adds ssn to the sensitive parameters list (#3733)

adds ssn to the sensitive parameters list so the value will be replaced with [FILTERED] in the logs
ideacrew · Apr 12, 2024 · a3bdd6f · a3bdd6f
1 parent c0aaa8f
commit a3bdd6f
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 2 deletions.
diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb
@@ -1,4 +1,7 @@
+# frozen_string_literal: true
+
 # Be sure to restart your server when you modify this file.
 
-# Configure sensitive parameters which will be filtered from the log file.
-Rails.application.config.filter_parameters += [:password, :question_answer, :password_confirmation, :new_password]
+# Configure Rails to filter out sensitive parameters from the logs.
+# The parameters :password, :question_answer, :password_confirmation, :new_password, and :ssn will be replaced with [FILTERED] in the logs.
+Rails.application.config.filter_parameters += [:password, :question_answer, :password_confirmation, :new_password, :ssn]
diff --git a/features/insured/individual_curam_document.feature b/features/insured/individual_curam_document.feature
@@ -42,6 +42,7 @@ Feature: Customers go to Curam to view notices and verifications
     Then there will be text to the left of the MEDICAID & TAX CREDITS button
     Then Hbx Admin logs out
 
+  @flaky
   Scenario: Broker can see the Navigation Button
     Given an individual market broker exists
     And a consumer role family exists with broker

diff --git a/spec/controllers/insured/consumer_roles_controller_spec.rb b/spec/controllers/insured/consumer_roles_controller_spec.rb
@@ -105,6 +105,31 @@
       allow(mock_resident_candidate).to receive(:valid?).and_return(false)
     end
 
+    context 'sensitive params are filtered in logs' do
+      let(:validation_result) { true }
+      let(:found_person) { [] }
+
+      let(:person_parameters) do
+        {
+          'dob' => '1990-01-01',
+          'first_name' => 'dummy',
+          'gender' => 'male',
+          'last_name' => 'testing',
+          'middle_name' => 'enroll',
+          'name_sfx' => '',
+          'ssn' => '111111111'
+        }
+      end
+
+      let(:filtered_person_parameters) { person_parameters.merge('ssn' => '[FILTERED]') }
+
+      it 'confirms the ssn param is filtered' do
+        post :match, params: { person: person_parameters }
+        expect(response).to have_http_status(:success)
+        expect(File.read('log/test.log')).to include(filtered_person_parameters.to_s)
+      end
+    end
+
     context "given invalid parameters", dbclean: :after_each do
       let(:validation_result) { false }
       let(:found_person) { [] }