Catch malformed params input

[jrochkind]

If you have malformed params, in many cases it just winds up triggering an uncaught ruby exception.

This is flagged by my error tracking service, so I have to go and investigate and figure out what's going wrong -- even though really nothing is going wrong, it's just a bot trying random params. But then I get used to ignoring exceptions, "alert monitoring fatigue", which is also bad.

We're supposed to have params that once processed look like:

range: { field_name: { begin: number, end: number} }

But we can wind up with instead something like range: "string", or range: { wrong_key: "foo" }, or range: { begin: "not a number"}

Our HTML won't generate these (unless it's buggy?), but a bot or anyone can manually construct a query string that will -- that currently often results in an uncaught exception, that will rise to the top and be reported as a 500, and tracked by error tracking services you have installed, etc.

Instead, it should do one of these:

1. Silently ignore. (Easy to implement. Good enough? I think so?)

2. Return an HTTP 400 error response. (Not sure how hard it is to get a plugin like this to trigger this behavior. Is it necessary?)

@seanaery any opinion?

In either case, probably log at error level.

[jrochkind]

If we want 400, perhaps we can just raise a ActionController::BadRequest in controller logic and Rails will turn that into returning a 400 (without logging an application error?? That's crucial). So that is a possibility if we prefer that to silent ignore. Not sure which is better.

https://github.com/rails/rails/blob/main/actionpack/lib/action_dispatch/middleware/exception_wrapper.rb#L9

[seanaery]

@jrochkind I have no strong opinion and trust your judgment here. This sort of nuanced error handling is a bit outside my wheelhouse.