lib/gitlab/grape_logging/loggers/filter_parameters.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

# frozen_string_literal: true

module Gitlab
  module GrapeLogging
    module Loggers
      # In the CI variables APIs, the POST or PUT parameters will always be
      # literally 'key' and 'value'. Rails' default filters_parameters will
      # always incorrectly mask the value of param 'key' when it should mask the
      # value of the param 'value'.
      # See: https://gitlab.com/gitlab-org/gitlab/-/issues/353857
      class FilterParameters < ::GrapeLogging::Loggers::FilterParameters
        private

        def safe_parameters(request)
          loggable_params = super
          settings = request.env[Grape::Env::API_ENDPOINT]&.route&.settings

          return loggable_params unless settings&.key?(:log_safety)

          settings[:log_safety][:safe].each do |key|
            loggable_params[key] = request.params[key] if loggable_params.key?(key)
          end

          settings[:log_safety][:unsafe].each do |key|
            loggable_params[key] = @replacement if loggable_params.key?(key)
          end

          loggable_params
        end
      end
    end
  end
end