From dc41ee58f44b77ad6159b26ec1feba3db37eeb43 Mon Sep 17 00:00:00 2001 From: Richard Towers Date: Fri, 29 Sep 2023 14:57:49 +0100 Subject: [PATCH] Get controller labels from controller, not params prometheus_exporter currently reads the controller and action label from action_dispatch.request.parameters. This can lead to conflicts, where there's a form parameter called "action", or "controller" which takes precedence over "which controller action is this?". This can be validated with a curl request to a rails application instrumented with prometheus_exporter: curl -v http://127.0.0.1:3000/ --data 'controller=test' Results in: # HELP http_requests_total Total HTTP requests from web app. # TYPE http_requests_total counter http_requests_total{action="other",controller="test",status="404"} 1 This commit pulls the controller instance from `action_controller.instance`, and then calls the controller_name / action_name methods, which should be accurate even when conflicting form parameters are provided. --- lib/prometheus_exporter/middleware.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/prometheus_exporter/middleware.rb b/lib/prometheus_exporter/middleware.rb index d2bd1a3..9fecd04 100644 --- a/lib/prometheus_exporter/middleware.rb +++ b/lib/prometheus_exporter/middleware.rb @@ -60,11 +60,11 @@ def call(env) end def default_labels(env, result) - params = env["action_dispatch.request.parameters"] + controller_instance = env["action_controller.instance"] action = controller = nil - if params - action = params["action"] - controller = params["controller"] + if controller_instance + action = controller_instance.action_name + controller = controller_instance.controller_name elsif (cors = env["rack.cors"]) && cors.respond_to?(:preflight?) && cors.preflight? # if the Rack CORS Middleware identifies the request as a preflight request, # the stack doesn't get to the point where controllers/actions are defined