UpdatesController::LogSubscriber should obfuscate sensitive information

[florianfelsing]

Right now the gem is basically logging the complete payload:

def start_processing(event)
  info do
    payload = event.payload
    "Processing by #{payload[:controller]}##{payload[:action]}\n" \
    "  Update: #{payload[:update].to_json}"
  end
end

I think that especially in production settings it would be a good practice to at least obfuscate the text parts. As a default or via configuration.

For now I've monkey patched this in my app, but I think this would be a good thing to implement on the gem level? I'd be happy to help implement this.

[printercu]

Could you share your patch?

It can be tricky to have some generic solution: somebody may want to log messages with commands (/cmd some text) others may want text of all messages because they don't have any sensitive information.

[florianfelsing]

Sure:

module Telegram
  module Bot
    class UpdatesController
      class LogSubscriber
        FILTERED_PARAMS = %i[text].freeze

        def start_processing(event)
          info do
            payload = event.payload
            update = sanitize_sensitive_data(payload[:update])
            "Processing by #{payload[:controller]}##{payload[:action]}\n  " \
              "Update: #{update.to_json}"
          end
        end

        private

        def sanitize_sensitive_data(update)
          parameter_filter.filter(update)
        end

        def parameter_filter
          @parameter_filter ||= ActiveSupport::ParameterFilter.new(FILTERED_PARAMS)
        end
      end
    end
  end
end

Maybe we could also leave the default as it is but provide a config option to enable filtering in logs?

[florianfelsing]

Let me know if that makes sense to you / if you have any preferences regarding implementation and I'd be glad to work on this one some time during the week @printercu.