Fix sanitization in event logger

dickdavis · Sep 30, 2023 · d202fd3 · d202fd3
1 parent 1c85627
commit d202fd3
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 3 deletions.
diff --git a/lib/event_logger_rails/event.rb b/lib/event_logger_rails/event.rb
@@ -28,6 +28,13 @@ def valid?
       identifier.present?
     end
 
+    def to_h
+      {
+        event_identifier: identifier,
+        event_description: description
+      }
+    end
+
     def to_s
       identifier&.to_s || provided_identifier.to_s
     end

diff --git a/lib/event_logger_rails/event_logger.rb b/lib/event_logger_rails/event_logger.rb
@@ -30,10 +30,13 @@ def log(event, level, data = {})
 
     attr_reader :logger
 
+    def sanitizer
+      @sanitizer ||= ActiveSupport::ParameterFilter.new(EventLoggerRails.sensitive_fields)
+    end
+
     def log_message(event, level, data)
       logger.send(level) do
-        filtered_data = ActiveSupport::ParameterFilter.new(EventLoggerRails.sensitive_fields).filter(data)
-        { event_identifier: event.identifier, event_description: event.description }.merge(filtered_data)
+        event.to_h.merge(sanitizer.filter(data))
       end
     rescue NoMethodError
       raise EventLoggerRails::Exceptions::InvalidLoggerLevel.new(logger_level: level)
@@ -49,13 +52,20 @@ def structured_output(level:, timestamp:, message:)
         service_name: Rails.application.class.module_parent_name,
         level:,
         method: EventLoggerRails::CurrentRequest.method,
-        parameters: EventLoggerRails::CurrentRequest.parameters,
+        parameters: sanitizer.filter(EventLoggerRails::CurrentRequest.parameters),
         path: EventLoggerRails::CurrentRequest.path,
         remote_ip: EventLoggerRails::CurrentRequest.remote_ip,
         timestamp: timestamp.iso8601(3),
         **message
       }
     end
     # rubocop:enable Metrics/MethodLength
+
+    def event_data(event)
+      {
+        event_identifier: event.identifier,
+        event_description: event.description
+      }
+    end
   end
 end
diff --git a/spec/lib/event_logger_rails/event_spec.rb b/spec/lib/event_logger_rails/event_spec.rb
@@ -75,6 +75,14 @@
     end
   end
 
+  describe '#to_h' do
+    subject(:method_call) { event.to_h }
+
+    let(:identifier) { 'foo.bar' }
+
+    it { is_expected.to eq({ event_identifier: event.identifier, event_description: event.description }) }
+  end
+
   describe '#to_s' do
     subject(:method_call) { event.to_s }