diff options
author | Thomas Müller <thomas.mueller@tmit.eu> | 2015-09-25 20:04:01 +0200 |
---|---|---|
committer | Thomas Müller <thomas.mueller@tmit.eu> | 2015-09-25 20:04:01 +0200 |
commit | 0aaece7de7584f9f6ae1144ef05abc5a32d95403 (patch) | |
tree | d3085263c460837f0c06003ac260125e10228eab /tests | |
parent | 8f2a14c5d6956fbc6d316211d68f7d87d7349c55 (diff) | |
parent | db8e7ce8b95c882c876f932296f25ec08883a1d3 (diff) | |
download | nextcloud-server-0aaece7de7584f9f6ae1144ef05abc5a32d95403.tar.gz nextcloud-server-0aaece7de7584f9f6ae1144ef05abc5a32d95403.zip |
Merge pull request #19346 from owncloud/drop-passwords-from-exception-log
Remove passwords from logged exception stack traces
Diffstat (limited to 'tests')
-rw-r--r-- | tests/lib/logger.php | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/tests/lib/logger.php b/tests/lib/logger.php index c8566988cf4..9c9cd9e6728 100644 --- a/tests/lib/logger.php +++ b/tests/lib/logger.php @@ -63,4 +63,48 @@ class Logger extends TestCase { public static function write($app, $message, $level) { self::$logs[]= "$level $message"; } + + public function userAndPasswordData() { + return [ + ['abc', 'def'], + ['mySpecialUsername', 'MySuperSecretPassword'], + ['my-user', '324324()#ä234'], + ['my-user', ')qwer'], + ['my-user', 'qwer)asdf'], + ['my-user', 'qwer)'], + ['my-user', '(qwer'], + ['my-user', 'qwer(asdf'], + ['my-user', 'qwer('], + ]; + } + + /** + * @dataProvider userAndPasswordData + */ + public function testDetectlogin($user, $password) { + $e = new \Exception('test'); + $this->logger->logException($e); + + $logLines = $this->getLogs(); + foreach($logLines as $logLine) { + $this->assertNotContains($user, $logLine); + $this->assertNotContains($password, $logLine); + $this->assertContains('login(*** username and password replaced ***)', $logLine); + } + } + + /** + * @dataProvider userAndPasswordData + */ + public function testDetectcheckPassword($user, $password) { + $e = new \Exception('test'); + $this->logger->logException($e); + $logLines = $this->getLogs(); + + foreach($logLines as $logLine) { + $this->assertNotContains($user, $logLine); + $this->assertNotContains($password, $logLine); + $this->assertContains('checkPassword(*** username and password replaced ***)', $logLine); + } + } } |