Don't show secrets for MessageVerifier#inspect and KeyGenerator#inspect

Before: ```ruby ActiveSupport::MessageVerifier.new(secret).inspect "#<ActiveSupport::MessageVerifier:0x0000000104888038 ... @secret=\"\\xAF\\bFh]LV}q\\nl\\xB2U\\xB3 ... >" ActiveSupport::KeyGenerator.new(secret).inspect "#<ActiveSupport::KeyGenerator:0x0000000104888038 ... @secret=\"\\xAF\\bFh]LV}q\\nl\\xB2U\\xB3 ... >" ``` After: ```ruby ActiveSupport::MessageVerifier::Aes256Gcm(secret).inspect "#<ActiveSupport::MessageVerifier:0x0000000104888038>" ActiveSupport::KeyGenerator::Aes256Gcm(secret).inspect "#<ActiveSupport::KeyGenerator:0x0000000104888038>" ```
2023-07-06 21:51:22 +02:00 · 2023-07-06 21:51:22 +02:00 · 5117da2b65
commit 5117da2b65
parent 1cbd88f918
5 changed files with 34 additions and 0 deletions
--- a/activesupport/CHANGELOG.md
+++ b/activesupport/CHANGELOG.md
@ -1,3 +1,21 @@
+*   Don't show secrets for `ActiveSupport::KeyGenerator#inspect`.
+
+    Before:
+
+    ```ruby
+    ActiveSupport::KeyGenerator.new(secret).inspect
+    "#<ActiveSupport::KeyGenerator:0x0000000104888038 ... @secret=\"\\xAF\\bFh]LV}q\\nl\\xB2U\\xB3 ... >"
+    ```
+
+    After:
+
+    ```ruby
+    ActiveSupport::KeyGenerator::Aes256Gcm(secret).inspect
+    "#<ActiveSupport::KeyGenerator:0x0000000104888038>"
+    ```
+
+    *Petrik de Heus*
+
 *   Improve error message when EventedFileUpdateChecker is used without a
    compatible version of the Listen gem

--- a/activesupport/lib/active_support/key_generator.rb
+++ b/activesupport/lib/active_support/key_generator.rb
@ -41,6 +41,10 @@ def initialize(secret, options = {})
    def generate_key(salt, key_size = 64)
      OpenSSL::PKCS5.pbkdf2_hmac(@secret, salt, @iterations, key_size, @hash_digest_class.new)
    end
+
+    def inspect # :nodoc:
+      "#<#{self.class.name}:#{'%#016x' % (object_id << 1)}>"
+    end
  end

  # = Caching Key Generator
--- a/activesupport/lib/active_support/message_verifier.rb
+++ b/activesupport/lib/active_support/message_verifier.rb
@ -301,6 +301,10 @@ def read_message(message, **options) # :nodoc:
      deserialize_with_metadata(decode(extract_encoded(message)), **options)
    end

+    def inspect # :nodoc:
+      "#<#{self.class.name}:#{'%#016x' % (object_id << 1)}>"
+    end
+
    private
      def sign_encoded(encoded)
        digest = generate_digest(encoded)
--- a/activesupport/test/key_generator_test.rb
+++ b/activesupport/test/key_generator_test.rb
@ -59,6 +59,10 @@ def setup
      assert_raises(ArgumentError) { ActiveSupport::KeyGenerator.hash_digest_class = InvalidDigest }
      assert_raises(ArgumentError) { ActiveSupport::KeyGenerator.hash_digest_class = InvalidDigest.new }
    end
+
+    test "inspect does not show secrets" do
+      assert_match(/\A#<ActiveSupport::KeyGenerator:0x[0-9a-f]+>\z/, @generator.inspect)
+    end
  end

  class CachingKeyGeneratorTest < ActiveSupport::TestCase
--- a/activesupport/test/message_verifier_test.rb
+++ b/activesupport/test/message_verifier_test.rb
@ -109,6 +109,10 @@ def test_raise_error_when_secret_is_nil
    assert_equal "Secret should not be nil.", exception.message
  end

+  test "inspect does not show secrets" do
+    assert_match(/\A#<ActiveSupport::MessageVerifier:0x[0-9a-f]+>\z/, @verifier.inspect)
+  end
+
  private
    def make_codec(**options)
      ActiveSupport::MessageVerifier.new(@secret, **options)