1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
require 'active_support/core_ext/hash/keys'
module ActionDispatch
module Http
module FilterParameters
extend ActiveSupport::Concern
INTERNAL_PARAMS = %w(controller action format _method only_path)
module ClassMethods
# Specify sensitive parameters which will be replaced from the request log.
# Filters parameters that have any of the arguments as a substring.
# Looks in all subhashes of the param hash for keys to filter.
# If a block is given, each key and value of the parameter hash and all
# subhashes is passed to it, the value or key
# can be replaced using String#replace or similar method.
#
# Examples:
#
# ActionDispatch::Request.filter_parameters :password
# => replaces the value to all keys matching /password/i with "[FILTERED]"
#
# ActionDispatch::Request.filter_parameters :foo, "bar"
# => replaces the value to all keys matching /foo|bar/i with "[FILTERED]"
#
# ActionDispatch::Request.filter_parameters do |k,v|
# v.reverse! if k =~ /secret/i
# end
# => reverses the value to all keys matching /secret/i
#
# ActionDispatch::Request.filter_parameters(:foo, "bar") do |k,v|
# v.reverse! if k =~ /secret/i
# end
# => reverses the value to all keys matching /secret/i, and
# replaces the value to all keys matching /foo|bar/i with "[FILTERED]"
def filter_parameters(*filter_words, &block)
raise "You must filter at least one word" if filter_words.empty?
parameter_filter = Regexp.new(filter_words.join('|'), true)
define_method(:process_parameter_filter) do |original_params|
filtered_params = {}
original_params.each do |key, value|
if key =~ parameter_filter
value = '[FILTERED]'
elsif value.is_a?(Hash)
value = process_parameter_filter(value)
elsif value.is_a?(Array)
value = value.map { |i| process_parameter_filter(i) }
elsif block_given?
key = key.dup
value = value.dup if value.duplicable?
yield key, value
end
filtered_params[key] = value
end
filtered_params.except!(*INTERNAL_PARAMS)
end
protected :process_parameter_filter
end
end
# Return a hash of parameters with all sensitive data replaced.
def filtered_parameters
@filtered_parameters ||= process_parameter_filter(parameters)
end
alias :fitered_params :filtered_parameters
# Return a hash of request.env with all sensitive data replaced.
# TODO Josh should white list env to remove stuff like rack.input and rack.errors
def filtered_env
filtered_env = @env.dup
filtered_env.each do |key, value|
if (key =~ /RAW_POST_DATA/i)
filtered_env[key] = '[FILTERED]'
elsif value.is_a?(Hash)
filtered_env[key] = process_parameter_filter(value)
end
end
filtered_env
end
protected
def process_parameter_filter(original_parameters)
original_parameters.except(*INTERNAL_PARAMS)
end
end
end
end
|