View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
343Exception_DefaultHandlerAllpublic1 Apr 2010 09:5127 Feb 2012 21:29
Reportertimj Assigned Totimj  
PrioritynormalSeverityfeatureReproducibilityN/A
Status closedResolutionfixed 
Product Version0.8.0 
Target Version0.8.2Fixed in Version0.8.2 
Summary343: Add a way to hide/redact certain parameters or data
DescriptionSometimes backtraces can contain sensitive data e.g. passwords
It would be good to have a way to hide/redact these.
Two possible ways are:
- blacklist array values by key name (e.g. any array element with a key containing 'password' is redacted)
- blacklist specific contents of parameters (e.g. an app could tell Exception_DefaultHandler that if it finds the value "secretpassword" anywhere in the backtrace, hide it)
TagsNo tags attached.
Attached Files
Exception_DefaultHandler.bug343.patch (3,624 bytes)    
Index: DefaultHandler.php
===================================================================
--- DefaultHandler.php	(revision 49242)
+++ DefaultHandler.php	(working copy)
@@ -80,7 +80,12 @@
 	
 	protected static $output_type = null;
 
+	const REDACT_REPLACEMENT = '*********';
 
+	protected static $redact_keys = array();
+	
+	protected static $redact_values = array();
+
 	const OUTPUTFORMAT_HTML = 'html';
 	const OUTPUTFORMAT_TEXT = 'text';
 
@@ -378,6 +383,9 @@
 						$output_array = array();
 						foreach ($arg as $key => $val)
 						{
+							if (in_array($key, self::$redact_keys)) {
+								$val = self::REDACT_REPLACEMENT;
+							}
 							if (is_scalar($val)) {
 								$output_array[] = "'$key' => '$val'";
 							} else {
@@ -394,6 +402,11 @@
 			}
 			$level++;
 		}
+		
+		if (count(self::$redact_values)>0) {
+			$output = str_replace(self::$redact_values, self::REDACT_REPLACEMENT, $output);
+		}
+		
 		return $output;
 	}
 	
@@ -403,16 +416,20 @@
 		$error  = 'Date/Time:          ' . date("D j M Y H:i:s (T)")."\n";
 		
 		if (isset($_SERVER['HTTP_HOST'])) {
+
+			$request_url = $_SERVER['REQUEST_URI'];
+			if (count(self::$redact_keys)>0) {
+				$request_url = preg_replace('@([\?&](?:' . implode('|', array_map('preg_quote', self::$redact_keys)) . ')=)([^\?&]*)@', '$1' . self::REDACT_REPLACEMENT, $request_url);
+			}
+			
 			// Some environments (e.g. FastCGI with mod_fcgid) send the complete
 			// URL including scheme in the REQUEST_URI variable
-			if (preg_match('|^[a-z]+://|i', $_SERVER['REQUEST_URI'])) {
-				$request_url = $_SERVER['REQUEST_URI'];
-			} else {
+			if (!preg_match('|^[a-z]+://|i', $request_url)) {
 				$scheme = 'http';
 				if (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == '1' || $_SERVER['HTTPS'] == 'on')) {
 					$scheme = 'https';
 				}
-				$request_url = $scheme . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
+				$request_url = $scheme . '://' . $_SERVER['HTTP_HOST'] . $request_url;
 			}
 			$error .= 'Request URL:        ' . $request_url ."\n";
 			if (isset($_SERVER['REMOTE_HOST']) && !empty($_SERVER['REMOTE_HOST'])) {
@@ -453,6 +470,9 @@
 			if (count($_POST) > 0) {
 				$error .= "HTTP POST variables:\n";
 				foreach ($_POST as $variable => $value) {
+					if (in_array($variable, self::$redact_keys)) {
+						$value = self::REDACT_REPLACEMENT;
+					}
 					// TODO: Iterate this properly for arrays with >2 dimensions...
 					if (is_array($value)) {
 						foreach($value as $array_key => $array_value) {
@@ -476,11 +496,18 @@
 			if (isset($GLOBALS['argv'])) {
 				$error .= "CLI arguments (argv):\n";
 				foreach ($GLOBALS['argv'] as $key => $val) {
+					if (in_array($key, self::$redact_keys)) {
+						$val = self::REDACT_REPLACEMENT;
+					}
 					$error .= "$key => $val\n";
 				}
 			}
 		}
 		
+		if (count(self::$redact_values)>0) {
+			$error = str_replace(self::$redact_values, self::REDACT_REPLACEMENT, $error);
+		}
+		
 		return $error;
 	}
 	
@@ -692,5 +719,27 @@
 		
 		return false;
 	}
-
+	
+	/**
+	 * Add a key which will be redacted in the case there is an error, all associative 
+	 * arrays will be checked  for the key and the value will be redacted
+	 *
+	 * @param string $key - The key to redact
+	 */
+	public function addKeyToRedact($key)
+	{
+		self::$redact_keys[] = $key;
+	}
+	
+	/**
+	 * Add a value which will be redacted in the case there is an error
+	 *
+	 * Example usecase hide a password when an error occurs during a login
+	 *
+	 * @param string $value - The value to redact
+	 */
+	public function addValueToRedact($value)
+	{
+		self::$redact_values[] = $value;
+	}
 }
Exception_DefaultHandler.bug343.patch (3,624 bytes)   

Activities

timj

19 Oct 2011 17:51

administrator   ~395

Fixed in SVN r2243

Issue History

Date Modified Username Field Change
1 Apr 2010 09:51 timj New Issue
30 Sep 2011 10:45 mrosenquist File Added: Exception_DefaultHandler.bug343.patch
14 Oct 2011 20:47 timj Category => All
19 Oct 2011 17:51 timj Note Added: 395
19 Oct 2011 17:51 timj Assigned To => timj
19 Oct 2011 17:51 timj Status new => assigned
19 Oct 2011 17:51 timj Fixed in Version => 0.8.2
19 Oct 2011 17:51 timj Target Version => 0.8.2
19 Oct 2011 17:51 timj Status assigned => resolved
19 Oct 2011 17:51 timj Resolution open => fixed
27 Feb 2012 21:29 timj Status resolved => closed