Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Custom filtering of parameters in rails 3 using config.filter_parameters

Tags:

ruby

ruby-on-rails

ruby-on-rails-3

rails-3-upgrade

I'm working on upgrading from Rails 2.3.11 to 3.0.10, and am having trouble converting what is in the ApplicationController's filter_parameter_logging. I want to filter both certain parameters, and also filter them if they appear in the value of something like a :referrer tag.

I can get the regular parameters filtered out in my application.rb

config.filter_parameters += [:password, :oauth, ...]

But what I'm having trouble with is the block that we also pass in filter_parameter_logging. It also filters out the parameters in any value that looks like a url, so something like http://example.com?password=foobar&oauth=123foo&page=2 would be logged as http://example.com?password=[FILTERED]&oauth=[FILTERED]&page=2. I need a way for rails to both filter the specified params, and also filter only those params out from other values, like in the url above.

Here's what it looked like in filter_parameter_logging:

FILTER_WORDS = %{password oauth email ...} 
FILTER_WORDS_REGEX = /#{FILTER_WORDS.join("|")}/i

#Captures param in $1 (would also match things like old_password, new_password), and value in $2
FILTER_WORDS_GSUB_REGEX = /((?:#{FILTER_WORDS.join("|")})[^\/?]*?)(?:=|%3D).*?(&|%26|$)/i

filter_parameter_logging(*FILTER_WORDS) do |k,v|
  begin
    # Bail immediately if we can
    next unless v =~ FILTER_WORDS_REGEX && (v.index("=") || v.index("%3D"))

    #Filters out values for params that match
    v.gsub!(FILTER_WORDS_GSUB_REGEX) do
      "#{$1}=[FILTERED]#{$2}"
    end
  rescue Exception => e
    logger.error e
  end
end

Is there a way to make rails filter in this way using config.filter_parameters in application.rb? I can't seem to find any good documentation on how to customize filtering in rails 3.

like image 670
keithepley Avatar asked Sep 30 '11 20:09

keithepley

1 Answers

Figured it out. You can pass a lambda statement to config.filter_parameters, so after I add the parameters to filter, I have this now:

config.filter_parameters << lambda do |k,v|
  begin
    # Bail immediately if we can
    next unless v =~ FILTER_WORDS_REGEX && (v.index("=") || v.index("%3D"))

    #Filters out values for params that match
    v.gsub!(FILTER_WORDS_GSUB_REGEX) do
      "#{$1}=[FILTERED]#{$2}"
    end
  rescue Exception => e
    logger.error e
  end
end
like image 118
keithepley Avatar answered Nov 11 '22 02:11

keithepley
Sign in to Comment

Related questions

ActiveRecord StatementInvalid when getting data with globalize3
Integrating a blog/CMS into a Heroku Rails app
How to implement one vote per user per comment?
Rails 3: Polymorphic liking of Entities by User, how?
Rails 3: User input escaping working differently in views and mailer
How can I get to_json to escape front slashes
Adding a custom input field in formtastic?
How to Unit Test namespaced models
Looking for a good wiki platform for Rails
Notification bar in Ruby on Rails
Rails 3.1 Mountable Engines : How to use/template it inside another application?
internal_error.html with rails 3 app on DreamHost
Delayed_job: Undefined method error on any call
Upgrading from Rails 3.0.9 to Rails 3.1 errors from CanCan
Simulating has_many :through with Mongoid
AssetNotPrecompiledError when using html5-rails gem in production env
Adding an onclick option to link_to method in rails?
Rails session doesn't persist
How to populate a select_tag with an array of hashes?
How to redirect a user after registration when using Devise?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!