mirror of https://github.com/rails/rails
Don't show secrets for `MessageVerifier#inspect` and `KeyGenerator#inspect`
Before: ```ruby ActiveSupport::MessageVerifier.new(secret).inspect "#<ActiveSupport::MessageVerifier:0x0000000104888038 ... @secret=\"\\xAF\\bFh]LV}q\\nl\\xB2U\\xB3 ... >" ActiveSupport::KeyGenerator.new(secret).inspect "#<ActiveSupport::KeyGenerator:0x0000000104888038 ... @secret=\"\\xAF\\bFh]LV}q\\nl\\xB2U\\xB3 ... >" ``` After: ```ruby ActiveSupport::MessageVerifier::Aes256Gcm(secret).inspect "#<ActiveSupport::MessageVerifier:0x0000000104888038>" ActiveSupport::KeyGenerator::Aes256Gcm(secret).inspect "#<ActiveSupport::KeyGenerator:0x0000000104888038>" ```
This commit is contained in:
parent
1cbd88f918
commit
5117da2b65
|
@ -1,3 +1,21 @@
|
|||
* Don't show secrets for `ActiveSupport::KeyGenerator#inspect`.
|
||||
|
||||
Before:
|
||||
|
||||
```ruby
|
||||
ActiveSupport::KeyGenerator.new(secret).inspect
|
||||
"#<ActiveSupport::KeyGenerator:0x0000000104888038 ... @secret=\"\\xAF\\bFh]LV}q\\nl\\xB2U\\xB3 ... >"
|
||||
```
|
||||
|
||||
After:
|
||||
|
||||
```ruby
|
||||
ActiveSupport::KeyGenerator::Aes256Gcm(secret).inspect
|
||||
"#<ActiveSupport::KeyGenerator:0x0000000104888038>"
|
||||
```
|
||||
|
||||
*Petrik de Heus*
|
||||
|
||||
* Improve error message when EventedFileUpdateChecker is used without a
|
||||
compatible version of the Listen gem
|
||||
|
||||
|
|
|
@ -41,6 +41,10 @@ module ActiveSupport
|
|||
def generate_key(salt, key_size = 64)
|
||||
OpenSSL::PKCS5.pbkdf2_hmac(@secret, salt, @iterations, key_size, @hash_digest_class.new)
|
||||
end
|
||||
|
||||
def inspect # :nodoc:
|
||||
"#<#{self.class.name}:#{'%#016x' % (object_id << 1)}>"
|
||||
end
|
||||
end
|
||||
|
||||
# = Caching Key Generator
|
||||
|
|
|
@ -301,6 +301,10 @@ module ActiveSupport
|
|||
deserialize_with_metadata(decode(extract_encoded(message)), **options)
|
||||
end
|
||||
|
||||
def inspect # :nodoc:
|
||||
"#<#{self.class.name}:#{'%#016x' % (object_id << 1)}>"
|
||||
end
|
||||
|
||||
private
|
||||
def sign_encoded(encoded)
|
||||
digest = generate_digest(encoded)
|
||||
|
|
|
@ -59,6 +59,10 @@ else
|
|||
assert_raises(ArgumentError) { ActiveSupport::KeyGenerator.hash_digest_class = InvalidDigest }
|
||||
assert_raises(ArgumentError) { ActiveSupport::KeyGenerator.hash_digest_class = InvalidDigest.new }
|
||||
end
|
||||
|
||||
test "inspect does not show secrets" do
|
||||
assert_match(/\A#<ActiveSupport::KeyGenerator:0x[0-9a-f]+>\z/, @generator.inspect)
|
||||
end
|
||||
end
|
||||
|
||||
class CachingKeyGeneratorTest < ActiveSupport::TestCase
|
||||
|
|
|
@ -109,6 +109,10 @@ class MessageVerifierTest < ActiveSupport::TestCase
|
|||
assert_equal "Secret should not be nil.", exception.message
|
||||
end
|
||||
|
||||
test "inspect does not show secrets" do
|
||||
assert_match(/\A#<ActiveSupport::MessageVerifier:0x[0-9a-f]+>\z/, @verifier.inspect)
|
||||
end
|
||||
|
||||
private
|
||||
def make_codec(**options)
|
||||
ActiveSupport::MessageVerifier.new(@secret, **options)
|
||||
|
|
Loading…
Reference in New Issue