From 92f54eb58e6b12f3082e1d6a872f5672b2610a23 Mon Sep 17 00:00:00 2001 From: Szabo Istvan Date: Sat, 10 Apr 2021 22:33:21 +0300 Subject: [PATCH 1/9] Support for masking sensitive debug data Sometimes we want to hide sensitive information from the debug trace, even if it's only for the development environment. This makes it possible. --- app/Config/Exceptions.php | 12 ++++++++++++ system/Debug/Exceptions.php | 39 ++++++++++++++++++++++++++++++++++++- 2 files changed, 50 insertions(+), 1 deletion(-) diff --git a/app/Config/Exceptions.php b/app/Config/Exceptions.php index c6c5a83f9d1c..01192f1ae983 100644 --- a/app/Config/Exceptions.php +++ b/app/Config/Exceptions.php @@ -45,4 +45,16 @@ class Exceptions extends BaseConfig * @var string */ public $errorViewPath = APPPATH . 'Views/errors'; + + /** + * -------------------------------------------------------------------------- + * HIDE FROM DEBUG TRACE + * -------------------------------------------------------------------------- + * Any data that you would like to hide from the debug trace. + * In order to specify 2 levels, use "/" to separate. + * ex. ['server', 'setup/password', 'secret_token'] + * + * @var array + */ + public $sensitiveDataInTrace = []; } diff --git a/system/Debug/Exceptions.php b/system/Debug/Exceptions.php index e4b2514f0f0c..44af4bef220e 100644 --- a/system/Debug/Exceptions.php +++ b/system/Debug/Exceptions.php @@ -293,6 +293,11 @@ protected function render(Throwable $exception, int $statusCode) */ protected function collectVars(Throwable $exception, int $statusCode): array { + $trace = $exception->getTrace(); + if(!empty($this->config->sensitiveDataInTrace)) { + $this->maskSensitiveData($trace, $this->config->sensitiveDataInTrace); + } + return [ 'title' => get_class($exception), 'type' => get_class($exception), @@ -300,9 +305,41 @@ protected function collectVars(Throwable $exception, int $statusCode): array 'message' => $exception->getMessage() ?? '(null)', 'file' => $exception->getFile(), 'line' => $exception->getLine(), - 'trace' => $exception->getTrace(), + 'trace' => $trace, ]; } + + /** + * Mask sensitive data in the trace. + * + * @param array $trace + * @param array $keysToMask + * @param string $path + */ + protected function maskSensitiveData(&$trace, $keysToMask, $path = '') + { + foreach($keysToMask as $keyToMask) { + $explode = explode('/', $keyToMask); + $idx = end($explode); + if(str_ends_with($path . '/' . $idx, $keyToMask)) { + if (is_array($trace) && array_key_exists($idx, $trace)) { + $trace[$idx] = '******************'; + } else if (is_object($trace) && property_exists($trace, $idx)) { + $trace->$idx = '******************'; + } + } + } + + if(!is_iterable($trace) && is_object($trace)) { + $trace = get_object_vars($trace); + } + + if(is_iterable($trace)) { + foreach ($trace as $pathKey => $subarray) { + $this->maskSensitiveData($subarray, $keysToMask, $path . '/' . $pathKey); + } + } + } /** * Determines the HTTP status code and the exit status code for this request. From 2fd8d6636cf60ddd6dba1c8f3aa23386723ff432 Mon Sep 17 00:00:00 2001 From: Szabo Istvan Date: Sun, 11 Apr 2021 01:57:10 +0300 Subject: [PATCH 2/9] Make sure the property is accessible --- system/Debug/Exceptions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/Debug/Exceptions.php b/system/Debug/Exceptions.php index 44af4bef220e..5948df779dc9 100644 --- a/system/Debug/Exceptions.php +++ b/system/Debug/Exceptions.php @@ -324,7 +324,7 @@ protected function maskSensitiveData(&$trace, $keysToMask, $path = '') if(str_ends_with($path . '/' . $idx, $keyToMask)) { if (is_array($trace) && array_key_exists($idx, $trace)) { $trace[$idx] = '******************'; - } else if (is_object($trace) && property_exists($trace, $idx)) { + } else if (is_object($trace) && property_exists($trace, $idx) && isset($trace->$idx)) { $trace->$idx = '******************'; } } From 02891b7a6b39805641bba860374598fb54cf2569 Mon Sep 17 00:00:00 2001 From: Szabo Istvan Date: Sun, 11 Apr 2021 12:12:58 +0300 Subject: [PATCH 3/9] PHP 7.3+ support --- system/Debug/Exceptions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/Debug/Exceptions.php b/system/Debug/Exceptions.php index 5948df779dc9..688f50af4836 100644 --- a/system/Debug/Exceptions.php +++ b/system/Debug/Exceptions.php @@ -321,7 +321,7 @@ protected function maskSensitiveData(&$trace, $keysToMask, $path = '') foreach($keysToMask as $keyToMask) { $explode = explode('/', $keyToMask); $idx = end($explode); - if(str_ends_with($path . '/' . $idx, $keyToMask)) { + if((strpos(strrev($path . '/' . $idx), strrev($keyToMask)) === 0)) { if (is_array($trace) && array_key_exists($idx, $trace)) { $trace[$idx] = '******************'; } else if (is_object($trace) && property_exists($trace, $idx) && isset($trace->$idx)) { From b029a8a49f2edc62cf72007d97c31611cd044cff Mon Sep 17 00:00:00 2001 From: Szabo Istvan Date: Sun, 11 Apr 2021 12:24:47 +0300 Subject: [PATCH 4/9] Formatting, to conform the coding style --- system/Debug/Exceptions.php | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/system/Debug/Exceptions.php b/system/Debug/Exceptions.php index 688f50af4836..f6493fbf3e53 100644 --- a/system/Debug/Exceptions.php +++ b/system/Debug/Exceptions.php @@ -318,24 +318,32 @@ protected function collectVars(Throwable $exception, int $statusCode): array */ protected function maskSensitiveData(&$trace, $keysToMask, $path = '') { - foreach($keysToMask as $keyToMask) { + foreach($keysToMask as $keyToMask) + { $explode = explode('/', $keyToMask); $idx = end($explode); - if((strpos(strrev($path . '/' . $idx), strrev($keyToMask)) === 0)) { - if (is_array($trace) && array_key_exists($idx, $trace)) { + if((strpos(strrev($path . '/' . $idx), strrev($keyToMask)) === 0)) + { + if (is_array($trace) && array_key_exists($idx, $trace)) + { $trace[$idx] = '******************'; - } else if (is_object($trace) && property_exists($trace, $idx) && isset($trace->$idx)) { + } + else if (is_object($trace) && property_exists($trace, $idx) && isset($trace->$idx)) + { $trace->$idx = '******************'; } } } - if(!is_iterable($trace) && is_object($trace)) { + if(!is_iterable($trace) && is_object($trace)) + { $trace = get_object_vars($trace); } - if(is_iterable($trace)) { - foreach ($trace as $pathKey => $subarray) { + if(is_iterable($trace)) + { + foreach ($trace as $pathKey => $subarray) + { $this->maskSensitiveData($subarray, $keysToMask, $path . '/' . $pathKey); } } From 806f4c94e6308405409dba2e31327587bd0c1407 Mon Sep 17 00:00:00 2001 From: Pixobit Solutions Date: Sun, 11 Apr 2021 13:32:48 +0300 Subject: [PATCH 5/9] Update formatting system/Debug/Exceptions.php Co-authored-by: John Paul E. Balandan, CPA <51850998+paulbalandan@users.noreply.github.com> --- system/Debug/Exceptions.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/system/Debug/Exceptions.php b/system/Debug/Exceptions.php index f6493fbf3e53..91cfd04bbf86 100644 --- a/system/Debug/Exceptions.php +++ b/system/Debug/Exceptions.php @@ -294,7 +294,9 @@ protected function render(Throwable $exception, int $statusCode) protected function collectVars(Throwable $exception, int $statusCode): array { $trace = $exception->getTrace(); - if(!empty($this->config->sensitiveDataInTrace)) { + + if (! empty($this->config->sensitiveDataInTrace)) + { $this->maskSensitiveData($trace, $this->config->sensitiveDataInTrace); } From 00c783dc72c67a043c94a0fcb2b5b64b9c45bea7 Mon Sep 17 00:00:00 2001 From: Szabo Istvan Date: Mon, 12 Apr 2021 05:58:19 +0300 Subject: [PATCH 6/9] Added type definition --- system/Debug/Exceptions.php | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/system/Debug/Exceptions.php b/system/Debug/Exceptions.php index f6493fbf3e53..9dc03ef34d67 100644 --- a/system/Debug/Exceptions.php +++ b/system/Debug/Exceptions.php @@ -294,7 +294,8 @@ protected function render(Throwable $exception, int $statusCode) protected function collectVars(Throwable $exception, int $statusCode): array { $trace = $exception->getTrace(); - if(!empty($this->config->sensitiveDataInTrace)) { + if(!empty($this->config->sensitiveDataInTrace)) + { $this->maskSensitiveData($trace, $this->config->sensitiveDataInTrace); } @@ -312,11 +313,11 @@ protected function collectVars(Throwable $exception, int $statusCode): array /** * Mask sensitive data in the trace. * - * @param array $trace - * @param array $keysToMask - * @param string $path + * @param array|object $trace + * @param array $keysToMask + * @param string $path */ - protected function maskSensitiveData(&$trace, $keysToMask, $path = '') + protected function maskSensitiveData(&$trace, array $keysToMask, string $path = '') { foreach($keysToMask as $keyToMask) { From a1ed192b5683d64d5967b9b783741a90275ad7fd Mon Sep 17 00:00:00 2001 From: "John Paul E. Balandan, CPA" <51850998+paulbalandan@users.noreply.github.com> Date: Mon, 12 Apr 2021 11:20:48 +0800 Subject: [PATCH 7/9] Apply suggestions from code review --- system/Debug/Exceptions.php | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/system/Debug/Exceptions.php b/system/Debug/Exceptions.php index 60791ec55eae..a7308c32d2ae 100644 --- a/system/Debug/Exceptions.php +++ b/system/Debug/Exceptions.php @@ -319,29 +319,30 @@ protected function collectVars(Throwable $exception, int $statusCode): array */ protected function maskSensitiveData(&$trace, array $keysToMask, string $path = '') { - foreach($keysToMask as $keyToMask) + foreach ($keysToMask as $keyToMask) { $explode = explode('/', $keyToMask); - $idx = end($explode); - if((strpos(strrev($path . '/' . $idx), strrev($keyToMask)) === 0)) + $index = end($explode); + + if (strpos(strrev($path . '/' . $index), strrev($keyToMask)) === 0) { - if (is_array($trace) && array_key_exists($idx, $trace)) + if (is_array($trace) && array_key_exists($index, $trace)) { - $trace[$idx] = '******************'; + $trace[$index] = '******************'; } - else if (is_object($trace) && property_exists($trace, $idx) && isset($trace->$idx)) + elseif (is_object($trace) && property_exists($trace, $index) && isset($trace->$index)) { - $trace->$idx = '******************'; + $trace->$index = '******************'; } } } - if(!is_iterable($trace) && is_object($trace)) + if (! is_iterable($trace) && is_object($trace)) { $trace = get_object_vars($trace); } - if(is_iterable($trace)) + if (is_iterable($trace)) { foreach ($trace as $pathKey => $subarray) { From f664990b1025779c3ef465396e4746733c111d8b Mon Sep 17 00:00:00 2001 From: "John Paul E. Balandan, CPA" <51850998+paulbalandan@users.noreply.github.com> Date: Tue, 13 Apr 2021 00:42:20 +0800 Subject: [PATCH 8/9] Fix trailing whitespaces. --- system/Debug/Exceptions.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/system/Debug/Exceptions.php b/system/Debug/Exceptions.php index a7308c32d2ae..57f78399523e 100644 --- a/system/Debug/Exceptions.php +++ b/system/Debug/Exceptions.php @@ -298,7 +298,7 @@ protected function collectVars(Throwable $exception, int $statusCode): array { $this->maskSensitiveData($trace, $this->config->sensitiveDataInTrace); } - + return [ 'title' => get_class($exception), 'type' => get_class($exception), @@ -336,12 +336,12 @@ protected function maskSensitiveData(&$trace, array $keysToMask, string $path = } } } - + if (! is_iterable($trace) && is_object($trace)) { $trace = get_object_vars($trace); } - + if (is_iterable($trace)) { foreach ($trace as $pathKey => $subarray) From d56d1b7e6950649aa136d105f2148801f17f0b22 Mon Sep 17 00:00:00 2001 From: "John Paul E. Balandan, CPA" <51850998+paulbalandan@users.noreply.github.com> Date: Tue, 13 Apr 2021 01:20:50 +0800 Subject: [PATCH 9/9] Update Exceptions.php --- system/Debug/Exceptions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/Debug/Exceptions.php b/system/Debug/Exceptions.php index 57f78399523e..18e30b21f05f 100644 --- a/system/Debug/Exceptions.php +++ b/system/Debug/Exceptions.php @@ -309,7 +309,7 @@ protected function collectVars(Throwable $exception, int $statusCode): array 'trace' => $trace, ]; } - + /** * Mask sensitive data in the trace. *