Class: RailsErrorDashboard::Services::SensitiveDataFilter

Inherits:

Object

• Object
• RailsErrorDashboard::Services::SensitiveDataFilter

Defined in:

lib/rails_error_dashboard/services/sensitive_data_filter.rb

Overview

Pure algorithm: Filter sensitive data from error attributes before storage

On by default. Redacts passwords, tokens, credit cards, SSNs, etc. using built-in defaults + Rails’ filter_parameters + custom patterns. Set filter_sensitive_data = false to store raw data (you own your database).

Constant Summary

FILTERED_REPLACEMENT =

"[FILTERED]"

DEFAULT_SENSITIVE_PATTERNS =

Default patterns that ALWAYS apply when filtering is enabled. These cover data that has no debugging value and should never be stored.

[
  # Passwords
  :password, :password_confirmation, :passphrase, :passwd,
  # API keys & tokens
  :token, :access_token, :refresh_token, :auth_token, :api_token,
  :api_key, :api_secret, :secret, :secret_key, :private_key,
  # Financial
  :credit_card, :card_number, :cc_number, :cvv, :cvc, :csv,
  # Personal identifiers
  :ssn, :social_security,
  # Session & auth
  :session_id, :session_key, :cookie,
  # 2FA / OTP
  :otp, :totp, :pin
].freeze

CREDIT_CARD_REGEX =

Regex to detect credit card numbers in free text (4 groups of 4 digits)

/\b\d{4}[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}\b/

Class Method Summary

• .filter_attributes(attributes) ⇒ Hash

  Filter sensitive data from error attributes hash.

• .parameter_filter ⇒ ActiveSupport::ParameterFilter^?

  Build and cache the ParameterFilter instance.

• .reset! ⇒ Object

  Clear cached filter (for testing or config changes).

Class Method Details

.filter_attributes(attributes) ⇒ Hash

Filter sensitive data from error attributes hash

Parameters:

• attributes (Hash) —

  Error attributes to filter

Returns:

• (Hash) —

  Filtered attributes (or original if filtering disabled/fails)

# File 'lib/rails_error_dashboard/services/sensitive_data_filter.rb', line 37

def self.filter_attributes(attributes)
  return attributes unless RailsErrorDashboard.configuration.filter_sensitive_data

  filter = parameter_filter
  return attributes unless filter

  filtered = attributes.dup
  filtered[:request_params] = filter_json_string(filter, filtered[:request_params])
  filtered[:request_url] = filter_url(filter, filtered[:request_url])
  filtered[:message] = filter_message(filter, filtered[:message])
  filtered[:exception_cause] = filter_cause_chain(filter, filtered[:exception_cause])
  filtered
rescue => e
  RailsErrorDashboard::Logger.debug("[RailsErrorDashboard] SensitiveDataFilter failed: #{e.message}")
  attributes
end

.parameter_filter ⇒ ActiveSupport::ParameterFilter^?

Build and cache the ParameterFilter instance

Returns:

• (ActiveSupport::ParameterFilter, nil)

# File 'lib/rails_error_dashboard/services/sensitive_data_filter.rb', line 56

def self.parameter_filter
  @parameter_filter ||= build_parameter_filter
end

.reset! ⇒ Object

Clear cached filter (for testing or config changes)

# File 'lib/rails_error_dashboard/services/sensitive_data_filter.rb', line 61

def self.reset!
  @parameter_filter = nil
end