Merge pull request #5619 from nextcloud/backport-5557-dont-log-passwords-on-dav-exceptions-either

[stable12] Don't log passwords on dav exceptions
This commit is contained in:
blizzz 2017-07-05 22:15:04 +02:00 committed by GitHub
commit 40e454021b
3 changed files with 17 additions and 29 deletions

View File

@ -94,26 +94,9 @@ class ExceptionLoggerPlugin extends \Sabre\DAV\ServerPlugin {
$level = \OCP\Util::DEBUG;
}
$message = $ex->getMessage();
if ($ex instanceof Exception) {
if (empty($message)) {
$response = new Response($ex->getHTTPCode());
$message = $response->getStatusText();
}
$message = "HTTP/1.1 {$ex->getHTTPCode()} $message";
}
$user = \OC_User::getUser();
$exception = [
'Message' => $message,
'Exception' => $exceptionClass,
'Code' => $ex->getCode(),
'Trace' => $ex->getTraceAsString(),
'File' => $ex->getFile(),
'Line' => $ex->getLine(),
'User' => $user,
];
$this->logger->log($level, 'Exception: ' . json_encode($exception), ['app' => $this->appName]);
$this->logger->logException($ex, [
'app' => $this->appName,
'level' => $level,
]);
}
}

View File

@ -71,13 +71,13 @@ class ExceptionLoggerPluginTest extends TestCase {
$this->plugin->logException($exception);
$this->assertEquals($expectedLogLevel, $this->logger->level);
$this->assertStringStartsWith('Exception: {"Message":"' . $expectedMessage, $this->logger->message);
$this->assertStringStartsWith('Exception: {"Exception":' . json_encode(get_class($exception)) . ',"Message":"' . $expectedMessage . '",', $this->logger->message);
}
public function providesExceptions() {
return [
[0, 'HTTP\/1.1 404 Not Found', new NotFound()],
[4, 'HTTP\/1.1 400 This path leads to nowhere', new InvalidPath('This path leads to nowhere')]
[0, '', new NotFound()],
[4, 'This path leads to nowhere', new InvalidPath('This path leads to nowhere')]
];
}

View File

@ -311,7 +311,12 @@ class Log implements ILogger {
* @since 8.2.0
*/
public function logException($exception, array $context = array()) {
$exception = array(
$level = Util::ERROR;
if (isset($context['level'])) {
$level = $context['level'];
unset($context['level']);
}
$data = array(
'Exception' => get_class($exception),
'Message' => $exception->getMessage(),
'Code' => $exception->getCode(),
@ -319,10 +324,10 @@ class Log implements ILogger {
'File' => $exception->getFile(),
'Line' => $exception->getLine(),
);
$exception['Trace'] = preg_replace('!(' . implode('|', $this->methodsWithSensitiveParameters) . ')\(.*\)!', '$1(*** sensitive parameters replaced ***)', $exception['Trace']);
$data['Trace'] = preg_replace('!(' . implode('|', $this->methodsWithSensitiveParameters) . ')\(.*\)!', '$1(*** sensitive parameters replaced ***)', $data['Trace']);
$msg = isset($context['message']) ? $context['message'] : 'Exception';
$msg .= ': ' . json_encode($exception);
$this->error($msg, $context);
$msg .= ': ' . json_encode($data);
$this->log($level, $msg, $context);
}
/**