-
-
Notifications
You must be signed in to change notification settings - Fork 449
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #406 from ste93cry/feature-no-post-data-processor
Add processors to remove POST data and cookies - fixes #405
- Loading branch information
Showing
11 changed files
with
488 additions
and
186 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,34 +1,45 @@ | ||
<?php | ||
|
||
/** | ||
* Base class for data processing. | ||
* | ||
* @package raven | ||
*/ | ||
abstract class Raven_Processor | ||
{ | ||
/** | ||
* This constant defines the mask string used to strip sensitive informations. | ||
*/ | ||
const STRING_MASK = '********'; | ||
|
||
/** | ||
* @var Raven_Client The Raven client | ||
*/ | ||
protected $client; | ||
|
||
/** | ||
* Raven_Processor constructor. | ||
* Class constructor. | ||
* | ||
* @param Raven_Client $client | ||
* @codeCoverageIgnore | ||
* @param Raven_Client $client The Raven client | ||
*/ | ||
public function __construct(Raven_Client $client) | ||
{ | ||
$this->client = $client; | ||
} | ||
|
||
/** | ||
* Process and sanitize data, modifying the existing value if necessary. | ||
* Override the default processor options | ||
* | ||
* @param array $data Array of log data | ||
* @param array $options Associative array of processor options | ||
*/ | ||
abstract public function process(&$data); | ||
public function setProcessorOptions(array $options) | ||
{ | ||
} | ||
|
||
/** | ||
* Override the default processor options | ||
* Process and sanitize data, modifying the existing value if necessary. | ||
* | ||
* @param array $options Associative array of processor options | ||
* @param array $data Array of log data | ||
*/ | ||
abstract public function setProcessorOptions(array $options); | ||
abstract public function process(&$data); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of Raven. | ||
* | ||
* (c) Sentry Team | ||
* | ||
* For the full copyright and license information, please view the LICENSE | ||
* file that was distributed with this source code. | ||
*/ | ||
|
||
/** | ||
* This processor removes all the cookies from the request to ensure no sensitive | ||
* informations are sent to the server. | ||
* | ||
* @author Stefano Arlandini <[email protected]> | ||
*/ | ||
final class Raven_Processor_RemoveCookiesProcessor extends Raven_Processor | ||
{ | ||
/** | ||
* {@inheritdoc} | ||
*/ | ||
public function process(&$data) | ||
{ | ||
if (isset($data['request'])) { | ||
if (isset($data['request']['cookies'])) { | ||
$data['request']['cookies'] = self::STRING_MASK; | ||
} | ||
|
||
if (isset($data['request']['headers']) && isset($data['request']['headers']['Cookie'])) { | ||
$data['request']['headers']['Cookie'] = self::STRING_MASK; | ||
} | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of Raven. | ||
* | ||
* (c) Sentry Team | ||
* | ||
* For the full copyright and license information, please view the LICENSE | ||
* file that was distributed with this source code. | ||
*/ | ||
|
||
/** | ||
* This processor removes all the data of the HTTP body to ensure no sensitive | ||
* informations are sent to the server in case the request method is POST, PUT, | ||
* PATCH or DELETE. | ||
* | ||
* @author Stefano Arlandini <[email protected]> | ||
*/ | ||
final class Raven_Processor_RemoveHttpBodyProcessor extends Raven_Processor | ||
{ | ||
/** | ||
* {@inheritdoc} | ||
*/ | ||
public function process(&$data) | ||
{ | ||
if (isset($data['request'], $data['request']['method']) && in_array(strtoupper($data['request']['method']), array('POST', 'PUT', 'PATCH', 'DELETE'))) { | ||
$data['request']['data'] = self::STRING_MASK; | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,160 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of Raven. | ||
* | ||
* (c) Sentry Team | ||
* | ||
* For the full copyright and license information, please view the LICENSE | ||
* file that was distributed with this source code. | ||
*/ | ||
|
||
/** | ||
* Asterisk out passwords from password fields in frames, http, | ||
* and basic extra data. | ||
* | ||
* @package raven | ||
*/ | ||
class Raven_Processor_SanitizeDataProcessor extends Raven_Processor | ||
{ | ||
const MASK = self::STRING_MASK; | ||
const FIELDS_RE = '/(authorization|password|passwd|secret|password_confirmation|card_number|auth_pw)/i'; | ||
const VALUES_RE = '/^(?:\d[ -]*?){13,16}$/'; | ||
|
||
protected $fields_re; | ||
protected $values_re; | ||
protected $session_cookie_name; | ||
|
||
/** | ||
* {@inheritdoc} | ||
*/ | ||
public function __construct(Raven_Client $client) | ||
{ | ||
parent::__construct($client); | ||
|
||
$this->fields_re = self::FIELDS_RE; | ||
$this->values_re = self::VALUES_RE; | ||
$this->session_cookie_name = ini_get('session.name'); | ||
} | ||
|
||
/** | ||
* {@inheritdoc} | ||
*/ | ||
public function setProcessorOptions(array $options) | ||
{ | ||
if (isset($options['fields_re'])) { | ||
$this->fields_re = $options['fields_re']; | ||
} | ||
|
||
if (isset($options['values_re'])) { | ||
$this->values_re = $options['values_re']; | ||
} | ||
} | ||
|
||
/** | ||
* Replace any array values with our mask if the field name or the value matches a respective regex | ||
* | ||
* @param mixed $item Associative array value | ||
* @param string $key Associative array key | ||
*/ | ||
public function sanitize(&$item, $key) | ||
{ | ||
if (empty($item)) { | ||
return; | ||
} | ||
|
||
if (preg_match($this->values_re, $item)) { | ||
$item = self::STRING_MASK; | ||
} | ||
|
||
if (empty($key)) { | ||
return; | ||
} | ||
|
||
if (preg_match($this->fields_re, $key)) { | ||
$item = self::STRING_MASK; | ||
} | ||
} | ||
|
||
public function sanitizeException(&$data) | ||
{ | ||
foreach ($data['exception']['values'] as &$value) { | ||
return $this->sanitizeStacktrace($value['stacktrace']); | ||
} | ||
} | ||
|
||
public function sanitizeHttp(&$data) | ||
{ | ||
$http = &$data['request']; | ||
if (!empty($http['cookies']) && is_array($http['cookies'])) { | ||
$cookies = &$http['cookies']; | ||
if (!empty($cookies[$this->session_cookie_name])) { | ||
$cookies[$this->session_cookie_name] = self::STRING_MASK; | ||
} | ||
} | ||
if (!empty($http['data']) && is_array($http['data'])) { | ||
array_walk_recursive($http['data'], array($this, 'sanitize')); | ||
} | ||
} | ||
|
||
public function sanitizeStacktrace(&$data) | ||
{ | ||
foreach ($data['frames'] as &$frame) { | ||
if (empty($frame['vars'])) { | ||
continue; | ||
} | ||
array_walk_recursive($frame['vars'], array($this, 'sanitize')); | ||
} | ||
} | ||
|
||
/** | ||
* {@inheritdoc} | ||
*/ | ||
public function process(&$data) | ||
{ | ||
if (!empty($data['exception'])) { | ||
$this->sanitizeException($data); | ||
} | ||
if (!empty($data['stacktrace'])) { | ||
$this->sanitizeStacktrace($data['stacktrace']); | ||
} | ||
if (!empty($data['request'])) { | ||
$this->sanitizeHttp($data); | ||
} | ||
if (!empty($data['extra'])) { | ||
array_walk_recursive($data['extra'], array($this, 'sanitize')); | ||
} | ||
} | ||
|
||
/** | ||
* @return string | ||
*/ | ||
public function getFieldsRe() | ||
{ | ||
return $this->fields_re; | ||
} | ||
|
||
/** | ||
* @param string $fields_re | ||
*/ | ||
public function setFieldsRe($fields_re) | ||
{ | ||
$this->fields_re = $fields_re; | ||
} | ||
|
||
/** | ||
* @return string | ||
*/ | ||
public function getValuesRe() | ||
{ | ||
return $this->values_re; | ||
} | ||
|
||
/** | ||
* @param string $values_re | ||
*/ | ||
public function setValuesRe($values_re) | ||
{ | ||
$this->values_re = $values_re; | ||
} | ||
} |
Oops, something went wrong.