From ca4061eea3e2ed58db2eca3de916c322e348aaca Mon Sep 17 00:00:00 2001
From: abicky <takeshi.arabiki@gmail.com>
Date: Tue, 25 Sep 2018 22:36:27 +0900
Subject: [PATCH] Scrub parameter keys

This commit resolves https://github.com/aserafin/grape_logging/issues/53.
---
 .../loggers/filter_parameters.rb              |  8 +++-
 .../loggers/filter_parameters_spec.rb         | 46 ++++++++++---------
 2 files changed, 32 insertions(+), 22 deletions(-)

diff --git a/lib/grape_logging/loggers/filter_parameters.rb b/lib/grape_logging/loggers/filter_parameters.rb
index 84a17b7..9ffe238 100644
--- a/lib/grape_logging/loggers/filter_parameters.rb
+++ b/lib/grape_logging/loggers/filter_parameters.rb
@@ -29,7 +29,13 @@ def safe_parameters(request)
       end
 
       def clean_parameters(parameters)
-        parameter_filter.filter(parameters).reject{ |key, _value| @exceptions.include?(key) }
+        parameter_filter.filter(scrub_keys(parameters)).reject{ |key, _value| @exceptions.include?(key) }
+      end
+
+      def scrub_keys(parameters)
+        parameters.each_with_object({}) do |(k, v), h|
+          h[k.to_s.scrub] = v.is_a?(Hash) ? scrub_keys(v) : v
+        end
       end
     end
   end
diff --git a/spec/lib/grape_logging/loggers/filter_parameters_spec.rb b/spec/lib/grape_logging/loggers/filter_parameters_spec.rb
index 9dfbe9d..02f88be 100644
--- a/spec/lib/grape_logging/loggers/filter_parameters_spec.rb
+++ b/spec/lib/grape_logging/loggers/filter_parameters_spec.rb
@@ -11,7 +11,8 @@
       that_one: 'one',
       two: 'two',
       three: 'three',
-      four: 'four'
+      four: 'four',
+      "\xff" => 'invalid utf8',
     })
   end
 
@@ -35,31 +36,34 @@
   shared_examples 'filtering' do
     it 'filters out sensitive parameters' do
       expect(subject.parameters(mock_request, nil)).to eq(params: {
-        this_one: subject.instance_variable_get('@replacement'),
-        that_one: subject.instance_variable_get('@replacement'),
-        two: 'two',
-        three: 'three',
-        four: subject.instance_variable_get('@replacement'),
+        'this_one' => subject.instance_variable_get('@replacement'),
+        'that_one' => subject.instance_variable_get('@replacement'),
+        'two' => 'two',
+        'three' => 'three',
+        'four' => subject.instance_variable_get('@replacement'),
+        "\ufffd" => 'invalid utf8',
       })
     end
 
     it 'deeply filters out sensitive parameters' do
       expect(subject.parameters(mock_request_with_deep_nesting, nil)).to eq(params: {
-        this_one: subject.instance_variable_get('@replacement'),
-        that_one: subject.instance_variable_get('@replacement'),
-        two: 'two',
-        three: 'three',
-        four: subject.instance_variable_get('@replacement'),
-        five: {
-          this_one: subject.instance_variable_get('@replacement'),
-          that_one: subject.instance_variable_get('@replacement'),
-          two: 'two',
-          three: 'three',
-          four: subject.instance_variable_get('@replacement'),
-          six: {
-            seven: 'seven',
-            eight: 'eight',
-            one: subject.instance_variable_get('@replacement'),
+        'this_one' => subject.instance_variable_get('@replacement'),
+        'that_one' => subject.instance_variable_get('@replacement'),
+        'two' => 'two',
+        'three' => 'three',
+        'four' => subject.instance_variable_get('@replacement'),
+        "\ufffd" => 'invalid utf8',
+        'five' => {
+          'this_one' => subject.instance_variable_get('@replacement'),
+          'that_one' => subject.instance_variable_get('@replacement'),
+          'two' => 'two',
+          'three' => 'three',
+          'four' => subject.instance_variable_get('@replacement'),
+          "\ufffd" => 'invalid utf8',
+          'six' => {
+            'seven' => 'seven',
+            'eight' => 'eight',
+            'one' => subject.instance_variable_get('@replacement'),
           },
         },
       })