mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Move filter_parameter_logging logic out of the controller and create ActionDispatch::ParametersFilter to handle parameter filteration instead. This will make filteration not depending on controller anymore.
Signed-off-by: José Valim <jose.valim@gmail.com>
This commit is contained in:
parent
fa9f000246
commit
bd4f21fbac
8 changed files with 130 additions and 57 deletions
|
@ -2,8 +2,6 @@ module ActionController
|
|||
module FilterParameterLogging
|
||||
extend ActiveSupport::Concern
|
||||
|
||||
INTERNAL_PARAMS = %w(controller action format _method only_path)
|
||||
|
||||
module ClassMethods
|
||||
# Replace sensitive parameter data from the request log.
|
||||
# Filters parameters that have any of the arguments as a substring.
|
||||
|
@ -27,40 +25,14 @@ module ActionController
|
|||
# => reverses the value to all keys matching /secret/i, and
|
||||
# replaces the value to all keys matching /foo|bar/i with "[FILTERED]"
|
||||
def filter_parameter_logging(*filter_words, &block)
|
||||
raise "You must filter at least one word from logging" if filter_words.empty?
|
||||
|
||||
parameter_filter = Regexp.new(filter_words.join('|'), true)
|
||||
|
||||
define_method(:filter_parameters) do |original_params|
|
||||
filtered_params = {}
|
||||
|
||||
original_params.each do |key, value|
|
||||
if key =~ parameter_filter
|
||||
value = '[FILTERED]'
|
||||
elsif value.is_a?(Hash)
|
||||
value = filter_parameters(value)
|
||||
elsif value.is_a?(Array)
|
||||
value = value.map { |item| filter_parameters(item) }
|
||||
elsif block_given?
|
||||
key = key.dup
|
||||
value = value.dup if value.duplicable?
|
||||
yield key, value
|
||||
end
|
||||
|
||||
filtered_params[key] = value
|
||||
end
|
||||
|
||||
filtered_params.except!(*INTERNAL_PARAMS)
|
||||
end
|
||||
protected :filter_parameters
|
||||
ActionDispatch::Http::ParametersFilter.filter_parameters(*filter_words, &block)
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
protected
|
||||
|
||||
|
||||
def filter_parameters(params)
|
||||
params.dup.except!(*INTERNAL_PARAMS)
|
||||
request.send(:process_parameter_filter, params)
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
|
|
@ -18,7 +18,7 @@ module ActionController
|
|||
raw_payload = {
|
||||
:controller => self.class.name,
|
||||
:action => self.action_name,
|
||||
:params => filter_parameters(params),
|
||||
:params => request.filtered_parameters,
|
||||
:formats => request.formats.map(&:to_sym)
|
||||
}
|
||||
|
||||
|
|
|
@ -63,6 +63,7 @@ module ActionDispatch
|
|||
autoload :Headers
|
||||
autoload :MimeNegotiation
|
||||
autoload :Parameters
|
||||
autoload :ParametersFilter
|
||||
autoload :Upload
|
||||
autoload :UploadedFile, 'action_dispatch/http/upload'
|
||||
autoload :URL
|
||||
|
|
|
@ -30,29 +30,6 @@ module ActionDispatch
|
|||
@env["action_dispatch.request.path_parameters"] ||= {}
|
||||
end
|
||||
|
||||
def filter_parameters
|
||||
# TODO: Remove dependency on controller
|
||||
if controller = @env['action_controller.instance']
|
||||
controller.send(:filter_parameters, params)
|
||||
else
|
||||
params
|
||||
end
|
||||
end
|
||||
|
||||
def filter_env
|
||||
if controller = @env['action_controller.instance']
|
||||
@env.map do |key, value|
|
||||
if (key =~ /RAW_POST_DATA/i)
|
||||
'[FILTERED]'
|
||||
else
|
||||
controller.send(:filter_parameters, {key => value}).values[0]
|
||||
end
|
||||
end
|
||||
else
|
||||
env
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
# Convert nested Hashs to HashWithIndifferentAccess
|
||||
def normalize_parameters(value)
|
||||
|
|
88
actionpack/lib/action_dispatch/http/parameters_filter.rb
Normal file
88
actionpack/lib/action_dispatch/http/parameters_filter.rb
Normal file
|
@ -0,0 +1,88 @@
|
|||
require 'active_support/core_ext/hash/keys'
|
||||
|
||||
module ActionDispatch
|
||||
module Http
|
||||
module ParametersFilter
|
||||
INTERNAL_PARAMS = %w(controller action format _method only_path)
|
||||
|
||||
@@filter_parameters = nil
|
||||
@@filter_parameters_block = nil
|
||||
|
||||
# Specify sensitive parameters which will be replaced from the request log.
|
||||
# Filters parameters that have any of the arguments as a substring.
|
||||
# Looks in all subhashes of the param hash for keys to filter.
|
||||
# If a block is given, each key and value of the parameter hash and all
|
||||
# subhashes is passed to it, the value or key
|
||||
# can be replaced using String#replace or similar method.
|
||||
#
|
||||
# Examples:
|
||||
#
|
||||
# ActionDispatch::Http::ParametersFilter.filter_parameters :password
|
||||
# => replaces the value to all keys matching /password/i with "[FILTERED]"
|
||||
#
|
||||
# ActionDispatch::Http::ParametersFilter.filter_parameters :foo, "bar"
|
||||
# => replaces the value to all keys matching /foo|bar/i with "[FILTERED]"
|
||||
#
|
||||
# ActionDispatch::Http::ParametersFilter.filter_parameters do |k,v|
|
||||
# v.reverse! if k =~ /secret/i
|
||||
# end
|
||||
# => reverses the value to all keys matching /secret/i
|
||||
#
|
||||
# ActionDispatch::Http::ParametersFilter.filter_parameters(:foo, "bar") do |k,v|
|
||||
# v.reverse! if k =~ /secret/i
|
||||
# end
|
||||
# => reverses the value to all keys matching /secret/i, and
|
||||
# replaces the value to all keys matching /foo|bar/i with "[FILTERED]"
|
||||
def self.filter_parameters(*filter_words, &block)
|
||||
raise "You must filter at least one word" if filter_words.empty? and !block_given?
|
||||
|
||||
@@filter_parameters = filter_words.empty? ? nil : Regexp.new(filter_words.join('|'), true)
|
||||
@@filter_parameters_block = block
|
||||
end
|
||||
|
||||
# Return a hash of parameters with all sensitive data replaced.
|
||||
def filtered_parameters
|
||||
@filtered_parameters ||= process_parameter_filter(parameters)
|
||||
end
|
||||
alias_method :fitered_params, :filtered_parameters
|
||||
|
||||
# Return a hash of request.env with all sensitive data replaced.
|
||||
def filtered_env
|
||||
@env.merge(@env) do |key, value|
|
||||
if (key =~ /RAW_POST_DATA/i)
|
||||
'[FILTERED]'
|
||||
else
|
||||
process_parameter_filter({key => value}, false).values[0]
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
protected
|
||||
|
||||
def process_parameter_filter(original_parameters, validate_block = true)
|
||||
if @@filter_parameters or @@filter_parameters_block
|
||||
filtered_params = {}
|
||||
|
||||
original_parameters.each do |key, value|
|
||||
if key =~ @@filter_parameters
|
||||
value = '[FILTERED]'
|
||||
elsif value.is_a?(Hash)
|
||||
value = process_parameter_filter(value)
|
||||
elsif value.is_a?(Array)
|
||||
value = value.map { |item| process_parameter_filter({key => item}, validate_block).values[0] }
|
||||
elsif validate_block and @@filter_parameters_block
|
||||
key = key.dup
|
||||
value = value.dup if value.duplicable?
|
||||
value = @@filter_parameters_block.call(key, value) || value
|
||||
end
|
||||
|
||||
filtered_params[key] = value
|
||||
end
|
||||
filtered_params.except!(*INTERNAL_PARAMS)
|
||||
else
|
||||
original_parameters.except(*INTERNAL_PARAMS)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -11,6 +11,7 @@ module ActionDispatch
|
|||
include ActionDispatch::Http::Cache::Request
|
||||
include ActionDispatch::Http::MimeNegotiation
|
||||
include ActionDispatch::Http::Parameters
|
||||
include ActionDispatch::Http::ParametersFilter
|
||||
include ActionDispatch::Http::Upload
|
||||
include ActionDispatch::Http::URL
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@ module ActionDispatch
|
|||
|
||||
def call(env)
|
||||
request = Request.new(env)
|
||||
payload = retrieve_payload_from_env(request.filter_env)
|
||||
payload = retrieve_payload_from_env(request.filtered_env)
|
||||
|
||||
ActiveSupport::Notifications.instrument("action_dispatch.before_dispatch", payload)
|
||||
|
||||
|
|
|
@ -453,6 +453,40 @@ class RequestTest < ActiveSupport::TestCase
|
|||
request.expects(:parameters).at_least_once.returns({})
|
||||
assert_equal Mime::XML, request.negotiate_mime([Mime::XML, Mime::CSV])
|
||||
end
|
||||
|
||||
test "filter_parameters" do
|
||||
request = stub_request
|
||||
request.stubs(:request_parameters).returns({ "foo" => 1 })
|
||||
request.stubs(:query_parameters).returns({ "bar" => 2 })
|
||||
|
||||
assert_raises RuntimeError do
|
||||
ActionDispatch::Http::ParametersFilter.filter_parameters
|
||||
end
|
||||
|
||||
test_hashes = [
|
||||
[{'foo'=>'bar'},{'foo'=>'bar'},%w'food'],
|
||||
[{'foo'=>'bar'},{'foo'=>'[FILTERED]'},%w'foo'],
|
||||
[{'foo'=>'bar', 'bar'=>'foo'},{'foo'=>'[FILTERED]', 'bar'=>'foo'},%w'foo baz'],
|
||||
[{'foo'=>'bar', 'baz'=>'foo'},{'foo'=>'[FILTERED]', 'baz'=>'[FILTERED]'},%w'foo baz'],
|
||||
[{'bar'=>{'foo'=>'bar','bar'=>'foo'}},{'bar'=>{'foo'=>'[FILTERED]','bar'=>'foo'}},%w'fo'],
|
||||
[{'foo'=>{'foo'=>'bar','bar'=>'foo'}},{'foo'=>'[FILTERED]'},%w'f banana'],
|
||||
[{'baz'=>[{'foo'=>'baz'}]}, {'baz'=>[{'foo'=>'[FILTERED]'}]}, %w(foo)]]
|
||||
|
||||
test_hashes.each do |before_filter, after_filter, filter_words|
|
||||
ActionDispatch::Http::ParametersFilter.filter_parameters(*filter_words)
|
||||
assert_equal after_filter, request.__send__(:process_parameter_filter, before_filter)
|
||||
|
||||
filter_words.push('blah')
|
||||
ActionDispatch::Http::ParametersFilter.filter_parameters(*filter_words) do |key, value|
|
||||
value.reverse! if key =~ /bargain/
|
||||
end
|
||||
|
||||
before_filter['barg'] = {'bargain'=>'gain', 'blah'=>'bar', 'bar'=>{'bargain'=>{'blah'=>'foo'}}}
|
||||
after_filter['barg'] = {'bargain'=>'niag', 'blah'=>'[FILTERED]', 'bar'=>{'bargain'=>{'blah'=>'[FILTERED]'}}}
|
||||
|
||||
assert_equal after_filter, request.__send__(:process_parameter_filter, before_filter)
|
||||
end
|
||||
end
|
||||
|
||||
protected
|
||||
|
||||
|
|
Loading…
Reference in a new issue