Ruby on Rails | Screencasts | Download | Documentation | Weblog | Community | Source

Changeset 4200

Show
Ignore:
Timestamp:
04/07/06 22:26:25 (3 years ago)
Author:
david
Message:

Added ActionController.filter_parameter_logging that makes it easy to remove passwords, credit card numbers, and other sensitive information from being logged when a request is handled #1897 [jeremye@bsa.ca.gov]

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/actionpack/CHANGELOG

    r4189 r4200  
     1*SVN* 
     2 
     3* Added ActionController.filter_parameter_logging that makes it easy to remove passwords, credit card numbers, and other sensitive information from being logged when a request is handled #1897 [jeremye@bsa.ca.gov] 
     4 
     5 
    16*1.12.1* (April 6th, 2005) 
    27 

  • trunk/actionpack/lib/action_controller/base.rb

    r4157 r4200  
    367367        write_inheritable_attribute(:hidden_actions, hidden_actions | names.collect { |n| n.to_s }) 
    368368      end 
     369       
     370      # Replace sensitive paramater data from the request log. 
     371      # Filters paramaters that have any of the arguments as a substring. 
     372      # Looks in all subhashes of the param hash for keys to filter. 
     373      # If a block is given, each key and value of the paramater hash and all 
     374      # subhashes is passed to it, the value or key 
     375      # can be replaced using String#replace or similar method. 
     376      # 
     377      # Examples: 
     378      #   filter_parameter_logging 
     379      #   => Does nothing, just slows the logging process down 
     380      # 
     381      #   filter_parameter_logging :password 
     382      #   => replaces the value to all keys matching /password/i with "[FILTERED]" 
     383      # 
     384      #   filter_parameter_logging :foo, "bar" 
     385      #   => replaces the value to all keys matching /foo|bar/i with "[FILTERED]" 
     386      # 
     387      #   filter_parameter_logging { |k,v| v.reverse! if k =~ /secret/i } 
     388      #   => reverses the value to all keys matching /secret/i 
     389      # 
     390      #   filter_parameter_logging(:foo, "bar") { |k,v| v.reverse! if k =~ /secret/i } 
     391      #   => reverses the value to all keys matching /secret/i, and  
     392      #      replaces the value to all keys matching /foo|bar/i with "[FILTERED]" 
     393      def filter_parameter_logging(*filter_words, &block) 
     394        parameter_filter = Regexp.new(filter_words.collect{ |s| s.to_s }.join('|'), true) if filter_words.length > 0 
     395 
     396        define_method(:filter_parameters) do |unfiltered_parameters| 
     397          filtered_parameters = {} 
     398 
     399          unfiltered_parameters.each do |key, value| 
     400            if key =~ parameter_filter 
     401              filtered_parameters[key] = '[FILTERED]' 
     402            elsif value.is_a?(Hash) 
     403              filtered_parameters[key] = filter_parameters(value)  
     404            elsif block_given? 
     405              key, value = key.dup, value.dup 
     406              yield key, value 
     407              filtered_parameters[key] = value 
     408            else  
     409              filtered_parameters[key] = value 
     410            end 
     411          end 
     412 
     413          filtered_parameters 
     414        end 
     415      end 
    369416    end 
    370417 
     
    902949          logger.info "\n\nProcessing #{controller_class_name}\##{action_name} (for #{request_origin}) [#{request.method.to_s.upcase}]" 
    903950          logger.info "  Session ID: #{@session.session_id}" if @session and @session.respond_to?(:session_id) 
    904           logger.info "  Parameters: #{@params.inspect}" 
     951          logger.info "  Parameters: #{respond_to?(:filter_parameters) ? filter_parameters(@params).inspect : @params.inspect}" 
    905952        end 
    906953      end