From 8a17c43a1239e9f81aa07da7a799057dbad9bebd Mon Sep 17 00:00:00 2001
From: Stephen Dicks <github@starswan.com>
Date: Thu, 3 Oct 2024 11:09:57 +0100
Subject: [PATCH] filter sensitive controller parameters (#7124)

---
 .../initializers/filter_parameter_logging.rb  | 36 +++++++++++++++++++
 .../filter_parameter_logging_spec.rb          | 14 ++++++++
 2 files changed, 50 insertions(+)
 create mode 100644 spec/configuration/filter_parameter_logging_spec.rb

diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb
index 380ec8894f..f9d416266e 100644
--- a/config/initializers/filter_parameter_logging.rb
+++ b/config/initializers/filter_parameter_logging.rb
@@ -14,6 +14,42 @@
   gender
   orientation
   religion
+  id
+  job_title
+  jobseeker_id
+  jobseeker_profile_id
+  support_needed_details
+  rejection_reasons
+  further_instructions
+  job_application_id
+  publisher_id
+  first_name
+  last_name
+  previous_names
+  street_address
+  city
+  postcode
+  phone_number
+  institution
+  organisation
+  recipient_id
+  oid
+  main_duties
+  teacher_reference_number
+  finished_studying_details
+  close_relationships_details
+  gaps_in_employment_details
+  personal_statement
+  unconfirmed_email
+  family_name
+  given_name
+  email_address
+  about_you
+  name
+  application_email
+  contact_email
+  contact_number
+  qualification_results_attributes
 ] + [
   /^age$/i,
 ]
diff --git a/spec/configuration/filter_parameter_logging_spec.rb b/spec/configuration/filter_parameter_logging_spec.rb
new file mode 100644
index 0000000000..78bdc32ec2
--- /dev/null
+++ b/spec/configuration/filter_parameter_logging_spec.rb
@@ -0,0 +1,14 @@
+require "rails_helper"
+
+RSpec.describe "Filter parameter logging configuration" do
+  let(:analytics_hidden_pii) { Rails.application.config_for(:analytics_hidden_pii) }
+  let(:filter_params) { Rails.application.config.filter_parameters }
+
+  specify "all anonymised analytics fields should be filtered from logs" do
+    analytics_hidden_pii.each_value do |shared|
+      shared.each do |field|
+        expect(filter_params).to include(field.to_sym)
+      end
+    end
+  end
+end