ENHANCEMENT Allowing filtered arguments on specific functions like mysql_connect() in SS_Backtrace

2024-06-28 23:49:26 +02:00 · 2011-05-26 22:04:01 +12:00 · 2011-05-26 22:04:01 +12:00 · 0adac9d40b
commit 0adac9d40b
parent 3588cefa30
2 changed files with 85 additions and 0 deletions
--- a/dev/Backtrace.php
+++ b/dev/Backtrace.php
@ -5,6 +5,36 @@
 */
 class SS_Backtrace {
 	
+	/**
+	 * @var array Replaces all arguments with a '<filtered>' string,
+	 * mostly for security reasons. Use string values for global functions,
+	 * and array notation for class methods.
+	 * PHP's debug_backtrace() doesn't allow to inspect the argument names,
+	 * so all arguments of the provided functions will be filtered out.
+	 */
+	static $ignore_function_args = array(
+		'mysql_connect',
+		'mssql_connect',
+		'pg_connect',
+		array('DB', 'connect'),
+		array('Security', 'check_default_admin'),
+		array('Security', 'encrypt_password'),
+		array('Security', 'setDefaultAdmin'),
+		array('DB', 'createDatabase'),
+		array('Member', 'checkPassword'),
+		array('Member', 'changePassword'),
+		array('MemberPassword', 'checkPassword'),
+		array('PasswordValidator', 'validate'),
+		array('PasswordEncryptor_PHPHash', 'encrypt'),
+		array('PasswordEncryptor_PHPHash', 'salt'),
+		array('PasswordEncryptor_LegacyPHPHash', 'encrypt'),
+		array('PasswordEncryptor_LegacyPHPHash', 'salt'),
+		array('PasswordEncryptor_MySQLPassword', 'encrypt'),
+		array('PasswordEncryptor_MySQLPassword', 'salt'),
+		array('PasswordEncryptor_MySQLOldPassword', 'encrypt'),
+		array('PasswordEncryptor_MySQLOldPassword', 'salt'),
+	);
+	
 	/**
 	 * Return debug_backtrace() results with functions filtered
 	 * specific to the debugging system, and not the trace.
@ -53,6 +83,21 @@ class SS_Backtrace {
 			array_shift($bt);
 		}
 		
+		// Filter out arguments
+		foreach($bt as $i => $frame) {
+			$match = false;
+			if(@$bt[$i]['class']) {
+				foreach(self::$ignore_function_args as $fnSpec) {
+					if(is_array($fnSpec) && $bt[$i]['class'] == $fnSpec[0] && $bt[$i]['function'] == $fnSpec[1]) $match = true;
+				}
+			} else {
+				if(in_array($bt[$i]['function'], self::$ignore_function_args)) $match = true;
+			}
+			if($match) {
+				foreach($bt[$i]['args'] as $j => $arg) $bt[$i]['args'][$j] = '<filtered>';
+			}
+		}
+		
 		return $bt;	
 	}
 	
--- a/tests/dev/BacktraceTest.php
+++ b/tests/dev/BacktraceTest.php
@ -23,4 +23,44 @@ class BacktraceTest extends SapphireTest {
 		);
 	}
 	
+	function testIgnoredFunctionArgs() {
+		$orig = SS_Backtrace::$ignore_function_args;
+		
+		$bt = array(
+			array(
+				'type' => '->',
+				'file' => 'MyFile.php',
+				'line' => 99,
+				'function' => 'myIgnoredGlobalFunction',
+				'args' => array('password' => 'secred',)
+			),
+			array(
+				'class' => 'MyClass',
+				'type' => '->',
+				'file' => 'MyFile.php',
+				'line' => 99,
+				'function' => 'myIgnoredClassFunction',
+				'args' => array('password' => 'secred',)
+			),
+			array(
+				'class' => 'MyClass',
+				'type' => '->',
+				'file' => 'MyFile.php',
+				'line' => 99,
+				'function' => 'myFunction',
+				'args' => array('myarg' => 'myval')
+			)
+		);
+		SS_Backtrace::$ignore_function_args[] = array('MyClass', 'myIgnoredClassFunction');
+		SS_Backtrace::$ignore_function_args[] = 'myIgnoredGlobalFunction';
+
+		$filtered = SS_Backtrace::filter_backtrace($bt);
+
+		$this->assertEquals('<filtered>', $filtered[0]['args']['password'], 'Filters global functions');
+		$this->assertEquals('<filtered>', $filtered[1]['args']['password'], 'Filters class functions');
+		$this->assertEquals('myval', $filtered[2]['args']['myarg'], 'Doesnt filter other functions');
+		
+		SS_Backtrace::$ignore_function_args = $orig;
+	}
+	
 }