Skip to content
This repository
branch: 4-0-stable
Fetching contributors…

Octocat-spinner-32-eaf2f5

Cannot retrieve contributors at this time

file 79 lines (68 sloc) 2.664 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78
require 'active_support/core_ext/hash/keys'
require 'active_support/core_ext/object/duplicable'
require 'action_dispatch/http/parameter_filter'

module ActionDispatch
  module Http
    # Allows you to specify sensitive parameters which will be replaced from
    # the request log by looking in the query string of the request and all
    # subhashes of the params hash to filter. If a block is given, each key and
    # value of the params hash and all subhashes is passed to it, the value
    # or key can be replaced using String#replace or similar method.
    #
    # env["action_dispatch.parameter_filter"] = [:password]
    # => replaces the value to all keys matching /password/i with "[FILTERED]"
    #
    # env["action_dispatch.parameter_filter"] = [:foo, "bar"]
    # => replaces the value to all keys matching /foo|bar/i with "[FILTERED]"
    #
    # env["action_dispatch.parameter_filter"] = lambda do |k,v|
    # v.reverse! if k =~ /secret/i
    # end
    # => reverses the value to all keys matching /secret/i
    module FilterParameters
      ENV_MATCH = [/RAW_POST_DATA/, "rack.request.form_vars"] # :nodoc:
      NULL_PARAM_FILTER = ParameterFilter.new # :nodoc:
      NULL_ENV_FILTER = ParameterFilter.new ENV_MATCH # :nodoc:

      def initialize(env)
        super
        @filtered_parameters = nil
        @filtered_env = nil
        @filtered_path = nil
      end

      # Return a hash of parameters with all sensitive data replaced.
      def filtered_parameters
        @filtered_parameters ||= parameter_filter.filter(parameters)
      end

      # Return a hash of request.env with all sensitive data replaced.
      def filtered_env
        @filtered_env ||= env_filter.filter(@env)
      end

      # Reconstructed a path with all sensitive GET parameters replaced.
      def filtered_path
        @filtered_path ||= query_string.empty? ? path : "#{path}?#{filtered_query_string}"
      end

    protected

      def parameter_filter
        parameter_filter_for @env.fetch("action_dispatch.parameter_filter") {
          return NULL_PARAM_FILTER
        }
      end

      def env_filter
        user_key = @env.fetch("action_dispatch.parameter_filter") {
          return NULL_ENV_FILTER
        }
        parameter_filter_for(Array(user_key) + ENV_MATCH)
      end

      def parameter_filter_for(filters)
        ParameterFilter.new(filters)
      end

      KV_RE = '[^&;=]+'
      PAIR_RE = %r{(#{KV_RE})=(#{KV_RE})}
      def filtered_query_string
        query_string.gsub(PAIR_RE) do |_|
          parameter_filter.filter([[$1, $2]]).first.join("=")
        end
      end
    end
  end
end
Something went wrong with that request. Please try again.