Filter the private key param from logs

Filter the private key param from logs

Despite being encrypted it increases our surface area to have the encrypted
private key in the logs. This ensures we do not log it.

From 0d31cdea7427e1f1fdd50826e7443b93d89368cc Mon Sep 17 00:00:00 2001
From: Sam <sam.saffron@gmail.com>
Date: Tue, 4 Dec 2018 13:44:33 +1100
Subject: [PATCH] Filter the private key param from logs

Despite being encrypted it increases our surface area to have the encrypted
private key in the logs. This ensures we do not log it.

diff --git a/plugin.rb b/plugin.rb
index 3881c96..74b9842 100644
--- a/plugin.rb
+++ b/plugin.rb
@@ -16,6 +16,8 @@ DiscoursePluginRegistry.serialized_current_user_fields << "encrypt_private_key"
 
 after_initialize do
 
+  Rails.configuration.filter_parameters << :private_key
+
   module ::DiscourseEncrypt
     PLUGIN_NAME = 'discourse-encrypt'
 
@@ -44,7 +46,7 @@ after_initialize do
         private_key = params.require(:private_key)
 
         old_public_key = current_user.custom_fields['encrypt_public_key']
-        old_private_key = current_user.custom_fields['encrypt_private_key']
+        _old_private_key = current_user.custom_fields['encrypt_private_key']
 
         # Check if encryption is already enabled (but not changing passphrase).
         if old_public_key && old_public_key != public_key

GitHub

1 Like