Merge pull request #7672 from nextcloud/backport/6977/log-censor

[stable12] Added additional methods for removal of sensitive info

lib/private/Log.php

@@ -69,6 +69,8 @@ class Log implements ILogger {
 		'loginWithPassword',
 		'updatePrivateKeyPassword',
 		'validateUserPass',
+		'loginWithToken',
+		'\{closure\}',
 
 		// TokenProvider
 		'getToken',
@@ -96,6 +98,10 @@ class Log implements ILogger {
 		'bind',
 		'areCredentialsValid',
 		'invokeLDAPMethod',
+
+		// Encryption
+		'storeKeyPair',
+		'setupUser',
 	];
 
 	/**

tests/lib/LoggerTest.php

@@ -138,6 +138,32 @@ class LoggerTest extends TestCase {
 		}
 	}
 
+	/**
+	 * @dataProvider userAndPasswordData
+	 */
+	public function testDetectclosure($user, $password) {
+		$a = function($user, $password) {
+			throw new \Exception('test');
+		};
+
+		try {
+			$a($user, $password);
+		} catch (\Exception $e) {
+			$this->logger->logException($e);
+		}
+		$logLines = $this->getLogs();
+
+		foreach($logLines as $logLine) {
+			$log = explode('\n', $logLine);
+			unset($log[1]); // Remove `testDetectclosure(` because we are not testing this here, but the closure on stack trace 0
+			$logLine = implode('\n', $log);
+
+			$this->assertNotContains($user, $logLine);
+			$this->assertNotContains($password, $logLine);
+			$this->assertContains('{closure}(*** sensitive parameters replaced ***)', $logLine);
+		}
+	}
+
 	public function dataGetLogClass() {
 		return [
 			['file', \OC\Log\File::class],