diff options
author | Joas Schilling <nickvergessen@gmx.de> | 2016-06-08 16:32:58 +0200 |
---|---|---|
committer | Thomas Müller <DeepDiver1975@users.noreply.github.com> | 2016-06-08 16:32:58 +0200 |
commit | e49307014c9dab210dc21cc50a918e0b1c6fff22 (patch) | |
tree | 80107bf8ddd6eb4b76fd8b494bd1007faef6207c /lib/private | |
parent | 56215513e1339c0c80bcaa67740768893e62b454 (diff) | |
download | nextcloud-server-e49307014c9dab210dc21cc50a918e0b1c6fff22.tar.gz nextcloud-server-e49307014c9dab210dc21cc50a918e0b1c6fff22.zip |
Do not log token or challenge with exception stacktrace (#25026)
* Make the filtering better readable
* Add some more methods to the sensitive list
Diffstat (limited to 'lib/private')
-rw-r--r-- | lib/private/Log.php | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/lib/private/Log.php b/lib/private/Log.php index 6028064a878..49223521916 100644 --- a/lib/private/Log.php +++ b/lib/private/Log.php @@ -60,6 +60,32 @@ class Log implements ILogger { /** @var Normalizer */ private $normalizer; + protected $methodsWithSensitiveParameters = [ + // Session/User + 'login', + 'checkPassword', + 'updatePrivateKeyPassword', + 'validateUserPass', + + // TokenProvider + 'getToken', + 'isTokenPassword', + 'getPassword', + 'decryptPassword', + 'logClientIn', + 'generateToken', + 'validateToken', + + // TwoFactorAuth + 'solveChallenge', + 'verifyChallenge', + + //ICrypto + 'calculateHMAC', + 'encrypt', + 'decrypt', + ]; + /** * @param string $logger The logger that should be used * @param SystemConfig $config the system config object @@ -286,7 +312,7 @@ class Log implements ILogger { 'File' => $exception->getFile(), 'Line' => $exception->getLine(), ); - $exception['Trace'] = preg_replace('!(login|checkPassword|updatePrivateKeyPassword|validateUserPass)\(.*\)!', '$1(*** username and password replaced ***)', $exception['Trace']); + $exception['Trace'] = preg_replace('!(' . implode('|', $this->methodsWithSensitiveParameters) . ')\(.*\)!', '$1(*** sensitive parameters replaced ***)', $exception['Trace']); $msg = isset($context['message']) ? $context['message'] : 'Exception'; $msg .= ': ' . json_encode($exception); $this->error($msg, $context); |