From 957076d93bcb571b17407a2a3fde0a67c54a2c82 Mon Sep 17 00:00:00 2001
From: evazion <noizave@gmail.com>
Date: Tue, 19 Apr 2022 03:31:03 -0500
Subject: [PATCH] apm: don't record unknown url params in the apm.

Don't record unknown url params that don't come from our app. This
includes typos, url params from userscripts, and weird params from
broken bots, crawlers, or other unknown sources. Indexing too many
params can lead to a mapping explosion.

https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping.html
---
 app/logical/danbooru_logger.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/app/logical/danbooru_logger.rb b/app/logical/danbooru_logger.rb
index a96937c35..638bdbfb2 100644
--- a/app/logical/danbooru_logger.rb
+++ b/app/logical/danbooru_logger.rb
@@ -58,7 +58,10 @@ class DanbooruLogger
   end
 
   def self.request_params(request)
-    request.parameters.with_indifferent_access.except(:controller, :action)
+    request.parameters.with_indifferent_access.except(:controller, :action).reject do |key, value|
+      # exclude strange URL params that don't come from our app.
+      !key.match?(/\A[a-z._]+\z/) || key.match?(/\A_|_\z/)
+    end
   end
 
   def self.session_params(session)