apm: don't record unknown url params in the apm.

Don't record unknown url params that don't come from our app. This includes typos, url params from userscripts, and weird params from broken bots, crawlers, or other unknown sources. Indexing too many params can lead to a mapping explosion. https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping.html
2022-04-19 03:31:03 -05:00
parent c187d56cce
commit 957076d93b
1 changed files with 4 additions and 1 deletions
--- a/app/logical/danbooru_logger.rb
+++ b/app/logical/danbooru_logger.rb
@@ -58,7 +58,10 @@ class DanbooruLogger
  end

  def self.request_params(request)
-    request.parameters.with_indifferent_access.except(:controller, :action)
+    request.parameters.with_indifferent_access.except(:controller, :action).reject do |key, value|
+      # exclude strange URL params that don't come from our app.
+      !key.match?(/\A[a-z._]+\z/) || key.match?(/\A_|_\z/)
+    end
  end

  def self.session_params(session)