Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for masking sensitive debug data #4550

Merged
merged 10 commits into from
Apr 16, 2021
Merged

Support for masking sensitive debug data #4550

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
92f54eb
Support for masking sensitive debug data
Isti369 Apr 10, 2021
2fd8d66
Make sure the property is accessible
Isti369 Apr 10, 2021
02891b7
PHP 7.3+ support
Isti369 Apr 11, 2021
b029a8a
Formatting, to conform the coding style
Isti369 Apr 11, 2021
806f4c9
Update formatting system/Debug/Exceptions.php
pixobit Apr 11, 2021
00c783d
Added type definition
Isti369 Apr 12, 2021
4ee7349
Merge branch 'develop' of https://github.com/pixobit/CodeIgniter4 int…
Isti369 Apr 12, 2021
a1ed192
Apply suggestions from code review
paulbalandan Apr 12, 2021
f664990
Fix trailing whitespaces.
paulbalandan Apr 12, 2021
d56d1b7
Update Exceptions.php
paulbalandan Apr 12, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions app/Config/Exceptions.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,4 +45,16 @@ class Exceptions extends BaseConfig
* @var string
*/
public $errorViewPath = APPPATH . 'Views/errors';

/**
* --------------------------------------------------------------------------
* HIDE FROM DEBUG TRACE
* --------------------------------------------------------------------------
* Any data that you would like to hide from the debug trace.
* In order to specify 2 levels, use "/" to separate.
* ex. ['server', 'setup/password', 'secret_token']
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is 'server' in the example? What is level ?
What does this feature hide?
Does this feature really work?

*
* @var array
*/
public $sensitiveDataInTrace = [];
}
49 changes: 48 additions & 1 deletion system/Debug/Exceptions.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -293,17 +293,64 @@ protected function render(Throwable $exception, int $statusCode)
*/
protected function collectVars(Throwable $exception, int $statusCode): array
{
$trace = $exception->getTrace();
if (! empty($this->config->sensitiveDataInTrace))
{
$this->maskSensitiveData($trace, $this->config->sensitiveDataInTrace);
}

return [
'title' => get_class($exception),
'type' => get_class($exception),
'code' => $statusCode,
'message' => $exception->getMessage() ?? '(null)',
'file' => $exception->getFile(),
'line' => $exception->getLine(),
'trace' => $exception->getTrace(),
'trace' => $trace,
];
}

/**
* Mask sensitive data in the trace.
*
* @param array|object $trace
* @param array $keysToMask
* @param string $path
*/
protected function maskSensitiveData(&$trace, array $keysToMask, string $path = '')
{
foreach ($keysToMask as $keyToMask)
{
$explode = explode('/', $keyToMask);
$index = end($explode);

if (strpos(strrev($path . '/' . $index), strrev($keyToMask)) === 0)
{
if (is_array($trace) && array_key_exists($index, $trace))
{
$trace[$index] = '******************';
}
elseif (is_object($trace) && property_exists($trace, $index) && isset($trace->$index))
{
$trace->$index = '******************';
}
}
}

if (! is_iterable($trace) && is_object($trace))
{
$trace = get_object_vars($trace);
}

if (is_iterable($trace))
{
foreach ($trace as $pathKey => $subarray)
{
$this->maskSensitiveData($subarray, $keysToMask, $path . '/' . $pathKey);
}
}
}

/**
* Determines the HTTP status code and the exit status code for this request.
*
Expand Down