New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Parameter filter logic for Honeybadger is different from Rails #178
Comments
@jasonkim yep, looks like you're right. It would be ideal if our filters behaved the same way as Rails'; I'll have to think about the implications of making a change. |
One solution to this could be to separate the Rails filters from ours; if Rails filters are available then we would use an instance of |
Yeah, I guess I don't really understand the implications of converting everything into regex. Whether that'll cause something unexpected, at least for me, is unknown. If that was possible, it's pretty simple to change it in the initializer. I would, at some point, deprecate string matching and go with regex only as it should be more robust (like any field called [something]_password should never be exposed). You can also emulate string match with regex by matching on first/last chars. |
Sounds good; agreed on your suggestion to eventually do regexp conversion (I'll think about that some more). I'll plan to move to |
For string filters, Honeybadger will use string comparison, whereas Rails will convert it into regexp and compare using regex.
In Honeybadger, see line
https://github.com/honeybadger-io/honeybadger-ruby/blob/master/lib/honeybadger/util/sanitizer.rb#L128
In Rails, see lines 24-44 in https://github.com/rails/rails/blob/master/actionpack/lib/action_dispatch/http/parameter_filter.rb#L24
More specifically, this action dispatch code converts it into regexp
Let me know if you need more information or if I misunderstood something.
The text was updated successfully, but these errors were encountered: