Skip to content

Allow partial strings on Rails filter_parameters for meta_data_filters #776

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Allow partial strings on Rails filter_parameters for meta_data_filters #776

wants to merge 1 commit into from

Conversation

@yykamei
Copy link

@yykamei yykamei commented Feb 13, 2023

Goal

The Recent Rails template will generate filter_parameters with partial strings, such as :passw and :_key. I think this library should also allow such keywords to filter out, following the Rails template.

https://github.com/rails/rails/blob/f838a7421228204bbc1e012ff9a3801ed598da80/railties/lib/rails/generators/rails/app/templates/config/initializers/filter_parameter_logging.rb.tt#L6-L8

This patch might be a breaking change because it will filter more parameters than before, but to exclude them would be better than sending probably sensitive parameters as they are.

Design

I just removed \A and \z from the Regexp construction on a railtie as well as adding i to allow any cases to be matched.

Changeset

  • Remove \A and \z, and add i to Regexp initialization on railtie

Testing

I updated Rails.application.config.filter_parameters inside features to be :passw from :password. It would be good if the End to end tests pass.

@johnkiely1
Copy link
Member

johnkiely1 commented Feb 17, 2023

Hi @yykamei, Thanks for the PR, we will review when priorities allow.

@johnkiely1 johnkiely1 added the backlog We hope to fix this feature/bug in the future label Feb 17, 2023
@yykamei
Copy link
Author

yykamei commented Jul 20, 2023

Hi @johnkiely1, I'm curious about the progress of this pull request. I'm ready to update any changes if they're necessary. Thank you!

@clr182
Copy link

clr182 commented Jul 25, 2023

Hi @yykamei, due to the prioritization of other tasks we do not have an ETA on the review of this PR. We'd be happy to let you know once we have more information.

@yykamei
Copy link
Author

yykamei commented Jul 26, 2023

Thank you for your reply.

@yykamei
Allow partial strings on Rails filter_parameters for `meta_data_fil…
342ad07 
…ters`

The Recent Rails template will generate `filter_parameters` with
*partial* strings, such as `:passw` and `:_key`. I think this library
should also allow such keywords to filter out, following the Rails
template.

https://github.com/rails/rails/blob/f838a7421228204bbc1e012ff9a3801ed598da80/railties/lib/rails/generators/rails/app/templates/config/initializers/filter_parameter_logging.rb.tt#L6-L8

This patch might be a breaking change because it will filter more
parameters than before, but to exclude them would be better than sending
probably sensitive parameters as they are.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

backlog We hope to fix this feature/bug in the future

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@yykamei @johnkiely1 @clr182