Filter event reporter payloads

Author: zzak

activesupport/lib/active_support.rb

@@ -113,6 +113,8 @@ def self.eager_load!
   @event_reporter = ActiveSupport::EventReporter.new
   singleton_class.attr_accessor :event_reporter # :nodoc:
 
+  cattr_accessor :filter_parameters, default: [] # :nodoc:
+
   def self.cache_format_version
     Cache.format_version
   end

activesupport/lib/active_support/event_reporter.rb

@@ -2,6 +2,7 @@
 # frozen_string_literal: true
 
 require "active_support/core_ext/hash/indifferent_access"
+require "active_support/parameter_filter"
 require_relative "event_reporter/encoders"
 
 module ActiveSupport
@@ -459,6 +460,13 @@ def context_store
         self.class.context_store
       end
 
+      def payload_filter
+        @payload_filter ||= begin
+          mask = ActiveSupport::ParameterFilter::FILTERED
+          ActiveSupport::ParameterFilter.new(ActiveSupport.filter_parameters, mask: mask)
+        end
+      end
+
       def resolve_name(name_or_object)
         case name_or_object
         when String, Symbol
@@ -473,9 +481,9 @@ def resolve_payload(name_or_object, payload, **kwargs)
         when String, Symbol
           handle_unexpected_args(name_or_object, payload, kwargs) if payload && kwargs.any?
           if kwargs.any?
-            kwargs.with_indifferent_access
+            payload_filter.filter(kwargs.with_indifferent_access)
           elsif payload
-            payload.with_indifferent_access
+            payload_filter.filter(payload.with_indifferent_access)
           end
         else
           handle_unexpected_args(name_or_object, payload, kwargs) if payload || kwargs.any?

activesupport/lib/active_support/railtie.rb

@@ -74,6 +74,12 @@ class Railtie < Rails::Railtie # :nodoc:
       app.executor.to_run              { ActiveSupport.event_reporter.clear_context }
     end
 
+    initializer "active_support.set_filter_parameters" do |app|
+      app.after_initialize do
+        ActiveSupport.filter_parameters += Rails.application.config.filter_parameters
+      end
+    end
+
     initializer "active_support.deprecation_behavior" do |app|
       if app.config.active_support.report_deprecations == false
         app.deprecators.silenced = true

activesupport/test/event_reporter_test.rb

@@ -224,6 +224,19 @@ def emit(event)
       assert_equal("Uh oh!", error.message)
     end
 
+    test "#notify with filtered parameters" do
+      previous_filter_parameters = ActiveSupport.filter_parameters
+      ActiveSupport.filter_parameters = [:zomg]
+
+      assert_called_with(@subscriber, :emit, [
+        event_matcher(name: "test_event", payload: { key: "value", zomg: "[FILTERED]" })
+      ]) do
+        @reporter.notify(:test_event, { key: "value", zomg: "secret" })
+      end
+    ensure
+      ActiveSupport.filter_parameters = previous_filter_parameters
+    end
+
     test "#with_debug" do
       @reporter.with_debug do
         assert_predicate @reporter, :debug_mode?