Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Manually filter parameters in Rails

Tags:

ruby-on-rails

How would I go about manually filtering a hash using my application's parameter filter?

I imagine it'd go like this:

Rails.application.filter :password => 'pass1234'   # => {:password => '[FILTERED]'}

EDIT (clarification): I'm aware that Rails filters the params hash when writing to the logs. What I want to do is apply that same filter to a different hash at my prerogative before writing it to the logs with something like Rails.logger.info. I'm calling a remote HTTP query as a part of my application (since most of the backend operates through a remote API), and I'm logging the URL and parameters passed. I want to have the logs but also ensure that none of the sensitive params show up there.

like image 537
Steven Avatar asked May 27 '11 12:05

Steven

People also ask

What are the parameters of a filter?

Parameter filters are used to limit or restrict the input values or data that can be specified for a model tool parameter. For example, a Value List filter can be used so that only values from a list can be specified for the parameter.

What is log filtering in rails?

Rails has built in log filtering so you don't log passwords and credit cards. Works great for that but when you want to trigger a custom log (like to email) and send your own params or other data along with it, the parameters are obviously not auto-filtered.

2 Answers

After a few minutes of shotgunning it, I figured out this was the way to do it:

filters = Rails.application.config.filter_parameters f = ActionDispatch::Http::ParameterFilter.new filters f.filter :password => 'haha' # => {:password=>"[FILTERED]"}
like image 104
Steven Avatar answered Oct 05 '22 07:10

Steven

See the config/application.rb file, towards the end there is a line:

config.filter_parameters += [:password]

This way the "password" param will not be shown in logs, but you can still access the value normally.

Edit

It seem that have misunderstood your meaning of "filter" originally. As for the clarified issue, I have no idea on how to handle it the truly Rails way.

Here is a brute force approach:

  1. Parse the query with CGI::parse(URI.parse(my_url_address_with_params).query) to get a hash of param/values (note: values are actually stored as an array; here is the discussion).
  2. Locate the parameters you want to filter out and replace values with literal *filtered*.
  3. Call Rails.logger.info (or debug) directly to log.

Here is what you should dig into when relying on Rails magical classes and methods:

In Rails 3 the code that does the trick seems to live in ActionDispatch::Http (ParameterFilter in particular, method `filtered_parameters'). The documentation is available at API Dock (or, to be honest, very little documentation). You can examine the sources to get an idea of how this works.

My knowledge of Rails internals is not good enough to suggest anything else. I believe that someone with a better understanding of it might be of more help.

like image 22
Miki Avatar answered Oct 05 '22 06:10

Miki
Sign in to Comment

Related questions

Rails - Get the current week's and month's start and end dates
How does ruby on rails work?
How do I set up a session value in Capybara?
Rails joins through association
Cloning a record in rails, is it possible to clone associations and deep copy?
A html string is escaped in haml file
How Do I Loop Through a Date Range in Reverse?
How to test the response code with Capybara + Selenium
Inserting Headers and Footers in Ruby on Rails web application?
How do I get the host and port in a Rails application
Multiline I18n in Rails 3
Why does Rails 4 scaffold create json.jbuilder files?
How do I set up a kind of "belongs_to :through" association without a direct belongs_to?
Need help to understand :source_type option of has_one/has_many through of Rails
polling with delayed_job
Merge two ActiveRecord arrays and order by created_at
Rails config.assets.precompile setting to process all CSS and JS files in app/assets
require_tree argument must be a directory in a Rails 5 upgraded app
Helper Devise: could not find the `Warden::Proxy` instance on request environment
In rails how can I delegate to a class method

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!