1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00

Move filter_parameter_logging logic out of the controller and create ActionDispatch::ParametersFilter to handle parameter filteration instead. This will make filteration not depending on controller anymore.

Signed-off-by: José Valim <jose.valim@gmail.com>
This commit is contained in:
Prem Sichanugrist 2010-01-21 04:37:10 +07:00 committed by José Valim
parent fa9f000246
commit bd4f21fbac
8 changed files with 130 additions and 57 deletions

View file

@ -2,8 +2,6 @@ module ActionController
module FilterParameterLogging
extend ActiveSupport::Concern
INTERNAL_PARAMS = %w(controller action format _method only_path)
module ClassMethods
# Replace sensitive parameter data from the request log.
# Filters parameters that have any of the arguments as a substring.
@ -27,40 +25,14 @@ module ActionController
# => reverses the value to all keys matching /secret/i, and
# replaces the value to all keys matching /foo|bar/i with "[FILTERED]"
def filter_parameter_logging(*filter_words, &block)
raise "You must filter at least one word from logging" if filter_words.empty?
parameter_filter = Regexp.new(filter_words.join('|'), true)
define_method(:filter_parameters) do |original_params|
filtered_params = {}
original_params.each do |key, value|
if key =~ parameter_filter
value = '[FILTERED]'
elsif value.is_a?(Hash)
value = filter_parameters(value)
elsif value.is_a?(Array)
value = value.map { |item| filter_parameters(item) }
elsif block_given?
key = key.dup
value = value.dup if value.duplicable?
yield key, value
end
filtered_params[key] = value
end
filtered_params.except!(*INTERNAL_PARAMS)
end
protected :filter_parameters
ActionDispatch::Http::ParametersFilter.filter_parameters(*filter_words, &block)
end
end
protected
def filter_parameters(params)
params.dup.except!(*INTERNAL_PARAMS)
request.send(:process_parameter_filter, params)
end
end
end

View file

@ -18,7 +18,7 @@ module ActionController
raw_payload = {
:controller => self.class.name,
:action => self.action_name,
:params => filter_parameters(params),
:params => request.filtered_parameters,
:formats => request.formats.map(&:to_sym)
}

View file

@ -63,6 +63,7 @@ module ActionDispatch
autoload :Headers
autoload :MimeNegotiation
autoload :Parameters
autoload :ParametersFilter
autoload :Upload
autoload :UploadedFile, 'action_dispatch/http/upload'
autoload :URL

View file

@ -30,29 +30,6 @@ module ActionDispatch
@env["action_dispatch.request.path_parameters"] ||= {}
end
def filter_parameters
# TODO: Remove dependency on controller
if controller = @env['action_controller.instance']
controller.send(:filter_parameters, params)
else
params
end
end
def filter_env
if controller = @env['action_controller.instance']
@env.map do |key, value|
if (key =~ /RAW_POST_DATA/i)
'[FILTERED]'
else
controller.send(:filter_parameters, {key => value}).values[0]
end
end
else
env
end
end
private
# Convert nested Hashs to HashWithIndifferentAccess
def normalize_parameters(value)

View file

@ -0,0 +1,88 @@
require 'active_support/core_ext/hash/keys'
module ActionDispatch
module Http
module ParametersFilter
INTERNAL_PARAMS = %w(controller action format _method only_path)
@@filter_parameters = nil
@@filter_parameters_block = nil
# Specify sensitive parameters which will be replaced from the request log.
# Filters parameters that have any of the arguments as a substring.
# Looks in all subhashes of the param hash for keys to filter.
# If a block is given, each key and value of the parameter hash and all
# subhashes is passed to it, the value or key
# can be replaced using String#replace or similar method.
#
# Examples:
#
# ActionDispatch::Http::ParametersFilter.filter_parameters :password
# => replaces the value to all keys matching /password/i with "[FILTERED]"
#
# ActionDispatch::Http::ParametersFilter.filter_parameters :foo, "bar"
# => replaces the value to all keys matching /foo|bar/i with "[FILTERED]"
#
# ActionDispatch::Http::ParametersFilter.filter_parameters do |k,v|
# v.reverse! if k =~ /secret/i
# end
# => reverses the value to all keys matching /secret/i
#
# ActionDispatch::Http::ParametersFilter.filter_parameters(:foo, "bar") do |k,v|
# v.reverse! if k =~ /secret/i
# end
# => reverses the value to all keys matching /secret/i, and
# replaces the value to all keys matching /foo|bar/i with "[FILTERED]"
def self.filter_parameters(*filter_words, &block)
raise "You must filter at least one word" if filter_words.empty? and !block_given?
@@filter_parameters = filter_words.empty? ? nil : Regexp.new(filter_words.join('|'), true)
@@filter_parameters_block = block
end
# Return a hash of parameters with all sensitive data replaced.
def filtered_parameters
@filtered_parameters ||= process_parameter_filter(parameters)
end
alias_method :fitered_params, :filtered_parameters
# Return a hash of request.env with all sensitive data replaced.
def filtered_env
@env.merge(@env) do |key, value|
if (key =~ /RAW_POST_DATA/i)
'[FILTERED]'
else
process_parameter_filter({key => value}, false).values[0]
end
end
end
protected
def process_parameter_filter(original_parameters, validate_block = true)
if @@filter_parameters or @@filter_parameters_block
filtered_params = {}
original_parameters.each do |key, value|
if key =~ @@filter_parameters
value = '[FILTERED]'
elsif value.is_a?(Hash)
value = process_parameter_filter(value)
elsif value.is_a?(Array)
value = value.map { |item| process_parameter_filter({key => item}, validate_block).values[0] }
elsif validate_block and @@filter_parameters_block
key = key.dup
value = value.dup if value.duplicable?
value = @@filter_parameters_block.call(key, value) || value
end
filtered_params[key] = value
end
filtered_params.except!(*INTERNAL_PARAMS)
else
original_parameters.except(*INTERNAL_PARAMS)
end
end
end
end
end

View file

@ -11,6 +11,7 @@ module ActionDispatch
include ActionDispatch::Http::Cache::Request
include ActionDispatch::Http::MimeNegotiation
include ActionDispatch::Http::Parameters
include ActionDispatch::Http::ParametersFilter
include ActionDispatch::Http::Upload
include ActionDispatch::Http::URL

View file

@ -10,7 +10,7 @@ module ActionDispatch
def call(env)
request = Request.new(env)
payload = retrieve_payload_from_env(request.filter_env)
payload = retrieve_payload_from_env(request.filtered_env)
ActiveSupport::Notifications.instrument("action_dispatch.before_dispatch", payload)

View file

@ -453,6 +453,40 @@ class RequestTest < ActiveSupport::TestCase
request.expects(:parameters).at_least_once.returns({})
assert_equal Mime::XML, request.negotiate_mime([Mime::XML, Mime::CSV])
end
test "filter_parameters" do
request = stub_request
request.stubs(:request_parameters).returns({ "foo" => 1 })
request.stubs(:query_parameters).returns({ "bar" => 2 })
assert_raises RuntimeError do
ActionDispatch::Http::ParametersFilter.filter_parameters
end
test_hashes = [
[{'foo'=>'bar'},{'foo'=>'bar'},%w'food'],
[{'foo'=>'bar'},{'foo'=>'[FILTERED]'},%w'foo'],
[{'foo'=>'bar', 'bar'=>'foo'},{'foo'=>'[FILTERED]', 'bar'=>'foo'},%w'foo baz'],
[{'foo'=>'bar', 'baz'=>'foo'},{'foo'=>'[FILTERED]', 'baz'=>'[FILTERED]'},%w'foo baz'],
[{'bar'=>{'foo'=>'bar','bar'=>'foo'}},{'bar'=>{'foo'=>'[FILTERED]','bar'=>'foo'}},%w'fo'],
[{'foo'=>{'foo'=>'bar','bar'=>'foo'}},{'foo'=>'[FILTERED]'},%w'f banana'],
[{'baz'=>[{'foo'=>'baz'}]}, {'baz'=>[{'foo'=>'[FILTERED]'}]}, %w(foo)]]
test_hashes.each do |before_filter, after_filter, filter_words|
ActionDispatch::Http::ParametersFilter.filter_parameters(*filter_words)
assert_equal after_filter, request.__send__(:process_parameter_filter, before_filter)
filter_words.push('blah')
ActionDispatch::Http::ParametersFilter.filter_parameters(*filter_words) do |key, value|
value.reverse! if key =~ /bargain/
end
before_filter['barg'] = {'bargain'=>'gain', 'blah'=>'bar', 'bar'=>{'bargain'=>{'blah'=>'foo'}}}
after_filter['barg'] = {'bargain'=>'niag', 'blah'=>'[FILTERED]', 'bar'=>{'bargain'=>{'blah'=>'[FILTERED]'}}}
assert_equal after_filter, request.__send__(:process_parameter_filter, before_filter)
end
end
protected