Skip to content
This repository
Browse code

ENHANCEMENT Allowing filtered arguments on specific functions like my…

…sql_connect() in SS_Backtrace
  • Loading branch information...
commit 9d344a07d34f43ec2c8bc4b8e50fddbf95f4505d 1 parent 1704e42
Ingo Schommer authored May 26, 2011
45  dev/Backtrace.php
@@ -6,6 +6,36 @@
6 6
 class SS_Backtrace {
7 7
 	
8 8
 	/**
  9
+	 * @var array Replaces all arguments with a '<filtered>' string,
  10
+	 * mostly for security reasons. Use string values for global functions,
  11
+	 * and array notation for class methods.
  12
+	 * PHP's debug_backtrace() doesn't allow to inspect the argument names,
  13
+	 * so all arguments of the provided functions will be filtered out.
  14
+	 */
  15
+	static $ignore_function_args = array(
  16
+		'mysql_connect',
  17
+		'mssql_connect',
  18
+		'pg_connect',
  19
+		array('DB', 'connect'),
  20
+		array('Security', 'check_default_admin'),
  21
+		array('Security', 'encrypt_password'),
  22
+		array('Security', 'setDefaultAdmin'),
  23
+		array('DB', 'createDatabase'),
  24
+		array('Member', 'checkPassword'),
  25
+		array('Member', 'changePassword'),
  26
+		array('MemberPassword', 'checkPassword'),
  27
+		array('PasswordValidator', 'validate'),
  28
+		array('PasswordEncryptor_PHPHash', 'encrypt'),
  29
+		array('PasswordEncryptor_PHPHash', 'salt'),
  30
+		array('PasswordEncryptor_LegacyPHPHash', 'encrypt'),
  31
+		array('PasswordEncryptor_LegacyPHPHash', 'salt'),
  32
+		array('PasswordEncryptor_MySQLPassword', 'encrypt'),
  33
+		array('PasswordEncryptor_MySQLPassword', 'salt'),
  34
+		array('PasswordEncryptor_MySQLOldPassword', 'encrypt'),
  35
+		array('PasswordEncryptor_MySQLOldPassword', 'salt'),
  36
+	);
  37
+	
  38
+	/**
9 39
 	 * Return debug_backtrace() results with functions filtered
10 40
 	 * specific to the debugging system, and not the trace.
11 41
 	 * 
@@ -53,6 +83,21 @@ static function filter_backtrace($bt, $ignoredFunctions = null) {
53 83
 			array_shift($bt);
54 84
 		}
55 85
 		
  86
+		// Filter out arguments
  87
+		foreach($bt as $i => $frame) {
  88
+			$match = false;
  89
+			if(@$bt[$i]['class']) {
  90
+				foreach(self::$ignore_function_args as $fnSpec) {
  91
+					if(is_array($fnSpec) && $bt[$i]['class'] == $fnSpec[0] && $bt[$i]['function'] == $fnSpec[1]) $match = true;
  92
+				}
  93
+			} else {
  94
+				if(in_array($bt[$i]['function'], self::$ignore_function_args)) $match = true;
  95
+			}
  96
+			if($match) {
  97
+				foreach($bt[$i]['args'] as $j => $arg) $bt[$i]['args'][$j] = '<filtered>';
  98
+			}
  99
+		}
  100
+		
56 101
 		return $bt;	
57 102
 	}
58 103
 	
48  tests/dev/BacktraceTest.php
... ...
@@ -0,0 +1,48 @@
  1
+<?php
  2
+/**
  3
+ * @package sapphire
  4
+ * @subpackage tests
  5
+ */
  6
+class BacktraceTest extends SapphireTest {
  7
+	
  8
+	function testIgnoredFunctionArgs() {
  9
+		$orig = SS_Backtrace::$ignore_function_args;
  10
+		
  11
+		$bt = array(
  12
+			array(
  13
+				'type' => '->',
  14
+				'file' => 'MyFile.php',
  15
+				'line' => 99,
  16
+				'function' => 'myIgnoredGlobalFunction',
  17
+				'args' => array('password' => 'secred',)
  18
+			),
  19
+			array(
  20
+				'class' => 'MyClass',
  21
+				'type' => '->',
  22
+				'file' => 'MyFile.php',
  23
+				'line' => 99,
  24
+				'function' => 'myIgnoredClassFunction',
  25
+				'args' => array('password' => 'secred',)
  26
+			),
  27
+			array(
  28
+				'class' => 'MyClass',
  29
+				'type' => '->',
  30
+				'file' => 'MyFile.php',
  31
+				'line' => 99,
  32
+				'function' => 'myFunction',
  33
+				'args' => array('myarg' => 'myval')
  34
+			)
  35
+		);
  36
+		SS_Backtrace::$ignore_function_args[] = array('MyClass', 'myIgnoredClassFunction');
  37
+		SS_Backtrace::$ignore_function_args[] = 'myIgnoredGlobalFunction';
  38
+
  39
+		$filtered = SS_Backtrace::filter_backtrace($bt);
  40
+
  41
+		$this->assertEquals('<filtered>', $filtered[0]['args']['password'], 'Filters global functions');
  42
+		$this->assertEquals('<filtered>', $filtered[1]['args']['password'], 'Filters class functions');
  43
+		$this->assertEquals('myval', $filtered[2]['args']['myarg'], 'Doesnt filter other functions');
  44
+		
  45
+		SS_Backtrace::$ignore_function_args = $orig;
  46
+	}
  47
+	
  48
+}

0 notes on commit 9d344a0

Please sign in to comment.
Something went wrong with that request. Please try again.