kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity
rails--rails/actionpack/test
History
Aaron Lahey 82fc62ca71
Use static message when raising HTTP request parameter parse errors 
When parsing HTTP request parameters, Rails delegates to a set of parsing
strategies based on the MIME type. If any of these strategies raises an
error Rails rescues it and raises an instance of
`ActionDispatch::Http::Parameters::ParseError` with the same message as
the underlying error.

However, in the presence of malformed JSON, the default parameter parser
for the `application/json` MIME type raises a `JSON:ParserError` with a
message containing the entire malformed JSON string (the request body in
this context). By raising a new error with this same message Rails
inadvertently ends up logging the full HTTP request body at the `fatal`
level. This request body could contain sensitive information or could be
intentionally crafted to be extremely large.

This commit sets the `ActionDispatch::Http::Parameters::ParseError` message
to a static message which mirrors that of the corresponding `debug` log.
2021-08-28 11:56:05 -05:00
..
abstract Fix generated MIME methods to recognize kwargs 2021-08-07 13:59:08 +09:00
assertions
controller Add a test to catch regressions for render_to_string to not override subsequent render 2021-08-23 20:40:21 +01:00
dispatch Use static message when raising HTTP request parameter parse errors 2021-08-28 11:56:05 -05:00
fixtures
journey Restore the behavior of journey root node methods 2021-08-12 09:51:38 -04:00
lib
routing
support Introduce Journey::Ast to avoid extra ast walks 2021-07-29 16:23:11 -04:00
abstract_unit.rb Let the Action Pack autoload with Zeitwerk 2021-08-21 20:20:23 +02:00