I'm working on upgrading from Rails 2.3.11 to 3.0.10, and am having trouble converting what is in the ApplicationController
's filter_parameter_logging
. I want to filter both certain parameters, and also filter them if they appear in the value of something like a :referrer
tag.
I can get the regular parameters filtered out in my application.rb
config.filter_parameters += [:password, :oauth, ...]
But what I'm having trouble with is the block that we also pass in filter_parameter_logging. It also filters out the parameters in any value that looks like a url, so something like http://example.com?password=foobar&oauth=123foo&page=2
would be logged as http://example.com?password=[FILTERED]&oauth=[FILTERED]&page=2
. I need a way for rails to both filter the specified params, and also filter only those params out from other values, like in the url above.
Here's what it looked like in filter_parameter_logging:
FILTER_WORDS = %{password oauth email ...}
FILTER_WORDS_REGEX = /#{FILTER_WORDS.join("|")}/i
#Captures param in $1 (would also match things like old_password, new_password), and value in $2
FILTER_WORDS_GSUB_REGEX = /((?:#{FILTER_WORDS.join("|")})[^\/?]*?)(?:=|%3D).*?(&|%26|$)/i
filter_parameter_logging(*FILTER_WORDS) do |k,v|
begin
# Bail immediately if we can
next unless v =~ FILTER_WORDS_REGEX && (v.index("=") || v.index("%3D"))
#Filters out values for params that match
v.gsub!(FILTER_WORDS_GSUB_REGEX) do
"#{$1}=[FILTERED]#{$2}"
end
rescue Exception => e
logger.error e
end
end
Is there a way to make rails filter in this way using config.filter_parameters
in application.rb
? I can't seem to find any good documentation on how to customize filtering in rails 3.
Figured it out. You can pass a lambda statement to config.filter_parameters
, so after I add the parameters to filter, I have this now:
config.filter_parameters << lambda do |k,v|
begin
# Bail immediately if we can
next unless v =~ FILTER_WORDS_REGEX && (v.index("=") || v.index("%3D"))
#Filters out values for params that match
v.gsub!(FILTER_WORDS_GSUB_REGEX) do
"#{$1}=[FILTERED]#{$2}"
end
rescue Exception => e
logger.error e
end
end
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With