diff options
Diffstat (limited to 'lib/private/Log/ExceptionSerializer.php')
| -rw-r--r-- | lib/private/Log/ExceptionSerializer.php | 124 |
1 files changed, 72 insertions, 52 deletions
diff --git a/lib/private/Log/ExceptionSerializer.php b/lib/private/Log/ExceptionSerializer.php index dab134b26a4..af7c9e48435 100644 --- a/lib/private/Log/ExceptionSerializer.php +++ b/lib/private/Log/ExceptionSerializer.php @@ -1,34 +1,13 @@ <?php + /** - * @copyright Copyright (c) 2018 Robin Appelman <robin@icewind.nl> - * - * @author Arthur Schiwon <blizzz@arthur-schiwon.de> - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Joas Schilling <coding@schilljs.com> - * @author Morris Jobke <hey@morrisjobke.de> - * @author Robin Appelman <robin@icewind.nl> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * @author Vincent Petry <vincent@nextcloud.com> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace OC\Log; use OC\Core\Controller\SetupController; +use OC\Http\Client\Client; use OC\Security\IdentityProof\Key; use OC\Setup; use OC\SystemConfig; @@ -36,12 +15,15 @@ use OCA\Encryption\Controller\RecoveryController; use OCA\Encryption\Controller\SettingsController; use OCA\Encryption\Crypto\Crypt; use OCA\Encryption\Crypto\Encryption; -use OCA\Encryption\Hooks\UserHooks; use OCA\Encryption\KeyManager; +use OCA\Encryption\Listeners\UserEventsListener; +use OCA\Encryption\Services\PassphraseService; use OCA\Encryption\Session; use OCP\HintException; class ExceptionSerializer { + public const SENSITIVE_VALUE_PLACEHOLDER = '*** sensitive parameters replaced ***'; + public const methodsWithSensitiveParameters = [ // Session/User 'completeLogin', @@ -53,6 +35,7 @@ class ExceptionSerializer { 'validateUserPass', 'loginWithToken', '{closure}', + '{closure:*', 'createSessionToken', // Provisioning @@ -98,16 +81,24 @@ class ExceptionSerializer { // Preview providers, don't log big data strings 'imagecreatefromstring', - ]; - /** @var SystemConfig */ - private $systemConfig; + // text: PublicSessionController, SessionController and ApiService + 'create', + 'close', + 'push', + 'sync', + 'updateSession', + 'mention', + 'loginSessionUser', - public function __construct(SystemConfig $systemConfig) { - $this->systemConfig = $systemConfig; + ]; + + public function __construct( + private SystemConfig $systemConfig, + ) { } - public const methodsWithSensitiveParametersByClass = [ + protected array $methodsWithSensitiveParametersByClass = [ SetupController::class => [ 'run', 'display', @@ -119,6 +110,22 @@ class ExceptionSerializer { Key::class => [ '__construct' ], + Client::class => [ + 'request', + 'delete', + 'deleteAsync', + 'get', + 'getAsync', + 'head', + 'headAsync', + 'options', + 'optionsAsync', + 'patch', + 'post', + 'postAsync', + 'put', + 'putAsync', + ], \Redis::class => [ 'auth' ], @@ -165,14 +172,16 @@ class ExceptionSerializer { \OCA\Encryption\Users\Setup::class => [ 'setupUser', ], - UserHooks::class => [ - 'login', - 'postCreateUser', - 'postDeleteUser', - 'prePasswordReset', - 'postPasswordReset', - 'preSetPassphrase', - 'setPassphrase', + UserEventsListener::class => [ + 'handle', + 'onUserCreated', + 'onUserLogin', + 'onBeforePasswordUpdated', + 'onPasswordUpdated', + 'onPasswordReset', + ], + PassphraseService::class => [ + 'setPassphraseForUser', ], ]; @@ -180,7 +189,7 @@ class ExceptionSerializer { if (isset($traceLine['args'])) { $sensitiveValues = array_merge($sensitiveValues, $traceLine['args']); } - $traceLine['args'] = ['*** sensitive parameters replaced ***']; + $traceLine['args'] = [self::SENSITIVE_VALUE_PLACEHOLDER]; return $traceLine; } @@ -188,12 +197,14 @@ class ExceptionSerializer { $sensitiveValues = []; $trace = array_map(function (array $traceLine) use (&$sensitiveValues) { $className = $traceLine['class'] ?? ''; - if ($className && isset(self::methodsWithSensitiveParametersByClass[$className]) - && in_array($traceLine['function'], self::methodsWithSensitiveParametersByClass[$className], true)) { + if ($className && isset($this->methodsWithSensitiveParametersByClass[$className]) + && in_array($traceLine['function'], $this->methodsWithSensitiveParametersByClass[$className], true)) { return $this->editTrace($sensitiveValues, $traceLine); } foreach (self::methodsWithSensitiveParameters as $sensitiveMethod) { - if (strpos($traceLine['function'], $sensitiveMethod) !== false) { + if (str_contains($traceLine['function'], $sensitiveMethod) + || (str_ends_with($sensitiveMethod, '*') + && str_starts_with($traceLine['function'], substr($sensitiveMethod, 0, -1)))) { return $this->editTrace($sensitiveValues, $traceLine); } } @@ -207,25 +218,27 @@ class ExceptionSerializer { }, $trace); } - private function removeValuesFromArgs($args, $values) { - foreach ($args as &$arg) { + private function removeValuesFromArgs($args, $values): array { + $workArgs = []; + foreach ($args as $key => $arg) { if (in_array($arg, $values, true)) { - $arg = '*** sensitive parameter replaced ***'; + $arg = self::SENSITIVE_VALUE_PLACEHOLDER; } elseif (is_array($arg)) { $arg = $this->removeValuesFromArgs($arg, $values); } + $workArgs[$key] = $arg; } - return $args; + return $workArgs; } private function encodeTrace($trace) { - $filteredTrace = $this->filterTrace($trace); - return array_map(function (array $line) { + $trace = array_map(function (array $line) { if (isset($line['args'])) { $line['args'] = array_map([$this, 'encodeArg'], $line['args']); } return $line; - }, $filteredTrace); + }, $trace); + return $this->filterTrace($trace); } private function encodeArg($arg, $nestingLevel = 5) { @@ -265,7 +278,7 @@ class ExceptionSerializer { return $arg; } - public function serializeException(\Throwable $exception) { + public function serializeException(\Throwable $exception): array { $data = [ 'Exception' => get_class($exception), 'Message' => $exception->getMessage(), @@ -285,4 +298,11 @@ class ExceptionSerializer { return $data; } + + public function enlistSensitiveMethods(string $class, array $methods): void { + if (!isset($this->methodsWithSensitiveParametersByClass[$class])) { + $this->methodsWithSensitiveParametersByClass[$class] = []; + } + $this->methodsWithSensitiveParametersByClass[$class] = array_merge($this->methodsWithSensitiveParametersByClass[$class], $methods); + } } |