diff options
| -rw-r--r-- | lib/private/Log.php | 6 | ||||
| -rw-r--r-- | tests/lib/LoggerTest.php | 26 |
2 files changed, 32 insertions, 0 deletions
diff --git a/lib/private/Log.php b/lib/private/Log.php index d93b29414e6..6da23bfbaee 100644 --- a/lib/private/Log.php +++ b/lib/private/Log.php @@ -69,6 +69,8 @@ class Log implements ILogger { 'loginWithPassword', 'updatePrivateKeyPassword', 'validateUserPass', + 'loginWithToken', + '\{closure\}', // TokenProvider 'getToken', @@ -96,6 +98,10 @@ class Log implements ILogger { 'bind', 'areCredentialsValid', 'invokeLDAPMethod', + + // Encryption + 'storeKeyPair', + 'setupUser', ]; /** diff --git a/tests/lib/LoggerTest.php b/tests/lib/LoggerTest.php index da9cedc9f56..3a30bbd1d3b 100644 --- a/tests/lib/LoggerTest.php +++ b/tests/lib/LoggerTest.php @@ -138,6 +138,32 @@ class LoggerTest extends TestCase { } } + /** + * @dataProvider userAndPasswordData + */ + public function testDetectclosure($user, $password) { + $a = function($user, $password) { + throw new \Exception('test'); + }; + + try { + $a($user, $password); + } catch (\Exception $e) { + $this->logger->logException($e); + } + $logLines = $this->getLogs(); + + foreach($logLines as $logLine) { + $log = explode('\n', $logLine); + unset($log[1]); // Remove `testDetectclosure(` because we are not testing this here, but the closure on stack trace 0 + $logLine = implode('\n', $log); + + $this->assertNotContains($user, $logLine); + $this->assertNotContains($password, $logLine); + $this->assertContains('{closure}(*** sensitive parameters replaced ***)', $logLine); + } + } + public function dataGetLogClass() { return [ ['file', \OC\Log\File::class], |