Filter event reporter payloads during encoding

zzak · zzak · commit 913183fc9f6b · 2025-07-20T08:44:22.000+09:00
diff --git a/activesupport/lib/active_support.rb b/activesupport/lib/active_support.rb
@@ -113,6 +113,8 @@ def self.eager_load!
   @event_reporter = ActiveSupport::EventReporter.new
   singleton_class.attr_accessor :event_reporter # :nodoc:
 
+  cattr_accessor :filter_parameters, default: [] # :nodoc:
+
   def self.cache_format_version
     Cache.format_version
   end
diff --git a/activesupport/lib/active_support/event_reporter/encoders.rb b/activesupport/lib/active_support/event_reporter/encoders.rb
@@ -1,6 +1,8 @@
 # typed: true
 # frozen_string_literal: true
 
+require "active_support/parameter_filter"
+
 module ActiveSupport
   class EventReporter
     # = Event Encoders
@@ -27,6 +29,18 @@ class Base
         def self.encode(event)
           raise NotImplementedError, "Subclasses must implement #encode"
         end
+
+        private
+
+        def self.transform_event(event)
+          parameter_filter = ActiveSupport::ParameterFilter.new(ActiveSupport.filter_parameters, mask: ActiveSupport::ParameterFilter::FILTERED)
+          event[:payload] = parameter_filter.filter(event[:payload].to_h)
+          event[:tags] = event[:tags].transform_values do |value|
+            value.respond_to?(:to_h) ? value.to_h : value
+          end
+
+          event
+        end
       end
 
       # JSON encoder for serializing events to JSON format.
@@ -64,22 +78,14 @@ def self.encode(event)
 
       class JSON < Base
         def self.encode(event)
-          event[:payload] = event[:payload].to_h
-          event[:tags] = event[:tags].transform_values do |value|
-            value.respond_to?(:to_h) ? value.to_h : value
-          end
-          ::JSON.dump(event)
+          ::JSON.dump(transform_event(event))
         end
       end
 
       class MessagePack < Base
         def self.encode(event)
           require "msgpack"
-          event[:payload] = event[:payload].to_h
-          event[:tags] = event[:tags].transform_values do |value|
-            value.respond_to?(:to_h) ? value.to_h : value
-          end
-          ::MessagePack.pack(event)
+          ::MessagePack.pack(transform_event(event))
         rescue LoadError
           raise LoadError, "msgpack gem is required for MessagePack encoding. Add 'gem \"msgpack\"' to your Gemfile."
         end
diff --git a/activesupport/lib/active_support/railtie.rb b/activesupport/lib/active_support/railtie.rb
@@ -74,6 +74,12 @@ class Railtie < Rails::Railtie # :nodoc:
       app.executor.to_run              { ActiveSupport.event_reporter.clear_context }
     end
 
+    initializer "active_support.set_filter_parameters" do |app|
+      app.after_initialize do
+        ActiveSupport.filter_parameters += Rails.application.config.filter_parameters
+      end
+    end
+
     initializer "active_support.deprecation_behavior" do |app|
       if app.config.active_support.report_deprecations == false
         app.deprecators.silenced = true
diff --git a/activesupport/test/event_reporter_test.rb b/activesupport/test/event_reporter_test.rb
@@ -628,6 +628,19 @@ def to_h
       assert_equal 200, parsed["tags"]["HttpRequestTag"]["http_status"]
     end
 
+    test "JSON encoder filters parameters" do
+      previous_filter_parameters = ActiveSupport.filter_parameters
+      ActiveSupport.filter_parameters = [:zomg]
+
+      @event[:payload][:zomg] = "secret"
+      json_string = EventReporter::Encoders::JSON.encode(@event)
+      parsed = ::JSON.parse(json_string)
+
+      assert_equal({ "id" => 123, "message" => "hello", "zomg" => "[FILTERED]" }, parsed["payload"])
+    ensure
+      ActiveSupport.filter_parameters = previous_filter_parameters
+    end
+
     test "MessagePack encoder encodes event to MessagePack" do
       begin
         require "msgpack"
@@ -656,5 +669,18 @@ def to_h
       assert_equal "GET", parsed["tags"]["HttpRequestTag"]["http_method"]
       assert_equal 200, parsed["tags"]["HttpRequestTag"]["http_status"]
     end
+
+    test "MessagePack encoder filters parameters" do
+      previous_filter_parameters = ActiveSupport.filter_parameters
+      ActiveSupport.filter_parameters = [:zomg]
+
+      @event[:payload][:zomg] = "secret"
+      msgpack_data = EventReporter::Encoders::MessagePack.encode(@event)
+      parsed = ::MessagePack.unpack(msgpack_data)
+
+      assert_equal({ "id" => 123, "message" => "hello", "zomg" => "[FILTERED]" }, parsed["payload"])
+    ensure
+      ActiveSupport.filter_parameters = previous_filter_parameters
+    end
   end
 end
