-
Notifications
You must be signed in to change notification settings - Fork 21.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add an option to disable logging for jobs with sensitive arguments #37660
Add an option to disable logging for jobs with sensitive arguments #37660
Conversation
25a034b
to
ab8eab1
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm fine with it, but I thought we already had ported over the parameter filters to also be able to filter out sensitive Active Job args? Or maybe I'm thinking of another case where we ported them?
@@ -77,6 +77,8 @@ def queue_name(event) | |||
end | |||
|
|||
def args_info(job) | |||
return "" if job.arguments_logging_disabled? | |||
|
|||
if job.arguments.any? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What about flipping to job.log_arguments?
and use it as if job.log_arguments? && job.arguments.any?
?
Ahhh, it was in the issue you linked to 👍. I don't like that users would have to remember to disable logging for each new job that happens to have sensitive data in there, but I guess there's not much to do about that. Unless we can somehow regex the password/token digest format and auto-disable logging in that case? Not sure if that's worth it. |
ab8eab1
to
8e8f735
Compare
The problem is, what is a password format. I think we can be very effective on that path.
I don't like that as well, but I changed the implementation a little bit, now we can for example default that to |
Hm, yeah, that's not super great either. But it's better to have the option for this case. |
class SensitiveJob < ApplicationJob self.log_arguments = false def perform(my_sensitive_argument) end end When dealing with sensitive arugments as password and tokens it is now possible to configure the job to not put the sensitive argument in the logs. Closes #34438.
8e8f735
to
ce085f6
Compare
`log_arguments` class boolean attribute introduced in rails#37660 allows to disable all the logs. This commit implements an additional way to avoid leaking sensitive values by introducing another class attribute named `filter_arguments`. By default, it is set to `Rails.application.config.filter_parameters` which is commonly used to filter sensitive data. There is one caveat though. My proposition works only with hashes as it is kinda hard to provide a bullet proof mechanism for all possible cases. On the other hand, based on my experience, hashes are commonly used as jobs' arguments. This is my first contribution to Rails framework, so I am open to every suggestion. Thank you in advance.
Rails 6.1.0 introduced an option for disabling logging of job arguments in ActiveJob[1][2]. This change makes the ActiveJob plugin aware of this config option and scrubs all arguments if we're dealing with a sensitive job. [1]: https://github.com/rails/rails/releases/tag/v6.1.0 [2]: rails/rails#37660
…nts (#1059) Rails 6.1.0 introduced an option for disabling logging of job arguments in ActiveJob[1][2]. This change makes the ActiveJob plugin aware of this config option and scrubs all arguments if we're dealing with a sensitive job. [1]: https://github.com/rails/rails/releases/tag/v6.1.0 [2]: rails/rails#37660
When dealing with sensitive arguments as password and tokens it is now possible to configure the job to not put the sensitive argument in the logs.
Closes #34438.