Add an option to disable logging for jobs with sensitive arguments #37660
Conversation
rafaelfranca
force-pushed
the
rm-add-way-to-disable-argument-logging-jobs
branch
3 times, most recently
from
25a034b
to
ab8eab1
Compare
| @@ -77,6 +77,8 @@ def queue_name(event) | |||
| end | |||
|
|
|||
| def args_info(job) | |||
| return "" if job.arguments_logging_disabled? | |||
|
|
|||
| if job.arguments.any? | |||
There was a problem hiding this comment.
What about flipping to job.log_arguments? and use it as if job.log_arguments? && job.arguments.any??
|
Ahhh, it was in the issue you linked to 👍. I don't like that users would have to remember to disable logging for each new job that happens to have sensitive data in there, but I guess there's not much to do about that. Unless we can somehow regex the password/token digest format and auto-disable logging in that case? Not sure if that's worth it. |
rafaelfranca
force-pushed
the
rm-add-way-to-disable-argument-logging-jobs
branch
from
ab8eab1
to
8e8f735
Compare
The problem is, what is a password format. I think we can be very effective on that path.
I don't like that as well, but I changed the implementation a little bit, now we can for example default that to |
Hm, yeah, that's not super great either. But it's better to have the option for this case. |
class SensitiveJob < ApplicationJob
self.log_arguments = false
def perform(my_sensitive_argument)
end
end
When dealing with sensitive arugments as password and tokens it is
now possible to configure the job to not put the sensitive argument
in the logs.
Closes #34438.
rafaelfranca
force-pushed
the
rm-add-way-to-disable-argument-logging-jobs
branch
from
8e8f735
to
ce085f6
Compare
`log_arguments` class boolean attribute introduced in rails#37660 allows to disable all the logs. This commit implements an additional way to avoid leaking sensitive values by introducing another class attribute named `filter_arguments`. By default, it is set to `Rails.application.config.filter_parameters` which is commonly used to filter sensitive data. There is one caveat though. My proposition works only with hashes as it is kinda hard to provide a bullet proof mechanism for all possible cases. On the other hand, based on my experience, hashes are commonly used as jobs' arguments. This is my first contribution to Rails framework, so I am open to every suggestion. Thank you in advance.
Rails 6.1.0 introduced an option for disabling logging of job arguments in ActiveJob[1][2]. This change makes the ActiveJob plugin aware of this config option and scrubs all arguments if we're dealing with a sensitive job. [1]: https://github.com/rails/rails/releases/tag/v6.1.0 [2]: rails/rails#37660
…nts (#1059) Rails 6.1.0 introduced an option for disabling logging of job arguments in ActiveJob[1][2]. This change makes the ActiveJob plugin aware of this config option and scrubs all arguments if we're dealing with a sensitive job. [1]: https://github.com/rails/rails/releases/tag/v6.1.0 [2]: rails/rails#37660
When dealing with sensitive arguments as password and tokens it is now possible to configure the job to not put the sensitive argument in the logs.
Closes #34438.