Permalink
Browse files

wip: fixing rails3 filter_params and applying params filters to sessi…

…on hash
  • Loading branch information...
1 parent 74ba53c commit 69f406cff1f8da7bdeb2d507794562dadddce496 @jasonm jasonm committed Jun 24, 2010
View
@@ -342,7 +342,7 @@ To replace sensitive information sent to the Hoptoad service with [FILTERED] use
end
Note that, when rescuing exceptions within an ActionController method,
-hoptoad_notifier will reuse filters specified by #filter_params_logging.
+hoptoad_notifier will reuse filters specified by #filter_parameter_logging.
== Testing
@@ -121,3 +121,77 @@ Feature: Install the Gem in a Rails application
"""
config.api_key = ENV['HOPTOAD_API_KEY']
"""
+
+ Scenario: Filtering parameters in a controller
+ When I generate a new Rails application
+ And I configure the Hoptoad shim
+ And I configure my application to require the "hoptoad_notifier" gem
+ And I run the hoptoad generator with "-k myapikey"
+ When I configure the notifier to use the following configuration lines:
+ """
+ config.api_key = "myapikey"
+ config.params_filters << "credit_card_number"
+ """
+ And I define a response for "TestController#index":
+ """
+ params[:credit_card_number] = "red23"
+ raise RuntimeError, "some message"
+ """
+ And I route "/test/index" to "test#index"
+ And I perform a request to "http://example.com:123/test/index?param=value"
+ Then I should receive the following Hoptoad notification:
+ | component | test |
+ | action | index |
+ | error message | RuntimeError: some message |
+ | error class | RuntimeError |
+ | parameters | credit_card_number: [FILTERED] |
+ | url | http://example.com:123/test/index?param=value |
+
+ Scenario: Filtering session in a controller
+ When I generate a new Rails application
+ And I configure the Hoptoad shim
+ And I configure my application to require the "hoptoad_notifier" gem
+ And I run the hoptoad generator with "-k myapikey"
+ When I configure the notifier to use the following configuration lines:
+ """
+ config.api_key = "myapikey"
+ config.params_filters << "secret"
+ """
+ And I define a response for "TestController#index":
+ """
+ session["secret"] = "blue42"
+ raise RuntimeError, "some message"
+ """
+ And I route "/test/index" to "test#index"
+ And I perform a request to "http://example.com:123/test/index?param=value"
+ Then I should receive the following Hoptoad notification:
+ | component | test |
+ | action | index |
+ | error message | RuntimeError: some message |
+ | error class | RuntimeError |
+ | session | secret: [FILTERED] |
+ | url | http://example.com:123/test/index?param=value |
+
+ @wip
+ Scenario: Filtering session and params based on Rails parameter filters
+ When I generate a new Rails application
+ And I configure the Hoptoad shim
+ And I configure my application to require the "hoptoad_notifier" gem
+ And I run the hoptoad generator with "-k myapikey"
+ And I configure the application to filter parameter "secret"
+ And I define a response for "TestController#index":
+ """
+ params["secret"] = "red23"
+ session["secret"] = "blue42"
+ raise RuntimeError, "some message"
+ """
+ And I route "/test/index" to "test#index"
+ And I perform a request to "http://example.com:123/test/index?param=value"
+ Then I should receive the following Hoptoad notification:
+ | component | test |
+ | action | index |
+ | error message | RuntimeError: some message |
+ | error class | RuntimeError |
+ | params | secret: [FILTERED] |
+ | session | secret: [FILTERED] |
+ | url | http://example.com:123/test/index?param=value |
@@ -1,4 +1,5 @@
require 'uri'
+require 'active_support/core_ext/string/inflections'
When /^I generate a new Rails application$/ do
@terminal.cd(TEMP_DIR)
@@ -90,6 +91,38 @@
end
When /^I configure the notifier to use "([^\"]*)" as an API key$/ do |api_key|
+ # if rails_manages_gems?
+ # requires = ''
+ # else
+ # requires = "require 'hoptoad_notifier'"
+ # end
+
+ # initializer_code = <<-EOF
+ # #{requires}
+ # HoptoadNotifier.configure do |config|
+ # config.api_key = #{api_key.inspect}
+ # end
+ # EOF
+
+ # if rails_supports_initializers?
+ # File.open(rails_initializer_file, 'w') { |file| file.write(initializer_code) }
+ # else
+ # File.open(environment_path, 'a') do |file|
+ # file.puts
+ # file.puts initializer_code
+ # end
+ # end
+
+ steps %{
+ When I configure the notifier to use the following configuration lines:
+ """
+ config.api_key = #{api_key.inspect}
+ """
+ }
+ config.params_filters << "credit_card_number"
+end
+
+When /^I configure the notifier to use the following configuration lines:$/ do |configuration_lines|
if rails_manages_gems?
requires = ''
else
@@ -99,7 +132,7 @@
initializer_code = <<-EOF
#{requires}
HoptoadNotifier.configure do |config|
- config.api_key = #{api_key.inspect}
+ #{configuration_lines}
end
EOF
@@ -111,6 +144,7 @@
file.puts initializer_code
end
end
+
end
def rails_initializer_file
@@ -307,3 +341,40 @@ def initialize(*args)
When /^I configure the Heroku rake shim$/ do
@terminal.invoke_heroku_rake_tasks_locally = true
end
+
+When /^I configure the application to filter parameter "([^\"]*)"$/ do |parameter|
+ if rails3?
+ # insert_line_in_file(:filename => application_filename,
+ # :after => /Application/,
+ # :line => " config.filter_parameters += [#{parameter.inspect}]")
+
+ application_filename = File.join(RAILS_ROOT, 'config', 'application.rb')
+ application_lines = File.open(application_filename).readlines
+
+ application_definition_line = application_lines.detect { |line| line =~ /Application/ }
+ application_definition_line_index = application_lines.index(application_definition_line)
+
+ application_lines.insert(application_definition_line_index + 1,
+ " config.filter_parameters += [#{parameter.inspect}]")
+
+ File.open(application_filename, "w") do |file|
+ file.puts application_lines.join("\n")
+ end
+
+# 114: ActiveSupport::Deprecation.warn("Setting filter_parameter_logging in ActionController is deprecated and has no longer effect, please set 'config.filter_parameters' in config/application.rb instead", caller)
+
+ else
+ controller_filename = File.join(RAILS_ROOT, 'app', 'controllers', "application_controller.rb")
+ controller_lines = File.open(controller_filename).readlines
+
+ controller_definition_line = controller_lines.detect { |line| line =~ /ApplicationController/ }
+ controller_definition_line_index = controller_lines.index(controller_definition_line)
+
+ controller_lines.insert(controller_definition_line_index + 1,
+ " filter_parameter_logging #{parameter.inspect}")
+
+ File.open(controller_filename, "w") do |file|
+ file.puts controller_lines.join("\n")
+ end
+ end
+end
@@ -249,6 +249,7 @@ def clean_params
end
if session_data
clean_unserializable_data_from(:session_data)
+ filter(session_data)
end
end
@@ -266,7 +267,7 @@ def filter(hash)
def filter_key?(key)
params_filters.any? do |filter|
- key.to_s.include?(filter)
+ key.to_s.include?(filter.to_s)
end
end
@@ -1,4 +1,16 @@
module HoptoadNotifier
+
+ if defined? ActionDispatch::Http::FilterParameters
+ class FilterableHash < Hash
+ include ActionDispatch::Http::FilterParameters
+
+ def filter_for_request(request)
+ @env = request.env
+ process_parameter_filter(self)
+ end
+ end
+ end
+
module Rails
module ControllerMethods
private
@@ -19,19 +31,48 @@ def hoptoad_ignore_user_agent? #:nodoc:
def hoptoad_request_data
{ :parameters => hoptoad_filter_if_filtering(params.to_hash),
- :session_data => hoptoad_session_data,
+ :session_data => hoptoad_filter_if_filtering(hoptoad_session_data),
:controller => params[:controller],
:action => params[:action],
:url => hoptoad_request_url,
:cgi_data => hoptoad_filter_if_filtering(request.env) }
end
def hoptoad_filter_if_filtering(hash)
+ puts "*"*80
+ puts "Filtering:"
+ p hash
+ puts "*"*80
+
+ return hash if ! hash.is_a?(Hash)
+
+ # if respond_to?(:filter_parameters)
+ # puts "*"*80
+ # puts "Filtering hash:"
+ # p hash
+ # retval = filter_parameters(hash) rescue hash
+ # puts "Got result:"
+ # p retval
+ # puts "*"*80
+
+ # filter_parameters(hash) rescue hash
+ # else
+ # hash
+ # end
+
if respond_to?(:filter_parameters)
- filter_parameters(hash) rescue hash
+ retval = filter_parameters(hash) rescue hash
+ elsif defined? ActionDispatch::Http::FilterParameters
+ puts "And filtering it"
+ retval = FilterableHash[hash].filter_for_request(request) rescue hash
+ puts "And returning:"
+ p retval
+ retval
else
+ puts "Not filtering it"
hash
end
+
end
def hoptoad_session_data
@@ -239,20 +239,25 @@ def process_action_with_automatic_notification(args = {})
assert_sent_request_info_for controller.request
end
- should "use standard rails logging filters on params and env" do
+ should "use standard rails logging filters on params and session and env" do
filtered_params = { "abc" => "123",
"def" => "456",
"ghi" => "[FILTERED]" }
+ filtered_session = { "abc" => "123",
+ "ghi" => "[FILTERED]" }
ENV['ghi'] = 'abc'
filtered_env = { 'ghi' => '[FILTERED]' }
filtered_cgi = { 'REQUEST_METHOD' => '[FILTERED]' }
process_action_with_automatic_notification(:filters => [:ghi, :request_method],
:params => { "abc" => "123",
"def" => "456",
- "ghi" => "789" })
+ "ghi" => "789" },
+ :session => { "abc" => "123",
+ "ghi" => "789" })
assert_sent_hash filtered_params, '/notice/request/params'
assert_sent_hash filtered_cgi, '/notice/request/cgi-data'
+ assert_sent_hash filtered_session, '/notice/request/session'
end
context "for a local error with development lookup enabled" do
View
@@ -164,6 +164,10 @@ def stub_request(attrs = {})
assert_filters_hash(:cgi_data)
end
+ should "filter session" do
+ assert_filters_hash(:session_data)
+ end
+
context "a Notice turned into XML" do
setup do
HoptoadNotifier.configure do |config|
@@ -423,7 +427,7 @@ def assert_valid_notice_document(document)
end
def assert_filters_hash(attribute)
- filters = %w(abc def)
+ filters = ["abc", :def]
original = { 'abc' => "123", 'def' => "456", 'ghi' => "789", 'nested' => { 'abc' => '100' } }
filtered = { 'abc' => "[FILTERED]",
'def' => "[FILTERED]",

0 comments on commit 69f406c

Please sign in to comment.