How to filter sensitive information when logging with Sinatra and Rack Logger

落花浮王杯 提交于 2020-07-30 05:53:22

问题


I maintain a Sinatra app that acts as a JSON API service. The API is consumed by another web app, as well as a mobile app.

I'd like to have Rack::CommonLogger exclude sensitive information, like a password, from its logs. Rails has this setting enabled, but I have found no documentation how to do this in Sinatra.


回答1:


You can try to intercept the call to write and filter out sensitive messages like so :

logger = Logger.new("my_common.log")
logger.instance_eval do
  def write(msg)
    self.send(:<<, msg) if !msg.match /SUPER SENSITIVE INFO HERE/
  end
end

then, configure Rack::CommonLogger to use this instance of the logger:

config.middleware.use Rack::CommonLogger, logger



回答2:


Sinatra logs to STDERR which is an IOm but we don't want to store other peoples passwords:

module NoTokenLogging
  def write(*args)
    args.first.sub!(/password=\S+/, "password=[FILTERED]")
    super
  end
end
IO.prepend NoTokenLogging



回答3:


You can also just leverage ActiveSupport::ParameterFilter.

https://edgeapi.rubyonrails.org/classes/ActiveSupport/ParameterFilter.html



来源:https://stackoverflow.com/questions/15375477/how-to-filter-sensitive-information-when-logging-with-sinatra-and-rack-logger

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!