From 7d282a4e88f498db4eef97708964606be0c3cd13 Mon Sep 17 00:00:00 2001
From: Roeland Jago Douma <roeland@famdouma.nl>
Date: Tue, 29 Dec 2020 10:50:53 +0100
Subject: [PATCH] Avoid huge exception argument logging

In some cases it might happen that you have an argument that deep down
somewhere has an array with a lot of entries (think thousands). Now
before we would just happily print them all. Which would fill the log.

Now it will just print the first 5. And add a line that there are N
more.

If you are on debug level we will still print them all.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
---
 lib/private/Log.php                     |  2 +-
 lib/private/Log/ExceptionSerializer.php | 26 +++++++++++++++++++++----
 2 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/lib/private/Log.php b/lib/private/Log.php
index 2048d60a53..337160d2be 100644
--- a/lib/private/Log.php
+++ b/lib/private/Log.php
@@ -315,7 +315,7 @@ class Log implements ILogger, IDataLogger {
 		$app = $context['app'] ?? 'no app in context';
 		$level = $context['level'] ?? ILogger::ERROR;
 
-		$serializer = new ExceptionSerializer();
+		$serializer = new ExceptionSerializer($this->config);
 		$data = $serializer->serializeException($exception);
 		$data['CustomMessage'] = $context['message'] ?? '--';
 
diff --git a/lib/private/Log/ExceptionSerializer.php b/lib/private/Log/ExceptionSerializer.php
index 587d6ff37d..5a3dd3c2ba 100644
--- a/lib/private/Log/ExceptionSerializer.php
+++ b/lib/private/Log/ExceptionSerializer.php
@@ -32,6 +32,7 @@ use OC\Core\Controller\SetupController;
 use OC\HintException;
 use OC\Security\IdentityProof\Key;
 use OC\Setup;
+use OC\SystemConfig;
 
 class ExceptionSerializer {
 	public const methodsWithSensitiveParameters = [
@@ -88,6 +89,13 @@ class ExceptionSerializer {
 		'update',
 	];
 
+	/** @var SystemConfig */
+	private $systemConfig;
+
+	public function __construct(SystemConfig $systemConfig) {
+		$this->systemConfig = $systemConfig;
+	}
+
 	public const methodsWithSensitiveParametersByClass = [
 		SetupController::class => [
 			'run',
@@ -159,11 +167,21 @@ class ExceptionSerializer {
 			$data = get_object_vars($arg);
 			$data['__class__'] = get_class($arg);
 			return array_map([$this, 'encodeArg'], $data);
-		} elseif (is_array($arg)) {
-			return array_map([$this, 'encodeArg'], $arg);
-		} else {
-			return $arg;
 		}
+
+		if (is_array($arg)) {
+			// Only log the first 5 elements of an array unless we are on debug
+			if ((int)$this->systemConfig->getValue('loglevel', 2) !== 0) {
+				$elemCount = count($arg);
+				if ($elemCount > 5) {
+					$arg = array_slice($arg, 0, 5);
+					$arg[] = 'And ' . ($elemCount - 5) . ' more entries, set log level to debug to see all entries';
+				}
+			}
+			return array_map([$this, 'encodeArg'], $arg);
+		}
+
+		return $arg;
 	}
 
 	public function serializeException(\Throwable $exception) {