Permalink
Browse files

param filtering for exception notification (closes #8432, thanks for …

…the excellent patch!)
  • Loading branch information...
jamis committed Jun 27, 2007
1 parent cf0a564 commit f00c3bf26163b032d924de7d008901a1c7f985a1
@@ -23,6 +23,7 @@
module ExceptionNotifierHelper
VIEW_PATH = "views/exception_notifier"
APP_PATH = "#{RAILS_ROOT}/app/#{VIEW_PATH}"
+ PARAM_FILTER_REPLACEMENT = "[FILTERED]"
def render_section(section)
RAILS_DEFAULT_LOGGER.info("rendering section #{section.inspect}")
@@ -60,4 +61,17 @@ def inspect_value(value)
def object_to_yaml(object)
object.to_yaml.sub(/^---\s*/m, "")
end
+
+ def exclude_raw_post_parameters?
+ @controller && @controller.respond_to?(:filter_parameters)
+ end
+
+ def filter_sensitive_post_data_parameters(parameters)
+ exclude_raw_post_parameters? ? @controller.filter_parameters(parameters) : parameters
+ end
+
+ def filter_sensitive_post_data_from_env(env_key, env_value)
+ return env_value unless exclude_raw_post_parameters?
+ (env_key =~ /RAW_POST_DATA/i) ? PARAM_FILTER_REPLACEMENT : env_value
+ end
end
@@ -0,0 +1,61 @@
+require 'test_helper'
+require 'exception_notifier_helper'
+
+class ExceptionNotifierHelperTest < Test::Unit::TestCase
+
+ class ExceptionNotifierHelperIncludeTarget
+ include ExceptionNotifierHelper
+ end
+
+ def setup
+ @helper = ExceptionNotifierHelperIncludeTarget.new
+ end
+
+ # No controller
+
+ def test_should_not_exclude_raw_post_parameters_if_no_controller
+ assert !@helper.exclude_raw_post_parameters?
+ end
+
+ # Controller, no filtering
+
+ class ControllerWithoutFilterParameters; end
+
+ def test_should_not_filter_env_values_for_raw_post_data_keys_if_controller_can_not_filter_parameters
+ stub_controller(ControllerWithoutFilterParameters.new)
+ assert @helper.filter_sensitive_post_data_from_env("RAW_POST_DATA", "secret").include?("secret")
+ end
+ def test_should_not_exclude_raw_post_parameters_if_controller_can_not_filter_parameters
+ stub_controller(ControllerWithoutFilterParameters.new)
+ assert !@helper.exclude_raw_post_parameters?
+ end
+ def test_should_return_params_if_controller_can_not_filter_parameters
+ stub_controller(ControllerWithoutFilterParameters.new)
+ assert_equal :params, @helper.filter_sensitive_post_data_parameters(:params)
+ end
+
+ # Controller with filtering
+
+ class ControllerWithFilterParameters
+ def filter_parameters(params); :filtered end
+ end
+
+ def test_should_filter_env_values_for_raw_post_data_keys_if_controller_can_filter_parameters
+ stub_controller(ControllerWithFilterParameters.new)
+ assert !@helper.filter_sensitive_post_data_from_env("RAW_POST_DATA", "secret").include?("secret")
+ assert @helper.filter_sensitive_post_data_from_env("SOME_OTHER_KEY", "secret").include?("secret")
+ end
+ def test_should_exclude_raw_post_parameters_if_controller_can_filter_parameters
+ stub_controller(ControllerWithFilterParameters.new)
+ assert @helper.exclude_raw_post_parameters?
+ end
+ def test_should_delegate_param_filtering_to_controller_if_controller_can_filter_parameters
+ stub_controller(ControllerWithFilterParameters.new)
+ assert_equal :filtered, @helper.filter_sensitive_post_data_parameters(:params)
+ end
+
+ private
+ def stub_controller(controller)
+ @helper.instance_variable_set(:@controller, controller)
+ end
+end
View
@@ -0,0 +1,7 @@
+require 'test/unit'
+require 'rubygems'
+require 'active_support'
+
+$:.unshift File.join(File.dirname(__FILE__), '../lib')
+
+RAILS_ROOT = '.' unless defined?(RAILS_ROOT)
@@ -1,6 +1,6 @@
<% max = @request.env.keys.max { |a,b| a.length <=> b.length } -%>
<% @request.env.keys.sort.each do |key| -%>
-* <%= "%*-s: %s" % [max.length, key, @request.env[key].to_s.strip] %>
+* <%= "%*-s: %s" % [max.length, key, filter_sensitive_post_data_from_env(key, @request.env[key].to_s.strip)] %>
<% end -%>
* Process: <%= $$ %>
@@ -1,3 +1,3 @@
* URL: <%= @request.protocol %><%= @host %><%= @request.request_uri %>
-* Parameters: <%= @request.parameters.inspect %>
+* Parameters: <%= filter_sensitive_post_data_parameters(@request.parameters).inspect %>
* Rails root: <%= @rails_root %>

0 comments on commit f00c3bf

Please sign in to comment.