Search code examples
ruby-on-railsrubyruby-on-rails-3rails-3-upgrade

Custom filtering of parameters in rails 3 using config.filter_parameters


I'm working on upgrading from Rails 2.3.11 to 3.0.10, and am having trouble converting what is in the ApplicationController's filter_parameter_logging. I want to filter both certain parameters, and also filter them if they appear in the value of something like a :referrer tag.

I can get the regular parameters filtered out in my application.rb

config.filter_parameters += [:password, :oauth, ...]

But what I'm having trouble with is the block that we also pass in filter_parameter_logging. It also filters out the parameters in any value that looks like a url, so something like http://example.com?password=foobar&oauth=123foo&page=2 would be logged as http://example.com?password=[FILTERED]&oauth=[FILTERED]&page=2. I need a way for rails to both filter the specified params, and also filter only those params out from other values, like in the url above.

Here's what it looked like in filter_parameter_logging:

FILTER_WORDS = %{password oauth email ...} 
FILTER_WORDS_REGEX = /#{FILTER_WORDS.join("|")}/i

#Captures param in $1 (would also match things like old_password, new_password), and value in $2
FILTER_WORDS_GSUB_REGEX = /((?:#{FILTER_WORDS.join("|")})[^\/?]*?)(?:=|%3D).*?(&|%26|$)/i

filter_parameter_logging(*FILTER_WORDS) do |k,v|
  begin
    # Bail immediately if we can
    next unless v =~ FILTER_WORDS_REGEX && (v.index("=") || v.index("%3D"))

    #Filters out values for params that match
    v.gsub!(FILTER_WORDS_GSUB_REGEX) do
      "#{$1}=[FILTERED]#{$2}"
    end
  rescue Exception => e
    logger.error e
  end
end

Is there a way to make rails filter in this way using config.filter_parameters in application.rb? I can't seem to find any good documentation on how to customize filtering in rails 3.


Solution

  • Figured it out. You can pass a lambda statement to config.filter_parameters, so after I add the parameters to filter, I have this now:

    config.filter_parameters << lambda do |k,v|
      begin
        # Bail immediately if we can
        next unless v =~ FILTER_WORDS_REGEX && (v.index("=") || v.index("%3D"))
    
        #Filters out values for params that match
        v.gsub!(FILTER_WORDS_GSUB_REGEX) do
          "#{$1}=[FILTERED]#{$2}"
        end
      rescue Exception => e
        logger.error e
      end
    end