diff options
Diffstat (limited to 'lib/private/Log.php')
| -rw-r--r-- | lib/private/Log.php | 115 |
1 files changed, 84 insertions, 31 deletions
diff --git a/lib/private/Log.php b/lib/private/Log.php index c7684a1aefd..301a25d12c1 100644 --- a/lib/private/Log.php +++ b/lib/private/Log.php @@ -14,6 +14,7 @@ use OC\AppFramework\Bootstrap\Coordinator; use OC\Log\ExceptionSerializer; use OCP\EventDispatcher\IEventDispatcher; use OCP\ILogger; +use OCP\IRequest; use OCP\IUserSession; use OCP\Log\BeforeMessageLoggedEvent; use OCP\Log\IDataLogger; @@ -36,17 +37,14 @@ use function strtr; class Log implements ILogger, IDataLogger { private ?bool $logConditionSatisfied = null; private ?IEventDispatcher $eventDispatcher = null; + private int $nestingLevel = 0; public function __construct( private IWriter $logger, private SystemConfig $config, - private ?Normalizer $normalizer = null, - private ?IRegistry $crashReporters = null + private Normalizer $normalizer = new Normalizer(), + private ?IRegistry $crashReporters = null, ) { - // FIXME: php8.1 allows "private Normalizer $normalizer = new Normalizer()," in initializer - if ($normalizer === null) { - $this->normalizer = new Normalizer(); - } } public function setEventDispatcher(IEventDispatcher $eventDispatcher): void { @@ -153,7 +151,7 @@ class Log implements ILogger, IDataLogger { * @param array $context */ public function log(int $level, string $message, array $context = []): void { - $minLevel = $this->getLogLevel($context); + $minLevel = $this->getLogLevel($context, $message); if ($level < $minLevel && (($this->crashReporters?->hasReporters() ?? false) === false) && (($this->eventDispatcher?->hasListeners(BeforeMessageLoggedEvent::class) ?? false) === false)) { @@ -194,9 +192,30 @@ class Log implements ILogger, IDataLogger { } } - public function getLogLevel($context): int { + public function getLogLevel(array $context, string $message): int { + if ($this->nestingLevel > 1) { + return ILogger::WARN; + } + + $this->nestingLevel++; + /** + * @psalm-var array{ + * shared_secret?: string, + * users?: string[], + * apps?: string[], + * matches?: array<array-key, array{ + * shared_secret?: string, + * users?: string[], + * apps?: string[], + * message?: string, + * loglevel: 0|1|2|3|4, + * }> + * } $logCondition + */ $logCondition = $this->config->getValue('log.condition', []); + $userId = false; + /** * check for a special log condition - this enables an increased log on * a per request/user base @@ -206,21 +225,8 @@ class Log implements ILogger, IDataLogger { $this->logConditionSatisfied = false; if (!empty($logCondition)) { // check for secret token in the request - if (isset($logCondition['shared_secret'])) { - $request = \OC::$server->getRequest(); - - if ($request->getMethod() === 'PUT' && - !str_contains($request->getHeader('Content-Type'), 'application/x-www-form-urlencoded') && - !str_contains($request->getHeader('Content-Type'), 'application/json')) { - $logSecretRequest = ''; - } else { - $logSecretRequest = $request->getParam('log_secret', ''); - } - - // if token is found in the request change set the log condition to satisfied - if ($request && hash_equals($logCondition['shared_secret'], $logSecretRequest)) { - $this->logConditionSatisfied = true; - } + if (isset($logCondition['shared_secret']) && $this->checkLogSecret($logCondition['shared_secret'])) { + $this->logConditionSatisfied = true; } // check for user @@ -233,6 +239,8 @@ class Log implements ILogger, IDataLogger { } elseif (in_array($user->getUID(), $logCondition['users'], true)) { // if the user matches set the log condition to satisfied $this->logConditionSatisfied = true; + } else { + $userId = $user->getUID(); } } } @@ -240,29 +248,74 @@ class Log implements ILogger, IDataLogger { // if log condition is satisfied change the required log level to DEBUG if ($this->logConditionSatisfied) { + $this->nestingLevel--; return ILogger::DEBUG; } + if ($userId === false && isset($logCondition['matches'])) { + $user = \OCP\Server::get(IUserSession::class)->getUser(); + $userId = $user === null ? false : $user->getUID(); + } + if (isset($context['app'])) { /** * check log condition based on the context of each log message * once this is met -> change the required log level to debug */ if (in_array($context['app'], $logCondition['apps'] ?? [], true)) { + $this->nestingLevel--; return ILogger::DEBUG; } } - $configLogLevel = $this->config->getValue('loglevel', ILogger::WARN); - if (is_numeric($configLogLevel)) { - return min((int)$configLogLevel, ILogger::FATAL); + if (!isset($logCondition['matches'])) { + $configLogLevel = $this->config->getValue('loglevel', ILogger::WARN); + if (is_numeric($configLogLevel)) { + $this->nestingLevel--; + return min((int)$configLogLevel, ILogger::FATAL); + } + + // Invalid configuration, warn the user and fall back to default level of WARN + error_log('Nextcloud configuration: "loglevel" is not a valid integer'); + $this->nestingLevel--; + return ILogger::WARN; } - // Invalid configuration, warn the user and fall back to default level of WARN - error_log('Nextcloud configuration: "loglevel" is not a valid integer'); + foreach ($logCondition['matches'] as $option) { + if ( + (!isset($option['shared_secret']) || $this->checkLogSecret($option['shared_secret'])) + && (!isset($option['users']) || in_array($userId, $option['users'], true)) + && (!isset($option['apps']) || (isset($context['app']) && in_array($context['app'], $option['apps'], true))) + && (!isset($option['message']) || str_contains($message, $option['message'])) + ) { + if (!isset($option['apps']) && !isset($option['loglevel']) && !isset($option['message'])) { + /* Only user and/or secret are listed as conditions, we can cache the result for the rest of the request */ + $this->logConditionSatisfied = true; + $this->nestingLevel--; + return ILogger::DEBUG; + } + $this->nestingLevel--; + return $option['loglevel'] ?? ILogger::DEBUG; + } + } + + $this->nestingLevel--; return ILogger::WARN; } + protected function checkLogSecret(string $conditionSecret): bool { + $request = \OCP\Server::get(IRequest::class); + + if ($request->getMethod() === 'PUT' + && !str_contains($request->getHeader('Content-Type'), 'application/x-www-form-urlencoded') + && !str_contains($request->getHeader('Content-Type'), 'application/json')) { + return hash_equals($conditionSecret, ''); + } + + // if token is found in the request change set the log condition to satisfied + return hash_equals($conditionSecret, $request->getParam('log_secret', '')); + } + /** * Logs an exception very detailed * @@ -275,7 +328,7 @@ class Log implements ILogger, IDataLogger { $app = $context['app'] ?? 'no app in context'; $level = $context['level'] ?? ILogger::ERROR; - $minLevel = $this->getLogLevel($context); + $minLevel = $this->getLogLevel($context, $context['message'] ?? $exception->getMessage()); if ($level < $minLevel && (($this->crashReporters?->hasReporters() ?? false) === false) && (($this->eventDispatcher?->hasListeners(BeforeMessageLoggedEvent::class) ?? false) === false)) { @@ -286,7 +339,7 @@ class Log implements ILogger, IDataLogger { try { $serializer = $this->getSerializer(); } catch (Throwable $e) { - $this->error("Failed to load ExceptionSerializer serializer while trying to log " . $exception->getMessage()); + $this->error('Failed to load ExceptionSerializer serializer while trying to log ' . $exception->getMessage()); return; } $data = $context; @@ -320,7 +373,7 @@ class Log implements ILogger, IDataLogger { $app = $context['app'] ?? 'no app in context'; $level = $context['level'] ?? ILogger::ERROR; - $minLevel = $this->getLogLevel($context); + $minLevel = $this->getLogLevel($context, $message); array_walk($context, [$this->normalizer, 'format']); |