救援ActionController :: BadRequest

时间:2014-03-18 08:20:00

标签: ruby-on-rails security

我正在运行一个rails应用程序,我有一个简单的show动作,代码如下所示:

@post = Post.find(params[:id])

因此,如果你去 posts / 1 ,你会看到帖子,如果有的话。

我可以捕获无效的params [:id]或无效的params,但我发现了一些奇怪的东西。昨天有人试图通过我这样的事情:

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Result:+%ED%E5;

我收到一个ActionController错误请求异常。当我访问网址 / posts / ++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++错误。我也注意到,使用param它没有进入posts控制器show action,要么是应用程序控制器(我也试图从那里拯救它)。我想这是我所拥有的一些宝石的机架异常,我不知道如何拯救它。

以下是我的错误回复:

Started GET "/blog/+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Result:+%ED" for 192.168.1.105 at 2014-03-18 09:45:42 +0200

ActionController::BadRequest (ActionController::BadRequest):
  actionpack (4.0.2) lib/action_dispatch/routing/route_set.rb:37:in `block in call'
  actionpack (4.0.2) lib/action_dispatch/routing/route_set.rb:33:in `each'
  actionpack (4.0.2) lib/action_dispatch/routing/route_set.rb:33:in `call'
  actionpack (4.0.2) lib/action_dispatch/journey/router.rb:71:in `block in call'
  actionpack (4.0.2) lib/action_dispatch/journey/router.rb:59:in `each'
  actionpack (4.0.2) lib/action_dispatch/journey/router.rb:59:in `call'
  actionpack (4.0.2) lib/action_dispatch/routing/route_set.rb:680:in `call'
  meta_request (0.2.8) lib/meta_request/middlewares/app_request_handler.rb:13:in `call'
  rack-contrib (1.1.0) lib/rack/contrib/response_headers.rb:17:in `call'
  meta_request (0.2.8) lib/meta_request/middlewares/headers.rb:16:in `call'
  meta_request (0.2.8) lib/meta_request/middlewares/meta_request_handler.rb:13:in `call'
  bullet (4.7.1) lib/bullet/rack.rb:12:in `call'
  warden (1.2.3) lib/warden/manager.rb:35:in `block in call'
  warden (1.2.3) lib/warden/manager.rb:34:in `catch'
  warden (1.2.3) lib/warden/manager.rb:34:in `call'
  rack (1.5.2) lib/rack/etag.rb:23:in `call'
  rack (1.5.2) lib/rack/conditionalget.rb:25:in `call'
  rack (1.5.2) lib/rack/head.rb:11:in `call'
  actionpack (4.0.2) lib/action_dispatch/middleware/params_parser.rb:27:in `call'
  actionpack (4.0.2) lib/action_dispatch/middleware/flash.rb:241:in `call'
  rack (1.5.2) lib/rack/session/abstract/id.rb:225:in `context'
  rack (1.5.2) lib/rack/session/abstract/id.rb:220:in `call'
  actionpack (4.0.2) lib/action_dispatch/middleware/cookies.rb:486:in `call'
  activerecord (4.0.2) lib/active_record/query_cache.rb:36:in `call'
  activerecord (4.0.2) lib/active_record/connection_adapters/abstract/connection_pool.rb:626:in `call'
  activerecord (4.0.2) lib/active_record/migration.rb:369:in `call'
  actionpack (4.0.2) lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
  activesupport (4.0.2) lib/active_support/callbacks.rb:373:in `_run__44017112__call__callbacks'
  activesupport (4.0.2) lib/active_support/callbacks.rb:80:in `run_callbacks'
  actionpack (4.0.2) lib/action_dispatch/middleware/callbacks.rb:27:in `call'
  actionpack (4.0.2) lib/action_dispatch/middleware/reloader.rb:64:in `call'
  actionpack (4.0.2) lib/action_dispatch/middleware/remote_ip.rb:76:in `call'
  better_errors (1.1.0) lib/better_errors/middleware.rb:58:in `call'
  actionpack (4.0.2) lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
  actionpack (4.0.2) lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
  railties (4.0.2) lib/rails/rack/logger.rb:38:in `call_app'
  railties (4.0.2) lib/rails/rack/logger.rb:20:in `block in call'
  activesupport (4.0.2) lib/active_support/tagged_logging.rb:67:in `block in tagged'
  activesupport (4.0.2) lib/active_support/tagged_logging.rb:25:in `tagged'
  activesupport (4.0.2) lib/active_support/tagged_logging.rb:67:in `tagged'
  railties (4.0.2) lib/rails/rack/logger.rb:20:in `call'
  quiet_assets (1.0.2) lib/quiet_assets.rb:18:in `call_with_quiet_assets'
  actionpack (4.0.2) lib/action_dispatch/middleware/request_id.rb:21:in `call'
  rack (1.5.2) lib/rack/methodoverride.rb:21:in `call'
  rack (1.5.2) lib/rack/runtime.rb:17:in `call'
  activesupport (4.0.2) lib/active_support/cache/strategy/local_cache.rb:83:in `call'
  rack (1.5.2) lib/rack/lock.rb:17:in `call'
  actionpack (4.0.2) lib/action_dispatch/middleware/static.rb:64:in `call'
  rack (1.5.2) lib/rack/sendfile.rb:112:in `call'
  railties (4.0.2) lib/rails/engine.rb:511:in `call'
  railties (4.0.2) lib/rails/application.rb:97:in `call'
  rack (1.5.2) lib/rack/content_length.rb:14:in `call'
  puma (2.7.1) lib/puma/server.rb:486:in `handle_request'
  puma (2.7.1) lib/puma/server.rb:357:in `process_client'
  puma (2.7.1) lib/puma/server.rb:250:in `block in run'
  puma (2.7.1) lib/puma/thread_pool.rb:92:in `call'
  puma (2.7.1) lib/puma/thread_pool.rb:92:in `block in spawn_thread'

任何想法如何用404拯救这个并避免空白页?

1 个答案:

答案 0 :(得分:11)

好的,我发现如果你传递类似%ED的内容,这是一个400错误的请求,所以我刚刚创建了一个400静态页面,我在我的异常通知中添加了以下内容:

  Myapp::Application.config.middleware.use ExceptionNotification::Rack,
  :ignore_exceptions => ['ActionController::BadRequest'] + ExceptionNotifier.ignored_exceptions,
  :ignore_crawlers => %w{Googlebot bingbot},
  :email => {
    :email_prefix => "[Myapp.com Exception Notifier] ",
    :sender_address => %{"myapp.com" <info@myapp.com>},
    :exception_recipients => %w{myemail@myapp.com}
  }
相关问题
最新问题