diff options
| author | Joas Schilling <coding@schilljs.com> | 2024-03-28 11:10:39 +0100 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2024-03-28 11:10:39 +0100 |
| commit | ca08437967e5ecbd41ae74de38cede0de1e6047c (patch) | |
| tree | 071337be8d674eabd0fb86de9ca199de47080f02 | |
| parent | 28c8a46ef9e076015ae52335e71d9dd5f5432c5e (diff) | |
| download | nextcloud-server-bugfix/noid/consistent-handling-of-SensitiveParameter.tar.gz nextcloud-server-bugfix/noid/consistent-handling-of-SensitiveParameter.zip | |
fix(logger): Make the handling of SensitiveParameters consistentbugfix/noid/consistent-handling-of-SensitiveParameter
Signed-off-by: Joas Schilling <coding@schilljs.com>
| -rw-r--r-- | lib/private/Log/ExceptionSerializer.php | 4 | ||||
| -rw-r--r-- | tests/lib/Log/ExceptionSerializerTest.php | 19 |
2 files changed, 22 insertions, 1 deletions
diff --git a/lib/private/Log/ExceptionSerializer.php b/lib/private/Log/ExceptionSerializer.php index 8b895bcb6be..da4c7224aa4 100644 --- a/lib/private/Log/ExceptionSerializer.php +++ b/lib/private/Log/ExceptionSerializer.php @@ -220,7 +220,9 @@ class ExceptionSerializer { private function removeValuesFromArgs($args, $values): array { $workArgs = []; foreach ($args as $arg) { - if (in_array($arg, $values, true)) { + if (isset($arg['__class__']) && $arg['__class__'] === \SensitiveParameterValue::class) { + $arg = self::SENSITIVE_VALUE_PLACEHOLDER; + } elseif (in_array($arg, $values, true)) { $arg = self::SENSITIVE_VALUE_PLACEHOLDER; } elseif (is_array($arg)) { $arg = $this->removeValuesFromArgs($arg, $values); diff --git a/tests/lib/Log/ExceptionSerializerTest.php b/tests/lib/Log/ExceptionSerializerTest.php index 209214a6832..6637c401ab1 100644 --- a/tests/lib/Log/ExceptionSerializerTest.php +++ b/tests/lib/Log/ExceptionSerializerTest.php @@ -52,6 +52,14 @@ class ExceptionSerializerTest extends TestCase { throw new \Exception('expected custom auth exception'); } + private function usingSensitiveParameterAttribute( + string $login, + #[\SensitiveParameter] + string $parole, + ): void { + throw new \Exception('SensitiveParameter attribute'); + } + /** * this test ensures that the serializer does not overwrite referenced * variables. It is crafted after a scenario we experienced: the DAV server @@ -81,4 +89,15 @@ class ExceptionSerializerTest extends TestCase { $this->assertFalse(isset($serializedData['Trace'][0]['args'][1])); } } + + public function testSensitiveParameterAttribute(): void { + try { + $this->usingSensitiveParameterAttribute('u57474', 'Secret'); + } catch (\Exception $e) { + $serializedData = $this->serializer->serializeException($e); + $this->assertSame('usingSensitiveParameterAttribute', $serializedData['Trace'][0]['function']); + $this->assertSame('u57474', $serializedData['Trace'][0]['args'][0]); + $this->assertSame('*** sensitive parameters replaced ***', $serializedData['Trace'][0]['args'][1]); + } + } } |