kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity
rails--rails/actionpack/test/dispatch
History
Aaron Lahey 82fc62ca71
Use static message when raising HTTP request parameter parse errors 
When parsing HTTP request parameters, Rails delegates to a set of parsing
strategies based on the MIME type. If any of these strategies raises an
error Rails rescues it and raises an instance of
`ActionDispatch::Http::Parameters::ParseError` with the same message as
the underlying error.

However, in the presence of malformed JSON, the default parameter parser
for the `application/json` MIME type raises a `JSON:ParserError` with a
message containing the entire malformed JSON string (the request body in
this context). By raising a new error with this same message Rails
inadvertently ends up logging the full HTTP request body at the `fatal`
level. This request body could contain sensitive information or could be
intentionally crafted to be extremely large.

This commit sets the `ActionDispatch::Http::Parameters::ParseError` message
to a static message which mirrors that of the corresponding `debug` log.
2021-08-28 11:56:05 -05:00
..
request Use static message when raising HTTP request parameter parse errors 2021-08-28 11:56:05 -05:00
routing Tweak unreachable assertion tests in the block of assert_raises 2021-08-17 20:33:08 +09:00
session Let the Action Pack autoload with Zeitwerk 2021-08-21 20:20:23 +02:00
system_testing Deprecate :poltergeist, :webkit instead of removing. 2021-07-21 09:52:34 +09:00
actionable_exceptions_test.rb Only allow ActionableErrors if show_detailed_exceptions is enabled 2020-06-17 07:59:57 -07:00
callbacks_test.rb
content_disposition_test.rb Escape # in RFC 5987 pattern 2020-08-31 10:31:30 -04:00
content_security_policy_test.rb Add support for require-trusted-types-for and trusted-types csp headers 2021-05-04 16:54:23 -03:00
cookies_test.rb chore: fix grammar, spelling and minor whitespace fix 2021-04-13 21:35:50 +10:00
debug_exceptions_test.rb Pass log_rescued_responses as environment config 2021-07-19 00:08:30 +01:00
debug_locks_test.rb
exception_wrapper_test.rb Skip logging backtrace when exception is in rescue_responses 2021-06-24 23:04:12 -04:00
executor_test.rb
header_test.rb
host_authorization_test.rb Escape allow list hosts correctly 2021-05-04 15:35:19 -07:00
live_response_test.rb Allow 'private, no-store' Cache-Control header 2021-04-05 14:20:17 +10:00
mapper_test.rb
middleware_stack_test.rb "Middleware#remove" is renamed "Middleware#delete!" 2021-07-25 19:17:30 +09:00
mime_type_test.rb Prevent catastrophic backtracking during mime parsing 2021-05-04 13:49:41 -07:00
mount_test.rb
permissions_policy_test.rb Use Feature-Policy header name for now 2020-11-19 16:08:09 +01:00
prefix_generation_test.rb
rack_cache_test.rb
reloader_test.rb
request_id_test.rb Fix tests with Ruby 3 2020-10-30 02:20:04 +00:00
request_test.rb Set session options when initializing a basic session 2021-06-01 12:27:42 -04:00
response_test.rb Allow 'private, no-store' Cache-Control header 2021-04-05 14:20:17 +10:00
routing_assertions_test.rb chore: fix spelling 2021-04-15 15:49:48 +10:00
routing_test.rb Tweak unreachable assertion tests in the block of assert_raises 2021-08-17 20:33:08 +09:00
runner_test.rb
show_exceptions_test.rb Raise more specific exception for invalid mime type from user-agent 2020-10-07 11:49:56 -04:00
ssl_test.rb quietly handle unknown HTTP methods in Action Dispatch SSL middleware 2020-12-28 07:27:50 -05:00
static_test.rb Allow rails to serve brotli encoded assets 2020-06-01 08:57:02 -07:00
test_request_test.rb
test_response_test.rb
uploaded_file_test.rb
url_generation_test.rb cause rails to correctly place optional path parameters 2021-05-27 18:21:01 -07:00