Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Params filters now apply recursively and apply to cgi data

  • Loading branch information...
commit 61a325d9e5c4bd96df8f3bf5e2cbab59ae64a628 1 parent 374a425
Joe Ferris authored
Showing with 39 additions and 9 deletions.
  1. +19 −3 lib/hoptoad_notifier/notice.rb
  2. +20 −6 test/notice_test.rb
View
22 lib/hoptoad_notifier/notice.rb
@@ -237,15 +237,31 @@ def clean_unserializable_data(data)
# TODO: extract this to a different class
def clean_params
clean_unserializable_data_from(:parameters)
+ filter(parameters)
+ if cgi_data
+ clean_unserializable_data_from(:cgi_data)
+ filter(cgi_data)
+ end
+ end
+
+ def filter(hash)
if params_filters
- parameters.keys.each do |key|
- parameters[key] = "[FILTERED]" if params_filters.any? do |filter|
- key.to_s.include?(filter)
+ hash.each do |key, value|
+ if filter_key?(key)
+ hash[key] = "[FILTERED]"
+ elsif value.respond_to?(:to_hash)
+ filter(hash[key])
end
end
end
end
+ def filter_key?(key)
+ params_filters.any? do |filter|
+ key.to_s.include?(filter)
+ end
+ end
+
def find_session_data
self.session_data = args[:session_data] || args[:session] || {}
self.session_data = session_data[:data] if session_data[:data]
View
26 test/notice_test.rb
@@ -142,16 +142,15 @@ def stub_request(attrs = {})
should "convert unserializable objects to strings" do
assert_serializes_hash(:parameters)
+ assert_serializes_hash(:cgi_data)
end
should "filter parameters" do
- filters = %w(abc def)
- params = { 'abc' => "123", 'def' => "456", 'ghi' => "789" }
-
- notice = build_notice(:params_filters => filters, :parameters => params)
+ assert_filters_hash(:parameters)
+ end
- assert_equal({ 'abc' => "[FILTERED]", 'def' => "[FILTERED]", 'ghi' => "789" },
- notice.parameters)
+ should "filter cgi data" do
+ assert_filters_hash(:cgi_data)
end
context "a Notice turned into XML" do
@@ -339,4 +338,19 @@ def assert_valid_notice_document(document)
errors = schema.validate(document)
assert errors.empty?, errors.collect{|e| e.message }.join
end
+
+ def assert_filters_hash(attribute)
+ filters = %w(abc def)
+ original = { 'abc' => "123", 'def' => "456", 'ghi' => "789", 'nested' => { 'abc' => '100' } }
+ filtered = { 'abc' => "[FILTERED]",
+ 'def' => "[FILTERED]",
+ 'ghi' => "789",
+ 'nested' => { 'abc' => '[FILTERED]' } }
+
+ notice = build_notice(:params_filters => filters, attribute => original)
+
+ assert_equal(filtered,
+ notice.send(attribute))
+ end
+
end
Please sign in to comment.
Something went wrong with that request. Please try again.