Rails: ParameterFilter::compiled_filter tries to dup symbol

Question

I'm running rails3 with rails exception-notifier gem. When an exception occurs, and an email should be sent, I'm getting an exception from the ParameterFilter class. I've found the problem in the rails source, and am not sure the best way to proceed.

The problem occurs in ActionDispatch::Http::ParameterFilter. In the compiled_filter method, an error occurs on line 38: key = key.dup when key is a symbol, because symbols are not duplicable. Here is the source:

def compiled_filter
    ...
    elsif blocks.present?
        key = key.dup
        value = value.dup if value.duplicable?
        blocks.each { |b| b.call(key, value) }
    end

I see that they only call dup on value when it is duplicable. If I patch the source to only call dup on key when key is duplicable, then my problem goes away. I'm assuming there is a reason why the author put that condition on value and not key, so I'm curious if someone out there has a better understanding of this code.

This error only occurs when you add a block to your filter params in application.rb. So, maybe there is a workaround for my original issue that does not require using a block here. If you're interested see my coworker's question Rails: Filter sensitive data in JSON parameter from logs

The key for which this is a problem is :action. This comes from rails and I don't know if there is any way to force it to be a string instead.

I filed a rails bug https://rails.lighthouseapp.com/projects/8994/tickets/6557-symbol-duplication-error-in-parameterfilter-compiled_filter and I have a patch ready that adds if key.duplicable? to the key.dup line, I'm looking for input on whether or not that is the right solution.

Answer 1

This looks like a bug in Rails. Either the key should be a string rather than a symbol, or the dup should be protected by duplicable?.

You should file a bug at https://rails.lighthouseapp.com/, including a minimal test case if possible.