatch autoload :Cookies autoload :Flash autoload :Head - autoload :Notifications autoload :ParamsParser autoload :Rescue autoload :ShowExceptions diff --git a/actionpack/lib/action_dispatch/middleware/notifications.rb b/actionpack/lib/action_dispatch/middleware/notifications.rb deleted file mode 100644 index 65409f57fd..0000000000 --- a/actionpack/lib/action_dispatch/middleware/notifications.rb +++ /dev/null @@ -1,32 +0,0 @@ -module ActionDispatch - # Provide notifications in the middleware stack. Notice that for the before_dispatch - # and after_dispatch notifications, we just send the original env, so we don't pile - # up large env hashes in the queue. However, in exception cases, the whole env hash - # is actually useful, so we send it all. - class Notifications - def initialize(app) - @app = app - end - - def call(env) - request = Request.new(env) - payload = retrieve_payload_from_env(request.filtered_env) - - ActiveSupport::Notifications.instrument("action_dispatch.before_dispatch", payload) - - ActiveSupport::Notifications.instrument!("action_dispatch.after_dispatch", payload) do - @app.call(env) - end - rescue Exception => exception - ActiveSupport::Notifications.instrument('action_dispatch.exception', - :env => env, :exception => exception) - raise exception - end - - protected - # Remove any rack related constants from the env, like rack.input. - def retrieve_payload_from_env(env) - Hash[:env => env.except(*env.keys.select { |k| k.to_s.index("rack.") == 0 })] - end - end -end diff --git a/actionpack/lib/action_dispatch/railtie.rb b/actionpack/lib/action_dispatch/railtie.rb index 18978bfb39..e4bd143e78 100644 --- a/actionpack/lib/action_dispatch/railtie.rb +++ b/actionpack/lib/action_dispatch/railtie.rb @@ -5,9 +5,6 @@ module ActionDispatch class Railtie < Rails::Railtie plugin_name :action_dispatch - require "action_dispatch/railties/subscriber" - subscriber ActionDispatch::Railties::Subscriber.new - # Prepare dispatcher callbacks and run 'prepare' callbacks initializer "action_dispatch.prepare_dispatcher" do |app| # TODO: This used to say unless defined?(Dispatcher). Find out why and fix. diff --git a/actionpack/lib/action_dispatch/railties/subscriber.rb b/actionpack/lib/action_dispatch/railties/subscriber.rb deleted file mode 100644 index cdb1162eac..0000000000 --- a/actionpack/lib/action_dispatch/railties/subscriber.rb +++ /dev/null @@ -1,17 +0,0 @@ -module ActionDispatch - module Railties - class Subscriber < Rails::Subscriber - def before_dispatch(event) - request = Request.new(event.payload[:env]) - path = request.request_uri.inspect rescue "unknown" - - info "\n\nStarted #{request.method.to_s.upcase} #{path} " << - "for #{request.remote_ip} at #{event.time.to_s(:db)}" - end - - def logger - ActionController::Base.logger - end - end - end -end \ No newline at end of file -- cgit v1.2.3 From fc4f237864541f5012f9b8cc8e0ec81960377e55 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Thu, 21 Jan 2010 16:50:11 +0100 Subject: Make filter parameters based on request, so they can be modified for anything in the middleware stack. --- actionpack/lib/action_controller/base.rb | 6 +- .../lib/action_controller/railties/subscriber.rb | 6 +- .../lib/action_dispatch/http/filter_parameters.rb | 128 +++++++++++---------- 3 files changed, 76 insertions(+), 64 deletions(-) (limited to 'actionpack/lib') diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/action_controller/base.rb index cf66e99fa5..a66aafd80e 100644 --- a/actionpack/lib/action_controller/base.rb +++ b/actionpack/lib/action_controller/base.rb @@ -74,8 +74,12 @@ module ActionController end # This method has been moved to ActionDispatch::Request.filter_parameters - def self.filter_parameter_logging(*) + def self.filter_parameter_logging(*args, &block) ActiveSupport::Deprecation.warn("Setting filter_parameter_logging in ActionController is deprecated and has no longer effect, please set 'config.filter_parameters' in config/application.rb instead", caller) + filter = Rails.application.config.filter_parameters + filter.concat(args) + filter << block if block + filter end def _normalize_options(action=nil, options={}, &blk) diff --git a/actionpack/lib/action_controller/railties/subscriber.rb b/actionpack/lib/action_controller/railties/subscriber.rb index d257d6ac2c..1f0e6bf51a 100644 --- a/actionpack/lib/action_controller/railties/subscriber.rb +++ b/actionpack/lib/action_controller/railties/subscriber.rb @@ -1,10 +1,14 @@ module ActionController module Railties class Subscriber < Rails::Subscriber + INTERNAL_PARAMS = %w(controller action format _method only_path) + def start_processing(event) payload = event.payload + params = payload[:params].except(*INTERNAL_PARAMS) + info " Processing by #{payload[:controller]}##{payload[:action]} as #{payload[:formats].first.to_s.upcase}" - info " Parameters: #{payload[:params].inspect}" unless payload[:params].blank? + info " Parameters: #{params.inspect}" unless params.empty? end def process_action(event) diff --git a/actionpack/lib/action_dispatch/http/filter_parameters.rb b/actionpack/lib/action_dispatch/http/filter_parameters.rb index 0f4afb01d9..1958e1668d 100644 --- a/actionpack/lib/action_dispatch/http/filter_parameters.rb +++ b/actionpack/lib/action_dispatch/http/filter_parameters.rb @@ -1,69 +1,30 @@ +require 'active_support/core_ext/object/blank' require 'active_support/core_ext/hash/keys' module ActionDispatch module Http + # Allows you to specify sensitive parameters which will be replaced from + # the request log by looking in all subhashes of the param hash for keys + # to filter. If a block is given, each key and value of the parameter + # hash and all subhashes is passed to it, the value or key can be replaced + # using String#replace or similar method. + # + # Examples: + # + # env["action_dispatch.parameter_filter"] = [:password] + # => replaces the value to all keys matching /password/i with "[FILTERED]" + # + # env["action_dispatch.parameter_filter"] = [:foo, "bar"] + # => replaces the value to all keys matching /foo|bar/i with "[FILTERED]" + # + # env["action_dispatch.parameter_filter"] = lambda do |k,v| + # v.reverse! if k =~ /secret/i + # end + # => reverses the value to all keys matching /secret/i + # module FilterParameters extend ActiveSupport::Concern - INTERNAL_PARAMS = %w(controller action format _method only_path) - - module ClassMethods - # Specify sensitive parameters which will be replaced from the request log. - # Filters parameters that have any of the arguments as a substring. - # Looks in all subhashes of the param hash for keys to filter. - # If a block is given, each key and value of the parameter hash and all - # subhashes is passed to it, the value or key - # can be replaced using String#replace or similar method. - # - # Examples: - # - # ActionDispatch::Request.filter_parameters :password - # => replaces the value to all keys matching /password/i with "[FILTERED]" - # - # ActionDispatch::Request.filter_parameters :foo, "bar" - # => replaces the value to all keys matching /foo|bar/i with "[FILTERED]" - # - # ActionDispatch::Request.filter_parameters do |k,v| - # v.reverse! if k =~ /secret/i - # end - # => reverses the value to all keys matching /secret/i - # - # ActionDispatch::Request.filter_parameters(:foo, "bar") do |k,v| - # v.reverse! if k =~ /secret/i - # end - # => reverses the value to all keys matching /secret/i, and - # replaces the value to all keys matching /foo|bar/i with "[FILTERED]" - def filter_parameters(*filter_words, &block) - raise "You must filter at least one word" if filter_words.empty? - - parameter_filter = Regexp.new(filter_words.join('|'), true) - - define_method(:process_parameter_filter) do |original_params| - filtered_params = {} - - original_params.each do |key, value| - if key =~ parameter_filter - value = '[FILTERED]' - elsif value.is_a?(Hash) - value = process_parameter_filter(value) - elsif value.is_a?(Array) - value = value.map { |i| process_parameter_filter(i) } - elsif block_given? - key = key.dup - value = value.dup if value.duplicable? - yield key, value - end - - filtered_params[key] = value - end - - filtered_params.except!(*INTERNAL_PARAMS) - end - - protected :process_parameter_filter - end - end - # Return a hash of parameters with all sensitive data replaced. def filtered_parameters @filtered_parameters ||= process_parameter_filter(parameters) @@ -71,7 +32,6 @@ module ActionDispatch alias :fitered_params :filtered_parameters # Return a hash of request.env with all sensitive data replaced. - # TODO Josh should white list env to remove stuff like rack.input and rack.errors def filtered_env filtered_env = @env.dup filtered_env.each do |key, value| @@ -86,8 +46,52 @@ module ActionDispatch protected - def process_parameter_filter(original_parameters) - original_parameters.except(*INTERNAL_PARAMS) + def compile_parameter_filter #:nodoc: + strings, regexps, blocks = [], [], [] + + Array(@env["action_dispatch.parameter_filter"]).each do |item| + case item + when NilClass + when Proc + blocks << item + when Regexp + regexps << item + else + strings << item.to_s + end + end + + regexps << Regexp.new(strings.join('|'), true) unless strings.empty? + [regexps, blocks] + end + + def filtering_parameters? #:nodoc: + @env["action_dispatch.parameter_filter"].present? + end + + def process_parameter_filter(original_params) #:nodoc: + return original_params.dup unless filtering_parameters? + + filtered_params = {} + regexps, blocks = compile_parameter_filter + + original_params.each do |key, value| + if regexps.find { |r| key =~ r } + value = '[FILTERED]' + elsif value.is_a?(Hash) + value = process_parameter_filter(value) + elsif value.is_a?(Array) + value = value.map { |i| process_parameter_filter(i) } + elsif blocks.present? + key = key.dup + value = value.dup if value.duplicable? + blocks.each { |b| b.call(key, value) } + end + + filtered_params[key] = value + end + + filtered_params end end end -- cgit v1.2.3