From a9ccac2f206882ad1008c219cc94c48e7a434f57 Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Fri, 26 Jul 2019 13:31:14 +0200 Subject: [PATCH] treat sensitive config keys by pattern Signed-off-by: Arthur Schiwon --- lib/private/AppConfig.php | 9 +++++---- tests/lib/AppConfigTest.php | 2 ++ 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/lib/private/AppConfig.php b/lib/private/AppConfig.php index 6d24ca5fa8..8e921dbb7c 100644 --- a/lib/private/AppConfig.php +++ b/lib/private/AppConfig.php @@ -44,10 +44,10 @@ class AppConfig implements IAppConfig { /** @var array[] */ protected $sensitiveValues = [ 'spreed' => [ - 'turn_server_secret', + '/^turn_server_secret$/', ], 'user_ldap' => [ - 'ldap_agent_password', + '/^(s..)?ldap_agent_password$/', ], ]; @@ -289,8 +289,9 @@ class AppConfig implements IAppConfig { $values = $this->getValues($app, false); if (isset($this->sensitiveValues[$app])) { - foreach ($this->sensitiveValues[$app] as $sensitiveKey) { - if (isset($values[$sensitiveKey])) { + foreach ($this->sensitiveValues[$app] as $sensitiveKeyExp) { + $sensitiveKeys = preg_grep($sensitiveKeyExp, array_keys($values)); + foreach ($sensitiveKeys as $sensitiveKey) { $values[$sensitiveKey] = IConfig::SENSITIVE_VALUE; } } diff --git a/tests/lib/AppConfigTest.php b/tests/lib/AppConfigTest.php index fed929352d..9456fe4c23 100644 --- a/tests/lib/AppConfigTest.php +++ b/tests/lib/AppConfigTest.php @@ -318,12 +318,14 @@ class AppConfigTest extends TestCase { ->with('user_ldap', false) ->willReturn([ 'ldap_agent_password' => 'secret', + 's42ldap_agent_password' => 'secret', 'ldap_dn' => 'dn', ]); $values = $config->getFilteredValues('user_ldap'); $this->assertEquals([ 'ldap_agent_password' => IConfig::SENSITIVE_VALUE, + 's42ldap_agent_password' => IConfig::SENSITIVE_VALUE, 'ldap_dn' => 'dn', ], $values); }