api.request.input and param filtering

[swils]

Rails' filter_parameters system is used by e.g. Rails logging and error notification APIs like Airbrake to avoid sensitive information leaking out. It works by running over a hash and overwriting it for certain keys. However, Grape puts the entire request body in env['api.request.input'] as a string, which means the param filtering doesn't operate on it. This can lead to e.g. plaintext passwords getting logged in error catchers.

This can be solved by adding 'api.request.input' to filter_parameters in Rails application configuration. Should I adapt the documentation to warn people about this, or should we look for other ways to avoid this behaviour?

[ujjwalt]

I think a solution has to be built into Grape for this and set on Grape's config since it effectively has it's own mechanism for routing and everything.

[blakeperdue]

Any update on this? I've noticed we're seeing sensitive auth tokens being stored in our logs. We had filter_parameters working before implementing Grape.

[blakeperdue]

Adding 'api.request.input' to filter_parameters is not working for me in Rails 4. Here's my config line:

config.filter_parameters += [:authentication_token, 'api.request.input'] in config/application.rb

Any ideas @swils or @ujjwalt ? Thanks.

[dblock]

For Rails, it should work, maybe you want to add to https://github.com/dblock/grape-on-rails to demonstrate?

For an implementation in Grape, I think the next step is to write a test that shows the intent of what we want.