Ticket #8432: exception_notification_with_param_logging.diff

test/test_helper.rb

@@ +1 @@
+require 'test/unit'
+require 'rubygems'
+require 'active_support'
+
+$:.unshift File.join(File.dirname(__FILE__), '../lib')
+
+RAILS_ROOT = '.' unless defined?(RAILS_ROOT)

test/exception_notifier_helper_test.rb

@@ +1 @@
+require 'test_helper'
+require 'exception_notifier_helper'
+
+class ExceptionNotifierHelperTest < Test::Unit::TestCase
+
+  class ExceptionNotifierHelperIncludeTarget
+    attr_writer :exclude_raw_post_parameters
+    include ExceptionNotifierHelper
+  end
+
+  def setup
+    @helper = ExceptionNotifierHelperIncludeTarget.new
+  end
+
+  # No controller
+  
+  def test_should_not_exclude_raw_post_parameters_if_no_controller
+    assert !@helper.exclude_raw_post_parameters?
+  end
+  
+  # Controller, no filtering
+  
+  class ControllerWithoutFilterParameters; end
+
+  def test_should_not_filter_env_values_for_raw_post_data_keys_if_controller_can_not_filter_parameters
+    stub_controller(ControllerWithoutFilterParameters.new)
+    assert @helper.filter_sensitive_post_data_from_env("RAW_POST_DATA", "secret").include?("secret")
+  end
+  def test_should_not_exclude_raw_post_parameters_if_controller_can_not_filter_parameters
+    stub_controller(ControllerWithoutFilterParameters.new)
+    assert !@helper.exclude_raw_post_parameters?    
+  end
+  def test_should_return_params_if_controller_can_not_filter_parameters
+    stub_controller(ControllerWithoutFilterParameters.new)
+    assert_equal :params, @helper.filter_sensitive_post_data_parameters(:params)
+  end
+
+  # Controller with filtering
+
+  class ControllerWithFilterParameters
+    def filter_parameters(params); :filtered end
+  end
+
+  def test_should_filter_env_values_for_raw_post_data_keys_if_controller_can_filter_parameters
+    stub_controller(ControllerWithFilterParameters.new)
+    assert !@helper.filter_sensitive_post_data_from_env("RAW_POST_DATA", "secret").include?("secret")
+    assert @helper.filter_sensitive_post_data_from_env("SOME_OTHER_KEY", "secret").include?("secret")
+  end
+  def test_should_exclude_raw_post_parameters_if_controller_can_filter_parameters
+    stub_controller(ControllerWithFilterParameters.new)
+    assert @helper.exclude_raw_post_parameters?
+  end
+  def test_should_delegate_param_filtering_to_controller_if_controller_can_filter_parameters
+    stub_controller(ControllerWithFilterParameters.new)
+    assert_equal :filtered, @helper.filter_sensitive_post_data_parameters(:params)
+  end
+  
+  private
+    def stub_controller(controller)
+      @helper.instance_variable_set(:@controller, controller)
+    end
+end

lib/exception_notifier_helper.rb

@@ -23 +23 @@
-module ExceptionNotifierHelper
-  VIEW_PATH = "views/exception_notifier"
-  APP_PATH = "#{RAILS_ROOT}/app/#{VIEW_PATH}"
+  PARAM_FILTER_REPLACEMENT = "[FILTERED]"
-
-  def render_section(section)
-    RAILS_DEFAULT_LOGGER.info("rendering section #{section.inspect}")
@@ -60 +61 @@
-  def object_to_yaml(object)
-    object.to_yaml.sub(/^---\s*/m, "")
-  end
+
+  def exclude_raw_post_parameters?
+    @controller && @controller.respond_to?(:filter_parameters)
+  end
+  
+  def filter_sensitive_post_data_parameters(parameters)
+    exclude_raw_post_parameters? ? @controller.filter_parameters(parameters) : parameters
+  end
+  
+  def filter_sensitive_post_data_from_env(env_key, env_value)
+    return env_value unless exclude_raw_post_parameters?
+    (env_key =~ /RAW_POST_DATA/i) ? PARAM_FILTER_REPLACEMENT : env_value
+  end
-end

views/exception_notifier/_environment.rhtml

@@ -1 +1 @@
-<% max = @request.env.keys.max { |a,b| a.length <=> b.length } -%>
-<% @request.env.keys.sort.each do |key| -%>
-@request.env[key].to_s.strip
+filter_sensitive_post_data_from_env(key, @request.env[key].to_s.strip)
-<% end -%>
-
-* Process: <%= $$ %>

views/exception_notifier/_request.rhtml

@@ -1 +1 @@
-* URL: <%= @request.protocol %><%= @host %><%= @request.request_uri %>
-@request.parameters
+filter_sensitive_post_data_parameters(@request.parameters)
-* Rails root: <%= @rails_root %>