edge badge

Allows you to specify sensitive parameters which will be replaced from the request log by looking in the query string of the request and all subhashes of the params hash to filter. If a block is given, each key and value of the params hash and all subhashes is passed to it, the value or key can be replaced using String#replace or similar method.

env["action_dispatch.parameter_filter"] = [:password]
=> replaces the value to all keys matching /password/i with "[FILTERED]"

env["action_dispatch.parameter_filter"] = [:foo, "bar"]
=> replaces the value to all keys matching /foo|bar/i with "[FILTERED]"

env["action_dispatch.parameter_filter"] = lambda do |k,v|
  v.reverse! if k =~ /secret/i
end
=> reverses the value to all keys matching /secret/i
Methods
E
F
N
P
Constants
ENV_MATCH = [/RAW_POST_DATA/, "rack.request.form_vars"]
 
NULL_PARAM_FILTER = ParameterFilter.new
 
NULL_ENV_FILTER = ParameterFilter.new ENV_MATCH
 
KV_RE = '[^&;=]+'
 
PAIR_RE = %r{(#{KV_RE})=(#{KV_RE})}
 
Class Public methods
new(env)
# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 28
def initialize(env)
  super
  @filtered_parameters = nil
  @filtered_env        = nil
  @filtered_path       = nil
end
Instance Public methods
filtered_env()

Return a hash of request.env with all sensitive data replaced.

# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 41
def filtered_env
  @filtered_env ||= env_filter.filter(@env)
end
filtered_parameters()

Return a hash of parameters with all sensitive data replaced.

# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 36
def filtered_parameters
  @filtered_parameters ||= parameter_filter.filter(parameters)
end
filtered_path()

Reconstructed a path with all sensitive GET parameters replaced.

# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 46
def filtered_path
  @filtered_path ||= query_string.empty? ? path : "#{path}?#{filtered_query_string}"
end
Instance Protected methods
env_filter()
# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 58
def env_filter
  user_key = @env.fetch("action_dispatch.parameter_filter") {
    return NULL_ENV_FILTER
  }
  parameter_filter_for(Array(user_key) + ENV_MATCH)
end
filtered_query_string()
# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 71
def filtered_query_string
  query_string.gsub(PAIR_RE) do |_|
    parameter_filter.filter([[$1, $2]]).first.join("=")
  end
end
parameter_filter()
# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 52
def parameter_filter
  parameter_filter_for @env.fetch("action_dispatch.parameter_filter") {
    return NULL_PARAM_FILTER
  }
end
parameter_filter_for(filters)
# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 65
def parameter_filter_for(filters)
  ParameterFilter.new(filters)
end