Added filter method for logger middleware (#650)

Allows you to filter sensitive information with a regex, allowing a gsub with redaction.
2025-10-07 00:11:11 -04:00 · 2017-01-13 10:28:29 +00:00 · 2017-01-13 10:28:29 +00:00 · 04a6f3b759
commit 04a6f3b759
parent bc419bddc9
3 changed files with 61 additions and 6 deletions
--- a/README.md
+++ b/README.md
@ -30,6 +30,14 @@ conn = Faraday.new(:url => 'http://sushi.com') do |faraday|
  faraday.adapter  Faraday.default_adapter  # make requests with Net::HTTP
 end

+# Filter sensitive information from logs with a regex matcher
+
+conn = Faraday.new(:url => 'http://sushi.com/api_key=s3cr3t') do |faraday|
+  faraday.response :logger do | logger |
+    logger.filter(/(api_key=)(\w+)/,'\1[REMOVED]')
+  end
+end
+
 ## GET ##

 response = conn.get '/nigiri/sake.json'     # GET http://sushi.com/nigiri/sake.json
--- a/lib/faraday/response/logger.rb
+++ b/lib/faraday/response/logger.rb
@ -12,22 +12,28 @@ module Faraday
        require 'logger'
        ::Logger.new(STDOUT)
      end
+      @filter = []
      @options = DEFAULT_OPTIONS.merge(options)
+      yield self if block_given?
    end

    def_delegators :@logger, :debug, :info, :warn, :error, :fatal

    def call(env)
-      info "#{env.method} #{env.url.to_s}"
-      debug('request') { dump_headers env.request_headers } if log_headers?(:request)
-      debug('request') { dump_body(env[:body]) } if env[:body] && log_body?(:request)
+      info "#{env.method} #{apply_filters(env.url.to_s)}"
+      debug('request') { apply_filters( dump_headers env.request_headers ) } if log_headers?(:request)
+      debug('request') { apply_filters( dump_body(env[:body]) ) } if env[:body] && log_body?(:request)
      super
    end

    def on_complete(env)
      info('Status') { env.status.to_s }
-      debug('response') { dump_headers env.response_headers } if log_headers?(:response)
-      debug('response') { dump_body env[:body] } if env[:body] && log_body?(:response)
+      debug('response') { apply_filters( dump_headers env.response_headers ) } if log_headers?(:response)
+      debug('response') { apply_filters( dump_body env[:body] ) } if env[:body] && log_body?(:response)
+    end
+
+    def filter(filter_word, filter_replacement)
+      @filter.push([ filter_word, filter_replacement ])
    end

    private
@ -62,5 +68,13 @@ module Faraday
      else @options[:bodies]
      end
    end
+
+    def apply_filters(output)
+      @filter.each do |pattern, replacement|
+        output = output.to_s.gsub(pattern, replacement)
+      end
+      output
+    end
+
  end
 end
--- a/test/adapters/logger_test.rb
+++ b/test/adapters/logger_test.rb
@ -8,12 +8,20 @@ module Adapters
      rubbles = ['Barney', 'Betty', 'Bam Bam']

      Faraday.new do |b|
-        b.response :logger, logger, logger_options
+        b.response :logger, @logger, logger_options do | logger |
+          logger.filter(/(soylent green is) (.+)/,'\1 tasty')
+          logger.filter(/(api_key:).*"(.+)."/,'\1[API_KEY]')
+          logger.filter(/(password)=(.+)/,'\1=[HIDDEN]')
+        end
        b.adapter :test do |stubs|
          stubs.get('/hello') { [200, {'Content-Type' => 'text/html'}, 'hello'] }
          stubs.post('/ohai') { [200, {'Content-Type' => 'text/html'}, 'fred'] }
          stubs.post('/ohyes') { [200, {'Content-Type' => 'text/html'}, 'pebbles'] }
          stubs.get('/rubbles') { [200, {'Content-Type' => 'application/json'}, rubbles] }
+          stubs.get('/filtered_body') { [200, {'Content-Type' => 'text/html'}, 'soylent green is people'] }
+          stubs.get('/filtered_headers') { [200, {'Content-Type' => 'text/html'}, 'headers response'] }
+          stubs.get('/filtered_params') { [200, {'Content-Type' => 'text/html'}, 'params response'] }
+          stubs.get('/filtered_url') { [200, {'Content-Type' => 'text/html'}, 'url response'] }
        end
      end
    end
@ -94,5 +102,30 @@ module Adapters
      app.get '/rubbles', nil, :accept => 'text/html'
      assert_match %([\"Barney\", \"Betty\", \"Bam Bam\"]\n), @io.string
    end
+
+    def test_logs_filter_body
+      app = conn(@logger, :bodies => true)
+      app.get '/filtered_body', nil, :accept => 'text/html'
+      assert_match %(soylent green is), @io.string
+      assert_match %(tasty), @io.string
+      refute_match %(people), @io.string
+    end
+
+    def test_logs_filter_headers
+      app = conn(@logger)
+      app.headers = {'api_key' => 'ABC123'}
+      app.get '/filtered_headers', nil, :accept => 'text/html'
+      assert_match %(api_key:), @io.string
+      assert_match %([API_KEY]), @io.string
+      refute_match %(ABC123), @io.string
+    end
+
+    def test_logs_filter_url
+      app = conn(@logger)
+      app.get '/filtered_url?password=hunter2', nil, :accept => 'text/html'
+      assert_match %(password=[HIDDEN]), @io.string
+      refute_match %(hunter2), @io.string
+    end
+
  end
 end