Add request-body parameter filtering for cassette recordings#1
Merged
Conversation
…ethod This fixes Ruby 2.7 'Using the last argument as keyword parameters is deprecated' warnings. More: https://www.ruby-lang.org/en/news/2019/12/12/separation-of-positional-and-keyword-arguments-in-ruby-3-0/
… API calls with different responses
|
Great job! No new security vulnerabilities introduced in this pull requestCommunicate with Checkmarx by submitting a PR comment with @Checkmarx followed by one of the supported commands. Learn about the supported commands here. |
Copilot
AI
changed the title
[WIP] Add filter_parameters configuration for sanitising sensitive fields
Add request-body parameter filtering for cassette recordings
Jun 8, 2026
|
@copilot resolve the merge conflicts in this pull request |
Author
Resolved. I merged |
danielmbarlow
approved these changes
Jun 8, 2026
danielmbarlow
left a comment
There was a problem hiding this comment.
Includes commits from these feature branches
Effilab:google-grpc-compatible ✔️
Battle tested in CI for 2 years
Effilab:copilot/add-filter-parameters-config ✔️
Tested locally with
- grpc (1.78.1)
- google-ads-googleads (36.1.0)
Test:
- Record GCR cassette
- Read the cassette using:
pigz -dc spec/integration/gcr_cassettes/cassette_name.json.zz | jq '.reqs[][]' | grep httpAuthorizationToken
# => "body": "{ ... "httpAuthorizationToken\":\"[FILTERED]\", ...- Re-ran test and cassette read correctly
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.

Sensitive request fields could be ignored for playback matching (
GCR.ignore) but were still persisted verbatim in cassette JSON. This change adds recording-time field filtering so configured values are replaced before they enterGCR::Requestand before cassettes are written.Config API: request filtering controls
GCR.filter_parameters(*fields)to map fields to"[FILTERED]".GCR.filter_parameters_with(hash)to map fields to custom replacement values.GCR.filtered_parametersas the string-keyed replacement registry.Recording path: sanitize at
Request.from_protoGCR::Request.from_protonow parses proto JSON, applies configured replacements, and stores the sanitized JSON body.Spec updates
filter_parametersfilter_parameters_with@filtered_parametersinspec/spec_helper.rbbefore(:each)to prevent cross-test leakage.Docs
README.mdconfiguration section with usage for default and custom filtering.Original prompt
Summary
Add a
filter_parametersconfiguration option that sanitises sensitive field values before they are written to cassette files on disk. This mirrors the existingignorepattern but targets recording rather than matching.Background
Currently
GCR.ignoreexcludes fields from request matching during playback, but sensitive values are still written verbatim to cassette JSON files. We need a way to replace sensitive field values (e.g. tokens, API keys) with a placeholder string before the cassette is persisted.Changes required
1.
lib/gcr.rb— addfilter_parametersandfilter_parameters_withconfig methodsAdd the following methods to the
GCRmodule, following the same style as the existingignore/ignored_fieldsmethods:2.
lib/gcr/request.rb— apply filtering infrom_protoModify
GCR::Request.from_prototo sanitise the body before storing it:3.
spec/gcr_spec.rb— add tests for the new behaviourAdd tests covering:
filter_parametersreplaces the specified field value with"[FILTERED]"in the recorded cassette JSONfilter_parameters_withreplaces the specified field value with a custom string in the recorded cassette JSONUse the existing
requestIdfield onHelloRequest(used viaGreetings::Client.hello("joe", "1")) as the field to filter in tests, since it is already exercised by the fixture.Also make sure to reset
GCR.filtered_parameters(setGCR.instance_variable_set(:@filtered_parameters, nil)) in thebefore(:each)block inspec/spec_helper.rbalongside the existing resets, so tests don't leak state.Notes
from_prototime — the sensitive value never enters the in-memoryRequestobject, keeping memory and disk consistent.filter_parametersandignoreare orthogonal:filter_parametersaffects what is written to disk;ignoreaffects matching during playback.README.mdshould be updated to document the new configuration option under the## Configurationsection.The following is the prior conversation context from the user's chat exploration (may be truncated):
User: Is there a way of configuring parameter filtering on this repo?
Assistant: Yes — GCR supports a form of parameter filtering via
GCR.ignore. It lets you specify field names that are excluded from request matching when playing back cassettes.How it works
The ignored fields are then consulted during request comparison in
GCR::Request#==:Usage example
From the spec, you can see it in action: