summaryrefslogtreecommitdiffstats
path: root/lib/private
diff options
context:
space:
mode:
authorJoas Schilling <nickvergessen@gmx.de>2016-06-08 16:32:58 +0200
committerThomas Müller <DeepDiver1975@users.noreply.github.com>2016-06-08 16:32:58 +0200
commite49307014c9dab210dc21cc50a918e0b1c6fff22 (patch)
tree80107bf8ddd6eb4b76fd8b494bd1007faef6207c /lib/private
parent56215513e1339c0c80bcaa67740768893e62b454 (diff)
downloadnextcloud-server-e49307014c9dab210dc21cc50a918e0b1c6fff22.tar.gz
nextcloud-server-e49307014c9dab210dc21cc50a918e0b1c6fff22.zip
Do not log token or challenge with exception stacktrace (#25026)
* Make the filtering better readable * Add some more methods to the sensitive list
Diffstat (limited to 'lib/private')
-rw-r--r--lib/private/Log.php28
1 files changed, 27 insertions, 1 deletions
diff --git a/lib/private/Log.php b/lib/private/Log.php
index 6028064a878..49223521916 100644
--- a/lib/private/Log.php
+++ b/lib/private/Log.php
@@ -60,6 +60,32 @@ class Log implements ILogger {
/** @var Normalizer */
private $normalizer;
+ protected $methodsWithSensitiveParameters = [
+ // Session/User
+ 'login',
+ 'checkPassword',
+ 'updatePrivateKeyPassword',
+ 'validateUserPass',
+
+ // TokenProvider
+ 'getToken',
+ 'isTokenPassword',
+ 'getPassword',
+ 'decryptPassword',
+ 'logClientIn',
+ 'generateToken',
+ 'validateToken',
+
+ // TwoFactorAuth
+ 'solveChallenge',
+ 'verifyChallenge',
+
+ //ICrypto
+ 'calculateHMAC',
+ 'encrypt',
+ 'decrypt',
+ ];
+
/**
* @param string $logger The logger that should be used
* @param SystemConfig $config the system config object
@@ -286,7 +312,7 @@ class Log implements ILogger {
'File' => $exception->getFile(),
'Line' => $exception->getLine(),
);
- $exception['Trace'] = preg_replace('!(login|checkPassword|updatePrivateKeyPassword|validateUserPass)\(.*\)!', '$1(*** username and password replaced ***)', $exception['Trace']);
+ $exception['Trace'] = preg_replace('!(' . implode('|', $this->methodsWithSensitiveParameters) . ')\(.*\)!', '$1(*** sensitive parameters replaced ***)', $exception['Trace']);
$msg = isset($context['message']) ? $context['message'] : 'Exception';
$msg .= ': ' . json_encode($exception);
$this->error($msg, $context);