edge badge

Allows you to specify sensitive parameters which will be replaced from the request log by looking in the query string of the request and all sub-hashes of the params hash to filter. If a block is given, each key and value of the params hash and all sub-hashes is passed to it, the value or key can be replaced using String#replace or similar method.

env["action_dispatch.parameter_filter"] = [:password]
=> replaces the value to all keys matching /password/i with "[FILTERED]"

env["action_dispatch.parameter_filter"] = [:foo, "bar"]
=> replaces the value to all keys matching /foo|bar/i with "[FILTERED]"

env["action_dispatch.parameter_filter"] = lambda do |k,v|
  v.reverse! if k =~ /secret/i
end
=> reverses the value to all keys matching /secret/i
Methods
E
F
N
P
Constants
ENV_MATCH = [/RAW_POST_DATA/, "rack.request.form_vars"]
 
NULL_PARAM_FILTER = ParameterFilter.new
 
NULL_ENV_FILTER = ParameterFilter.new ENV_MATCH
 
KV_RE = '[^&;=]+'
 
PAIR_RE = %r{(#{KV_RE})=(#{KV_RE})}
 
Class Public methods
new(env)
# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 28
def initialize(env)
  super
  @filtered_parameters = nil
  @filtered_env        = nil
  @filtered_path       = nil
end
Instance Public methods
filtered_env()

Return a hash of request.env with all sensitive data replaced.

# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 41
def filtered_env
  @filtered_env ||= env_filter.filter(@env)
end
filtered_parameters()

Return a hash of parameters with all sensitive data replaced.

# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 36
def filtered_parameters
  @filtered_parameters ||= parameter_filter.filter(parameters)
end
filtered_path()

Reconstructed a path with all sensitive GET parameters replaced.

# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 46
def filtered_path
  @filtered_path ||= query_string.empty? ? path : "#{path}?#{filtered_query_string}"
end
Instance Protected methods
env_filter()
# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 58
def env_filter
  user_key = @env.fetch("action_dispatch.parameter_filter") {
    return NULL_ENV_FILTER
  }
  parameter_filter_for(Array(user_key) + ENV_MATCH)
end
filtered_query_string()
# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 71
def filtered_query_string
  query_string.gsub(PAIR_RE) do |_|
    parameter_filter.filter([[$1, $2]]).first.join("=")
  end
end
parameter_filter()
# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 52
def parameter_filter
  parameter_filter_for @env.fetch("action_dispatch.parameter_filter") {
    return NULL_PARAM_FILTER
  }
end
parameter_filter_for(filters)
# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 65
def parameter_filter_for(filters)
  ParameterFilter.new(filters)
end