HeaderCallback: Sanitize cookie values in debug logs
Avoid logging session cookies and other similar data, but leave enough for correlating with other logs. Change-Id: Ie2b622eb606605aed2b2fada1da040320bd27639
This commit is contained in:
Gergő Tisza
Krinkle
parent
f8ea240085
commit
96583fe903
2 changed files with 70 additions and 1 deletions
|
|
@ -50,7 +50,7 @@ class HeaderCallback {
|
|||
\MediaWiki\Logger\LoggerFactory::getInstance( 'cache-cookies' )->warning(
|
||||
'Cookies set on {url} with Cache-Control "{cache-control}"', [
|
||||
'url' => \WebRequest::getGlobalRequestURL(),
|
||||
'cookies' => $headers['set-cookie'],
|
||||
'set-cookie' => self::sanitizeSetCookie( $headers['set-cookie'] ),
|
||||
'cache-control' => $cacheControl ?: '<not set>',
|
||||
]
|
||||
);
|
||||
|
|
@ -79,4 +79,24 @@ class HeaderCallback {
|
|||
] );
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Sanitize Set-Cookie headers for logging.
|
||||
* @param array $values List of header values.
|
||||
* @return string
|
||||
*/
|
||||
public static function sanitizeSetCookie( array $values ) {
|
||||
$sanitizedValues = [];
|
||||
foreach ( $values as $value ) {
|
||||
// Set-Cookie header format: <cookie-name>=<cookie-value>; <non-sensitive attributes>
|
||||
$parts = explode( ';', $value );
|
||||
list( $name, $value ) = explode( '=', $parts[0], 2 );
|
||||
if ( strlen( $value ) > 8 ) {
|
||||
$value = substr( $value, 0, 8 ) . '...';
|
||||
$parts[0] = "$name=$value";
|
||||
}
|
||||
$sanitizedValues[] = implode( ';', $parts );
|
||||
}
|
||||
return implode( "\n", $sanitizedValues );
|
||||
}
|
||||
}
|
||||
|
|
|
|||
49
tests/phpunit/unit/includes/HeaderCallbackTest.php
Normal file
49
tests/phpunit/unit/includes/HeaderCallbackTest.php
Normal file
|
|
@ -0,0 +1,49 @@
|
|||
<?php
|
||||
|
||||
use MediaWiki\HeaderCallback;
|
||||
|
||||
/**
|
||||
* @coversDefaultClass MediaWiki\HeaderCallback
|
||||
*/
|
||||
class HeaderCallbackTest extends MediaWikiUnitTestCase {
|
||||
|
||||
/**
|
||||
* @dataProvider provideSanitizeSetCookie
|
||||
* @covers ::sanitizeSetCookie
|
||||
*/
|
||||
public function testSanitizeSetCookie( $raw, $expectedSanitized ) {
|
||||
$this->assertSame( $expectedSanitized, HeaderCallback::sanitizeSetCookie( $raw ) );
|
||||
}
|
||||
|
||||
public function provideSanitizeSetCookie() {
|
||||
return [
|
||||
[
|
||||
[
|
||||
'sessionId=38afes7a'
|
||||
],
|
||||
'sessionId=38afes7a',
|
||||
],
|
||||
[
|
||||
[
|
||||
'id=a3fWa; Expires=Wed, 21 Oct 2015 07:28:00 GMT'
|
||||
],
|
||||
'id=a3fWa; Expires=Wed, 21 Oct 2015 07:28:00 GMT',
|
||||
],
|
||||
[
|
||||
[
|
||||
'qwerty=219ffwef9w0f; Domain=somecompany.co.uk'
|
||||
],
|
||||
'qwerty=219ffwef...; Domain=somecompany.co.uk',
|
||||
],
|
||||
[
|
||||
[
|
||||
'sessionId=aaa',
|
||||
'sessionId=bbbbbbbbbb',
|
||||
'sessionId=ccc',
|
||||
],
|
||||
"sessionId=aaa\nsessionId=bbbbbbbb...\nsessionId=ccc",
|
||||
],
|
||||
];
|
||||
}
|
||||
|
||||
}
|
||||
Loading…
Reference in a new issue