Merge pull request #7725 from kenjis/fix-sensitiveDataInTrace

kenjis · web-flow · commit 48d5dedefda4 · 2023-07-26T06:12:02.000+09:00
fix: $sensitiveDataInTrace does not work
diff --git a/phpstan-baseline.php b/phpstan-baseline.php
@@ -931,11 +931,6 @@
 	'count' => 1,
 	'path' => __DIR__ . '/system/Debug/Exceptions.php',
 ];
-$ignoreErrors[] = [
-	'message' => '#^Method CodeIgniter\\\\Debug\\\\Exceptions\\:\\:maskSensitiveData\\(\\) has no return type specified\\.$#',
-	'count' => 1,
-	'path' => __DIR__ . '/system/Debug/Exceptions.php',
-];
 $ignoreErrors[] = [
 	'message' => '#^Method CodeIgniter\\\\Debug\\\\Exceptions\\:\\:render\\(\\) has no return type specified\\.$#',
 	'count' => 1,
diff --git a/system/Debug/Exceptions.php b/system/Debug/Exceptions.php
@@ -293,7 +293,7 @@ protected function collectVars(Throwable $exception, int $statusCode): array
         $trace = $exception->getTrace();
 
         if ($this->config->sensitiveDataInTrace !== []) {
-            $this->maskSensitiveData($trace, $this->config->sensitiveDataInTrace);
+            $trace = $this->maskSensitiveData($trace, $this->config->sensitiveDataInTrace);
         }
 
         return [
@@ -311,31 +311,52 @@ protected function collectVars(Throwable $exception, int $statusCode): array
      * Mask sensitive data in the trace.
      *
      * @param array|object $trace
+     *
+     * @return array|object
      */
-    protected function maskSensitiveData(&$trace, array $keysToMask, string $path = '')
+    protected function maskSensitiveData($trace, array $keysToMask, string $path = '')
+    {
+        foreach ($trace as $i => $line) {
+            $trace[$i]['args'] = $this->maskData($line['args'], $keysToMask);
+        }
+
+        return $trace;
+    }
+
+    /**
+     * @param array|object $args
+     *
+     * @return array|object
+     */
+    private function maskData($args, array $keysToMask, string $path = '')
     {
         foreach ($keysToMask as $keyToMask) {
             $explode = explode('/', $keyToMask);
             $index   = end($explode);
 
             if (strpos(strrev($path . '/' . $index), strrev($keyToMask)) === 0) {
-                if (is_array($trace) && array_key_exists($index, $trace)) {
-                    $trace[$index] = '******************';
-                } elseif (is_object($trace) && property_exists($trace, $index) && isset($trace->{$index})) {
-                    $trace->{$index} = '******************';
+                if (is_array($args) && array_key_exists($index, $args)) {
+                    $args[$index] = '******************';
+                } elseif (
+                    is_object($args) && property_exists($args, $index)
+                    && isset($args->{$index}) && is_scalar($args->{$index})
+                ) {
+                    $args->{$index} = '******************';
                 }
             }
         }
 
-        if (is_object($trace)) {
-            $trace = get_object_vars($trace);
-        }
-
-        if (is_array($trace)) {
-            foreach ($trace as $pathKey => $subarray) {
-                $this->maskSensitiveData($subarray, $keysToMask, $path . '/' . $pathKey);
+        if (is_array($args)) {
+            foreach ($args as $pathKey => $subarray) {
+                $args[$pathKey] = $this->maskData($subarray, $keysToMask, $path . '/' . $pathKey);
+            }
+        } elseif (is_object($args)) {
+            foreach ($args as $pathKey => $subarray) {
+                $args->{$pathKey} = $this->maskData($subarray, $keysToMask, $path . '/' . $pathKey);
             }
         }
+
+        return $args;
     }
 
     /**
diff --git a/tests/system/Debug/ExceptionsTest.php b/tests/system/Debug/ExceptionsTest.php
@@ -11,6 +11,7 @@
 
 namespace CodeIgniter\Debug;
 
+use App\Controllers\Home;
 use CodeIgniter\Database\Exceptions\DatabaseException;
 use CodeIgniter\Entity\Exceptions\CastException;
 use CodeIgniter\Exceptions\ConfigException;
@@ -147,4 +148,85 @@ public function testRenderBacktrace(): void
             );
         }
     }
+
+    public function testMaskSensitiveData(): void
+    {
+        $maskSensitiveData = $this->getPrivateMethodInvoker($this->exception, 'maskSensitiveData');
+
+        $trace = [
+            0 => [
+                'file'     => '/var/www/CodeIgniter4/app/Controllers/Home.php',
+                'line'     => 15,
+                'function' => 'f',
+                'class'    => Home::class,
+                'type'     => '->',
+                'args'     => [
+                    0 => (object) [
+                        'password' => 'secret1',
+                    ],
+                    1 => (object) [
+                        'default' => [
+                            'password' => 'secret2',
+                        ],
+                    ],
+                    2 => [
+                        'password' => 'secret3',
+                    ],
+                    3 => [
+                        'default' => ['password' => 'secret4'],
+                    ],
+                ],
+            ],
+            1 => [
+                'file'     => '/var/www/CodeIgniter4/system/CodeIgniter.php',
+                'line'     => 932,
+                'function' => 'index',
+                'class'    => Home::class,
+                'type'     => '->',
+                'args'     => [
+                ],
+            ],
+        ];
+        $keysToMask = ['password'];
+        $path       = '';
+
+        $newTrace = $maskSensitiveData($trace, $keysToMask, $path);
+
+        $this->assertSame(['password' => '******************'], (array) $newTrace[0]['args'][0]);
+        $this->assertSame(['password' => '******************'], $newTrace[0]['args'][1]->default);
+        $this->assertSame(['password' => '******************'], $newTrace[0]['args'][2]);
+        $this->assertSame(['password' => '******************'], $newTrace[0]['args'][3]['default']);
+    }
+
+    public function testMaskSensitiveDataTraceDataKey(): void
+    {
+        $maskSensitiveData = $this->getPrivateMethodInvoker($this->exception, 'maskSensitiveData');
+
+        $trace = [
+            0 => [
+                'file'     => '/var/www/CodeIgniter4/app/Controllers/Home.php',
+                'line'     => 15,
+                'function' => 'f',
+                'class'    => Home::class,
+                'type'     => '->',
+                'args'     => [
+                ],
+            ],
+            1 => [
+                'file'     => '/var/www/CodeIgniter4/system/CodeIgniter.php',
+                'line'     => 932,
+                'function' => 'index',
+                'class'    => Home::class,
+                'type'     => '->',
+                'args'     => [
+                ],
+            ],
+        ];
+        $keysToMask = ['file'];
+        $path       = '';
+
+        $newTrace = $maskSensitiveData($trace, $keysToMask, $path);
+
+        $this->assertSame('/var/www/CodeIgniter4/app/Controllers/Home.php', $newTrace[0]['file']);
+    }
 }
