Don't log passwords on dav exceptions

Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling 2017-06-29 11:43:32 +02:00
parent 5f0932a5a7
commit 79f6773ef9
No known key found for this signature in database
GPG Key ID: E166FD8976B3BAC8
3 changed files with 17 additions and 29 deletions

View File

@ -94,26 +94,9 @@ class ExceptionLoggerPlugin extends \Sabre\DAV\ServerPlugin {
$level = \OCP\Util::DEBUG; $level = \OCP\Util::DEBUG;
} }
$message = $ex->getMessage(); $this->logger->logException($ex, [
if ($ex instanceof Exception) { 'app' => $this->appName,
if (empty($message)) { 'level' => $level,
$response = new Response($ex->getHTTPCode()); ]);
$message = $response->getStatusText();
}
$message = "HTTP/1.1 {$ex->getHTTPCode()} $message";
}
$user = \OC_User::getUser();
$exception = [
'Message' => $message,
'Exception' => $exceptionClass,
'Code' => $ex->getCode(),
'Trace' => $ex->getTraceAsString(),
'File' => $ex->getFile(),
'Line' => $ex->getLine(),
'User' => $user,
];
$this->logger->log($level, 'Exception: ' . json_encode($exception), ['app' => $this->appName]);
} }
} }

View File

@ -71,13 +71,13 @@ class ExceptionLoggerPluginTest extends TestCase {
$this->plugin->logException($exception); $this->plugin->logException($exception);
$this->assertEquals($expectedLogLevel, $this->logger->level); $this->assertEquals($expectedLogLevel, $this->logger->level);
$this->assertStringStartsWith('Exception: {"Message":"' . $expectedMessage, $this->logger->message); $this->assertStringStartsWith('Exception: {"Exception":' . json_encode(get_class($exception)) . ',"Message":"' . $expectedMessage . '",', $this->logger->message);
} }
public function providesExceptions() { public function providesExceptions() {
return [ return [
[0, 'HTTP\/1.1 404 Not Found', new NotFound()], [0, '', new NotFound()],
[4, 'HTTP\/1.1 400 This path leads to nowhere', new InvalidPath('This path leads to nowhere')] [4, 'This path leads to nowhere', new InvalidPath('This path leads to nowhere')]
]; ];
} }

View File

@ -311,7 +311,12 @@ class Log implements ILogger {
* @since 8.2.0 * @since 8.2.0
*/ */
public function logException($exception, array $context = array()) { public function logException($exception, array $context = array()) {
$exception = array( $level = Util::ERROR;
if (isset($context['level'])) {
$level = $context['level'];
unset($context['level']);
}
$data = array(
'Exception' => get_class($exception), 'Exception' => get_class($exception),
'Message' => $exception->getMessage(), 'Message' => $exception->getMessage(),
'Code' => $exception->getCode(), 'Code' => $exception->getCode(),
@ -319,10 +324,10 @@ class Log implements ILogger {
'File' => $exception->getFile(), 'File' => $exception->getFile(),
'Line' => $exception->getLine(), 'Line' => $exception->getLine(),
); );
$exception['Trace'] = preg_replace('!(' . implode('|', $this->methodsWithSensitiveParameters) . ')\(.*\)!', '$1(*** sensitive parameters replaced ***)', $exception['Trace']); $data['Trace'] = preg_replace('!(' . implode('|', $this->methodsWithSensitiveParameters) . ')\(.*\)!', '$1(*** sensitive parameters replaced ***)', $data['Trace']);
$msg = isset($context['message']) ? $context['message'] : 'Exception'; $msg = isset($context['message']) ? $context['message'] : 'Exception';
$msg .= ': ' . json_encode($exception); $msg .= ': ' . json_encode($data);
$this->error($msg, $context); $this->log($level, $msg, $context);
} }
/** /**