diff options
| author | Joas Schilling <nickvergessen@gmx.de> | 2016-06-08 16:32:58 +0200 |
|---|---|---|
| committer | Thomas Müller <DeepDiver1975@users.noreply.github.com> | 2016-06-08 16:32:58 +0200 |
| commit | e49307014c9dab210dc21cc50a918e0b1c6fff22 (patch) | |
| tree | 80107bf8ddd6eb4b76fd8b494bd1007faef6207c | |
| parent | 56215513e1339c0c80bcaa67740768893e62b454 (diff) | |
| download | nextcloud-server-e49307014c9dab210dc21cc50a918e0b1c6fff22.tar.gz nextcloud-server-e49307014c9dab210dc21cc50a918e0b1c6fff22.zip | |
Do not log token or challenge with exception stacktrace (#25026)
* Make the filtering better readable
* Add some more methods to the sensitive list
| -rw-r--r-- | lib/private/Log.php | 28 | ||||
| -rw-r--r-- | tests/lib/LoggerTest.php | 6 |
2 files changed, 30 insertions, 4 deletions
diff --git a/lib/private/Log.php b/lib/private/Log.php index 6028064a878..49223521916 100644 --- a/lib/private/Log.php +++ b/lib/private/Log.php @@ -60,6 +60,32 @@ class Log implements ILogger { /** @var Normalizer */ private $normalizer; + protected $methodsWithSensitiveParameters = [ + // Session/User + 'login', + 'checkPassword', + 'updatePrivateKeyPassword', + 'validateUserPass', + + // TokenProvider + 'getToken', + 'isTokenPassword', + 'getPassword', + 'decryptPassword', + 'logClientIn', + 'generateToken', + 'validateToken', + + // TwoFactorAuth + 'solveChallenge', + 'verifyChallenge', + + //ICrypto + 'calculateHMAC', + 'encrypt', + 'decrypt', + ]; + /** * @param string $logger The logger that should be used * @param SystemConfig $config the system config object @@ -286,7 +312,7 @@ class Log implements ILogger { 'File' => $exception->getFile(), 'Line' => $exception->getLine(), ); - $exception['Trace'] = preg_replace('!(login|checkPassword|updatePrivateKeyPassword|validateUserPass)\(.*\)!', '$1(*** username and password replaced ***)', $exception['Trace']); + $exception['Trace'] = preg_replace('!(' . implode('|', $this->methodsWithSensitiveParameters) . ')\(.*\)!', '$1(*** sensitive parameters replaced ***)', $exception['Trace']); $msg = isset($context['message']) ? $context['message'] : 'Exception'; $msg .= ': ' . json_encode($exception); $this->error($msg, $context); diff --git a/tests/lib/LoggerTest.php b/tests/lib/LoggerTest.php index 4eb04b00f58..4b80c01f343 100644 --- a/tests/lib/LoggerTest.php +++ b/tests/lib/LoggerTest.php @@ -89,7 +89,7 @@ class LoggerTest extends TestCase { foreach($logLines as $logLine) { $this->assertNotContains($user, $logLine); $this->assertNotContains($password, $logLine); - $this->assertContains('login(*** username and password replaced ***)', $logLine); + $this->assertContains('login(*** sensitive parameters replaced ***)', $logLine); } } @@ -104,7 +104,7 @@ class LoggerTest extends TestCase { foreach($logLines as $logLine) { $this->assertNotContains($user, $logLine); $this->assertNotContains($password, $logLine); - $this->assertContains('checkPassword(*** username and password replaced ***)', $logLine); + $this->assertContains('checkPassword(*** sensitive parameters replaced ***)', $logLine); } } @@ -119,7 +119,7 @@ class LoggerTest extends TestCase { foreach($logLines as $logLine) { $this->assertNotContains($user, $logLine); $this->assertNotContains($password, $logLine); - $this->assertContains('validateUserPass(*** username and password replaced ***)', $logLine); + $this->assertContains('validateUserPass(*** sensitive parameters replaced ***)', $logLine); } } } |