diff options
| author | Matthieu Napoli <matthieu@mnapoli.fr> | 2015-03-02 00:11:33 +0300 |
|---|---|---|
| committer | Matthieu Napoli <matthieu@mnapoli.fr> | 2015-03-02 00:11:50 +0300 |
| commit | 10bc3c86e959b6b3f11bf39e8367a2ff230b917e (patch) | |
| tree | a1dea6878b6fc249cd6e41750519cef7681aed60 /plugins/Monolog | |
| parent | 063f8c321fa4e76d156afc637cd0d8640dcffa62 (diff) | |
#7301 Removes any token_auth that might be logged.
Diffstat (limited to 'plugins/Monolog')
| -rw-r--r-- | plugins/Monolog/Processor/TokenProcessor.php | 24 | ||||
| -rw-r--r-- | plugins/Monolog/Test/Integration/LogTest.php | 12 | ||||
| -rw-r--r-- | plugins/Monolog/Test/Unit/Processor/TokenProcessorTest.php | 60 | ||||
| -rw-r--r-- | plugins/Monolog/config/config.php | 1 |
4 files changed, 97 insertions, 0 deletions
diff --git a/plugins/Monolog/Processor/TokenProcessor.php b/plugins/Monolog/Processor/TokenProcessor.php new file mode 100644 index 0000000000..0fd54892fc --- /dev/null +++ b/plugins/Monolog/Processor/TokenProcessor.php @@ -0,0 +1,24 @@ +<?php +/** + * Piwik - free/libre analytics platform + * + * @link http://piwik.org + * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later + */ + +namespace Piwik\Plugins\Monolog\Processor; + +/** + * Removes any token_auth that might appear in the logs. + * + * Ideally the token_auth should never be logged, but... + */ +class TokenProcessor +{ + public function __invoke(array $record) + { + $record['message'] = preg_replace('/token_auth=[0-9a-h]+/', 'token_auth=removed', $record['message']); + + return $record; + } +} diff --git a/plugins/Monolog/Test/Integration/LogTest.php b/plugins/Monolog/Test/Integration/LogTest.php index c21a2f82f5..cf0448a6e8 100644 --- a/plugins/Monolog/Test/Integration/LogTest.php +++ b/plugins/Monolog/Test/Integration/LogTest.php @@ -161,6 +161,18 @@ class LogTest extends IntegrationTestCase } /** + * @dataProvider getBackendsToTest + */ + public function testTokenAuthIsRemoved($backend) + { + Config::getInstance()->log['log_writers'] = array($backend); + + Log::error('token_auth=9b1cefc915ff6180071fb7dcd13ec5a4'); + + $this->checkBackend($backend, 'token_auth=removed', $formatMessage = true, $tag = 'Monolog'); + } + + /** * The database logs requests at DEBUG level, so we check that there is no recursive * loop (logger insert in databases, which logs the query, ...) * @link https://github.com/piwik/piwik/issues/7017 diff --git a/plugins/Monolog/Test/Unit/Processor/TokenProcessorTest.php b/plugins/Monolog/Test/Unit/Processor/TokenProcessorTest.php new file mode 100644 index 0000000000..574aaa64cb --- /dev/null +++ b/plugins/Monolog/Test/Unit/Processor/TokenProcessorTest.php @@ -0,0 +1,60 @@ +<?php +/** + * Piwik - free/libre analytics platform + * + * @link http://piwik.org + * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later + */ + +namespace Piwik\Plugins\Monolog\Test\Unit\Processor; + +use Piwik\Plugins\Monolog\Processor\TokenProcessor; + +/** + * @group Log + * @covers \Piwik\Plugins\Monolog\Processor\TokenProcessor + */ +class TokenProcessorTest extends \PHPUnit_Framework_TestCase +{ + /** + * @test + */ + public function it_should_remove_token() + { + $result = $this->process(array( + 'message' => '&token_auth=9b1cefc915ff6180071fb7dcd13ec5a4&trigger=archivephp', + )); + + $this->assertEquals('&token_auth=removed&trigger=archivephp', $result['message']); + } + + /** + * @test + */ + public function it_should_remove_multiple_tokens() + { + $result = $this->process(array( + 'message' => 'First token_auth=9b1cefc915ff6180071fb7dcd13ec5a4 and second token_auth=abec834efc915ff61801fb7dcd13ec', + )); + + $this->assertEquals('First token_auth=removed and second token_auth=removed', $result['message']); + } + + /** + * @test + */ + public function it_should_not_affect_other_strings() + { + $result = $this->process(array( + 'message' => 'Please check your token_auth.', + )); + + $this->assertEquals('Please check your token_auth.', $result['message']); + } + + private function process($record) + { + $processor = new TokenProcessor(); + return $processor($record); + } +} diff --git a/plugins/Monolog/config/config.php b/plugins/Monolog/config/config.php index 02aff13313..b95a143c97 100644 --- a/plugins/Monolog/config/config.php +++ b/plugins/Monolog/config/config.php @@ -36,6 +36,7 @@ return array( DI\link('Piwik\Plugins\Monolog\Processor\ExceptionToTextProcessor'), DI\link('Piwik\Plugins\Monolog\Processor\SprintfProcessor'), DI\link('Monolog\Processor\PsrLogMessageProcessor'), + DI\link('Piwik\Plugins\Monolog\Processor\TokenProcessor'), ), 'Piwik\Plugins\Monolog\Handler\FileHandler' => DI\object() |