-
Aaron Lahey authored
When parsing HTTP request parameters, Rails delegates to a set of parsing strategies based on the MIME type. If any of these strategies raises an error Rails rescues it and raises an instance of `ActionDispatch::Http::Parameters::ParseError` with the same message as the underlying error. However, in the presence of malformed JSON, the default parameter parser for the `application/json` MIME type raises a `JSON:ParserError` with a message containing the entire malformed JSON string (the request body in this context). By raising a new error with this same message Rails inadvertently ends up logging the full HTTP request body at the `fatal` level. This request body could contain sensitive information or could be intentionally crafted to be extremely large. This commit sets the `ActionDispatch::Http::Parameters::ParseError` message to a static message which mirrors that of the corresponding `debug` log.
Aaron Lahey authoredWhen parsing HTTP request parameters, Rails delegates to a set of parsing strategies based on the MIME type. If any of these strategies raises an error Rails rescues it and raises an instance of `ActionDispatch::Http::Parameters::ParseError` with the same message as the underlying error. However, in the presence of malformed JSON, the default parameter parser for the `application/json` MIME type raises a `JSON:ParserError` with a message containing the entire malformed JSON string (the request body in this context). By raising a new error with this same message Rails inadvertently ends up logging the full HTTP request body at the `fatal` level. This request body could contain sensitive information or could be intentionally crafted to be extremely large. This commit sets the `ActionDispatch::Http::Parameters::ParseError` message to a static message which mirrors that of the corresponding `debug` log.
Loading