How to filter parameters in rails?

Ruby on-RailsRubyFiltering

Ruby on-Rails Problem Overview

Rails has built in log filtering so you don't log passwords and credit cards. Works great for that but when you want to trigger a custom log (like to email) and send your own params or other data along with it, the parameters are obviously not auto-filtered. I have been digging and trying to find this in the rails source but have had no luck so far.

I have configured rails to filter parameters as follows and it works properly for keeping the data out of rails logs:

config.filter_parameters += [:password, :password_confirmation, :credit_card]

How would you filter sensitive data from the params hash before dumping it into an email, api call or custom (non-rails) log?

Ruby on-Rails Solutions

Solution 1 - Ruby on-Rails

Rails 4+

Sidenote for filtering the log in Rails 4+: The config.filter_parameters has been moved from application.rb to it's own initializer.

config/initializers/filter_parameter_logging.rb

Rails.application.config.filter_parameters += [:password]

Solution 2 - Ruby on-Rails

tadman answered correctly but here is some additional info:

In application.rb

config.filter_parameters += [:password, :password_confirmation, :credit_card]

Wherever you are doing custom logging:

f = ActionDispatch::Http::ParameterFilter.new(Rails.application.config.filter_parameters)
f.filter :order => {:credit_card => "4111111111111111"}

 => {:order=>{:credit_card=>"[FILTERED]"}}

Solution 3 - Ruby on-Rails

You can always use the except method:

params.except(:password, :password_confirmation, :credit_card)

That will exclude them from the listing. To "filter" them you could try this approach.

Solution 4 - Ruby on-Rails

If you are inside a rails controller method, why not just call request.filtered_parameters?

It is always a good choice to use what is already provided. Cheers!

Solution 5 - Ruby on-Rails

Just to add on @tadman answer:

When using except, beware that it will remove only top-level keys of your parameters, eg:

params = {
  search_query: 'foobar', 
  secret_key1: 'SENSITIVE_KEY_1', 
  auth_info: {secret_key_2: 'SENSITIVE_KEY2'}
}
params.except(:secret_key1, :secret_key2)

=> {:search_query=>"foobar", :auth_info=>{:secret_key_2=>"SENSITIVE_KEY2"}}

Using request.filtered_parameters will filter both of those keys if they are in config/application.rb

config.filter_parameters += [:password]
Categories
Recommended Ruby on-Rails Solutions
Recommended Ruby Solutions
Recommended Filtering Solutions

Previous Solution:

HTML formatted email not showing up at all in Gmail but is in other mail clients

CssGmailHtml EmailGmail Imap

Next Solution:

Eclipse highlighting the same occurrence of the word

EclipseEclipse PluginSyntax Highlighting

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionchrishomerView Question on Stackoverflow
Solution 1 - Ruby on-RailsdavegsonView Answer on Stackoverflow
Solution 2 - Ruby on-RailschrishomerView Answer on Stackoverflow
Solution 3 - Ruby on-RailstadmanView Answer on Stackoverflow
Solution 4 - Ruby on-RailsLester CelestialView Answer on Stackoverflow
Solution 5 - Ruby on-RailsBenjamin CrouzierView Answer on Stackoverflow