Bug 1567186: More thorough checking for passwords in stacktraces

Rather than having an increasing list of specific parameters that we know to have passwords, this patch censors the content of any parameter with a name that contains the string "password" or "pw". behatnotneeded: Can't test with Behat Change-Id: Ifaa2ec10cf749c173b1a8d0928c6cc052124a83f

Bug 1567186: More thorough checking for passwords in stacktraces
Rather than having an increasing list of specific parameters that we know to have passwords, this patch censors the content of any parameter with a name that contains the string "password" or "pw". behatnotneeded: Can't test with Behat Change-Id: Ifaa2ec10cf749c173b1a8d0928c6cc052124a83f
ae452377 · Aaron Wells · 3c20b2d6 · ae452377
Commit ae452377 authored Apr 14, 2016 by Aaron Wells
Hide whitespace changes
Inline Side-by-side

Showing with 56 additions and 6 deletions

htdocs/lib/errors.php htdocs/lib/errors.php +56 -6

No files found.
--- a/htdocs/lib/errors.php
+++ b/htdocs/lib/errors.php
@@ -294,12 +294,10 @@ function log_build_backtrace($backtrace) {
    //array_shift($backtrace);

    foreach ($backtrace as $bt) {
-        // Change password in args for LiveUser object to 8 stars
-        if (!empty($bt['class']) && ($bt['class'] == 'LiveUser' || $bt['class'] == 'AuthLdap')) {
-            if (!empty($bt['args'][1])) {
-                $bt['args'][1] = str_repeat('*', 8);
-            }
-        }
+
+        // Blank out any passwords from the logs
+        censor_password_parameters($bt);
+
        $bt['file']  = (isset($bt['file'])) ? $bt['file'] : 'Unknown';
        $bt['line']  = (isset($bt['line'])) ? $bt['line'] : 0;
        $bt['class'] = (isset($bt['class'])) ? $bt['class'] : '';
@@ -366,6 +364,58 @@ function log_build_backtrace($backtrace) {
    return array($textmessage, $htmlmessage);
 }

+
+/**
+ * Detects whether a backtrace line contains a function call with password parameters in it.
+ * Replaces the value of any password params with "********" so that passwords won't be
+ * printed in the logs or error messages.
+ *
+ * This function assumes any parameter with a name that contains "password" or "pw"
+ * is a password.
+ *
+ * @param array &$backtraceline An entry in the array returned by debug_backtrace()
+ * @return void
+ */
+function censor_password_parameters(&$backtraceline) {
+    if (isset($backtraceline['function'])) {
+        try {
+            if (isset($backtraceline['class'])) {
+                $refClass = new ReflectionClass($backtraceline['class']);
+                $refFunc = $refClass->getMethod($backtraceline['function']);
+            }
+            else {
+                // Function-like "language constructs" such as "require" and "echo"
+                // are listed as a function by debug_backtrace(), but can't be
+                // reflected.
+                if (!function_exists($backtraceline['function'])) {
+                    return;
+                }
+                $refFunc = new ReflectionFunction($backtraceline['function']);
+            }
+
+            foreach ($refFunc->getParameters() as $param) {
+                $name = strtolower($param->getName());
+                if (
+                    strpos($name, 'password') !== false
+                    || strpos($name, 'pw') !== false
+                ) {
+                    $i = $param->getPosition();
+                    if (isset($backtraceline['args'][$i])) {
+                        $backtraceline['args'][$i] = '********';
+                    }
+                }
+            }
+            return;
+        }
+        catch (ReflectionException $re) {
+            // Don't want a failure here to totally prevent logging.
+            return;
+        }
+    }
+
+    return;
+}
+
 /**
 * Ends the script with an informational message
 *