Merge pull request #5619 from nextcloud/backport-5557-dont-log-passwords-on-dav-exceptions-either
[stable12] Don't log passwords on dav exceptions
This commit is contained in:
commit
40e454021b
|
@ -94,26 +94,9 @@ class ExceptionLoggerPlugin extends \Sabre\DAV\ServerPlugin {
|
|||
$level = \OCP\Util::DEBUG;
|
||||
}
|
||||
|
||||
$message = $ex->getMessage();
|
||||
if ($ex instanceof Exception) {
|
||||
if (empty($message)) {
|
||||
$response = new Response($ex->getHTTPCode());
|
||||
$message = $response->getStatusText();
|
||||
}
|
||||
$message = "HTTP/1.1 {$ex->getHTTPCode()} $message";
|
||||
}
|
||||
|
||||
$user = \OC_User::getUser();
|
||||
|
||||
$exception = [
|
||||
'Message' => $message,
|
||||
'Exception' => $exceptionClass,
|
||||
'Code' => $ex->getCode(),
|
||||
'Trace' => $ex->getTraceAsString(),
|
||||
'File' => $ex->getFile(),
|
||||
'Line' => $ex->getLine(),
|
||||
'User' => $user,
|
||||
];
|
||||
$this->logger->log($level, 'Exception: ' . json_encode($exception), ['app' => $this->appName]);
|
||||
$this->logger->logException($ex, [
|
||||
'app' => $this->appName,
|
||||
'level' => $level,
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -71,13 +71,13 @@ class ExceptionLoggerPluginTest extends TestCase {
|
|||
$this->plugin->logException($exception);
|
||||
|
||||
$this->assertEquals($expectedLogLevel, $this->logger->level);
|
||||
$this->assertStringStartsWith('Exception: {"Message":"' . $expectedMessage, $this->logger->message);
|
||||
$this->assertStringStartsWith('Exception: {"Exception":' . json_encode(get_class($exception)) . ',"Message":"' . $expectedMessage . '",', $this->logger->message);
|
||||
}
|
||||
|
||||
public function providesExceptions() {
|
||||
return [
|
||||
[0, 'HTTP\/1.1 404 Not Found', new NotFound()],
|
||||
[4, 'HTTP\/1.1 400 This path leads to nowhere', new InvalidPath('This path leads to nowhere')]
|
||||
[0, '', new NotFound()],
|
||||
[4, 'This path leads to nowhere', new InvalidPath('This path leads to nowhere')]
|
||||
];
|
||||
}
|
||||
|
||||
|
|
|
@ -311,7 +311,12 @@ class Log implements ILogger {
|
|||
* @since 8.2.0
|
||||
*/
|
||||
public function logException($exception, array $context = array()) {
|
||||
$exception = array(
|
||||
$level = Util::ERROR;
|
||||
if (isset($context['level'])) {
|
||||
$level = $context['level'];
|
||||
unset($context['level']);
|
||||
}
|
||||
$data = array(
|
||||
'Exception' => get_class($exception),
|
||||
'Message' => $exception->getMessage(),
|
||||
'Code' => $exception->getCode(),
|
||||
|
@ -319,10 +324,10 @@ class Log implements ILogger {
|
|||
'File' => $exception->getFile(),
|
||||
'Line' => $exception->getLine(),
|
||||
);
|
||||
$exception['Trace'] = preg_replace('!(' . implode('|', $this->methodsWithSensitiveParameters) . ')\(.*\)!', '$1(*** sensitive parameters replaced ***)', $exception['Trace']);
|
||||
$data['Trace'] = preg_replace('!(' . implode('|', $this->methodsWithSensitiveParameters) . ')\(.*\)!', '$1(*** sensitive parameters replaced ***)', $data['Trace']);
|
||||
$msg = isset($context['message']) ? $context['message'] : 'Exception';
|
||||
$msg .= ': ' . json_encode($exception);
|
||||
$this->error($msg, $context);
|
||||
$msg .= ': ' . json_encode($data);
|
||||
$this->log($level, $msg, $context);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
Loading…
Reference in New Issue