Skip to content

[Action Cable] Stop logging filtered params#39267

Closed
tannakartikey wants to merge 2 commits intorails:masterfrom
tannakartikey:fix_25088
Closed

[Action Cable] Stop logging filtered params#39267
tannakartikey wants to merge 2 commits intorails:masterfrom
tannakartikey:fix_25088

Conversation

@tannakartikey
Copy link
Copy Markdown
Contributor

@tannakartikey tannakartikey commented May 13, 2020

Summary

Re-created #25090 as per the comment

This prevents filtered params from being logged.

Fixes #25088

Other Information

@dhh dhh requested a review from lifo May 16, 2020 20:33
@rails-bot
Copy link
Copy Markdown

rails-bot bot commented Aug 14, 2020

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
Thank you for your contributions.

@rails-bot rails-bot bot added the stale label Aug 14, 2020
@rails-bot rails-bot bot closed this Aug 21, 2020
@tannakartikey
Copy link
Copy Markdown
Contributor Author

tannakartikey commented Aug 22, 2020
edited
Loading

@lifo can we re-open this, please, if you think this feature is adding value?

@rails-bot rails-bot bot removed the stale label Aug 22, 2020
@rails-bot
Copy link
Copy Markdown

rails-bot bot commented Nov 20, 2020

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
Thank you for your contributions.

@rails-bot rails-bot bot added the stale label Nov 20, 2020
@rails-bot rails-bot bot closed this Nov 27, 2020
@sentientmonkey
Copy link
Copy Markdown

sentientmonkey commented Jan 26, 2022

@lifo @dhh any chance this could be re-evaluated? This gets flagged as an issue in snyk scans: https://security.snyk.io/vuln/SNYK-RUBY-ACTIONCABLE-20338

pboling
pboling reviewed Jan 31, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@pboling pboling left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@dhh
Copy link
Copy Markdown
Member

dhh commented Jan 31, 2023

This makes sense to me. @lifo, can you do a review?

@lifo
Copy link
Copy Markdown
Member

lifo commented Feb 7, 2023

@dhh Change looks good to me!

@rafaelfranca rafaelfranca mentioned this pull request Feb 7, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lifo lifo Awaiting requested review from lifo

1 more reviewer

@pboling pboling pboling left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

actioncable stale

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[ActionCable] No way to filter out any sensitive data which may be passed as an argument to the remote procedure over ws protocol..

6 participants

@tannakartikey @sentientmonkey @dhh @lifo @pboling @jonathanhefner