Fix: remove sensitive logs (#116)

2025-04-21 21:11:59 +02:00 · 2023-11-04 21:48:18 +01:00 · 2023-11-04 21:48:18 +01:00 · 77eef38166
commit 77eef38166
parent 0ae60e7431
8 changed files with 61 additions and 23 deletions
--- a/.env
+++ b/.env
@ -68,3 +68,8 @@ INVITE_FROM_ADDRESS=no-reply@example.org
 # USE ABSOLUTE PATHS for better predictability
 WEBDAV_TMP_DIR='/tmp'
 WEBDAV_PUBLIC_DIR='/webdav'
+
+# Logging path
+# By default, it will log in the standard Symfony directory: var/log/prod.log (for production)
+# You can use /dev/null here if you want to discard logs entirely
+LOG_FILE_PATH="%kernel.logs_dir%/%kernel.environment%.log"
--- a/README.md
+++ b/README.md
@ -117,6 +117,14 @@ WEBDAV_TMP_DIR='/tmp'
 WEBDAV_PUBLIC_DIR='/webdav'
 ```

+g. The log file path
+
+You can use an absolute file path here, and you can use Symfony's `%kernel.logs_dir%` and `%kernel.environment%` placeholders if needed (as in the default value). Setting it to `/dev/null` will disable logging altogether.
+
+```
+LOG_FILE_PATH="%kernel.logs_dir%/%kernel.environment%.log"
+```
+
 ### Specific environment variables for IMAP and LDAP authentication methods

 In case you use the `IMAP` auth type, you must specify the auth url (_the "mailbox" url_) in `IMAP_AUTH_URL`. See https://www.php.net/manual/en/function.imap-open.php for more details.
--- a/config/packages/dev/easy_log_handler.yaml
+++ b/config/packages/dev/easy_log_handler.yaml
@ -1,16 +0,0 @@
-services:
-    EasyCorp\EasyLog\EasyLogHandler:
-        public: false
-        arguments: ['%kernel.logs_dir%/%kernel.environment%.log']
-
-#// FIXME: How to add this configuration automatically without messing up with the monolog configuration?
-#monolog:
-#    handlers:
-#        buffered:
-#            type:     buffer
-#            handler:  easylog
-#            channels: ['!event']
-#            level:    debug
-#        easylog:
-#            type: service
-#            id:   EasyCorp\EasyLog\EasyLogHandler
--- a/config/packages/prod/monolog.yaml
+++ b/config/packages/prod/monolog.yaml
@ -8,7 +8,7 @@ monolog:
            buffer_size: 50 # How many messages should be saved? Prevent memory leaks
        nested:
            type: stream
-            path: "%kernel.logs_dir%/%kernel.environment%.log"
+            path: "%env(resolve:LOG_FILE_PATH)%"
            level: debug
        console:
            type: console
--- a/config/services.yaml
+++ b/config/services.yaml
@ -55,4 +55,8 @@ services:
    App\Security\LoginFormAuthenticator:
        arguments:
            $adminLogin: "%env(ADMIN_LOGIN)%"
-            $adminPassword: "%env(ADMIN_PASSWORD)%"
+            $adminPassword: "%env(ADMIN_PASSWORD)%"
+
+    App\Logging\Monolog\PasswordFilterProcessor:
+        tags:
+            - { name: monolog.processor }
--- a/src/Logging/Monolog/PasswordFilterProcessor.php
+++ b/src/Logging/Monolog/PasswordFilterProcessor.php
@ -0,0 +1,28 @@
+<?php
+
+namespace App\Logging\Monolog;
+
+use Monolog\Processor\ProcessorInterface;
+
+final class PasswordFilterProcessor implements ProcessorInterface
+{
+    private const REDACTED = '****';
+    private const PASSWORD_KEY = 'password';
+    private const SENSITIVE_ARGS_FUNCTIONS = ['validateUserPass', 'ldapOpen', 'password_verify', 'imapOpen', 'ldap_bind', 'hashPassword', 'dav'];
+
+    public function __invoke(array $record): array
+    {
+        // Remove potentially sensitive data from function arguments
+        $shouldRedactArgs = array_key_exists('function', $record) && in_array($record['function'], self::SENSITIVE_ARGS_FUNCTIONS);
+
+        foreach ($record as $key => $item) {
+            if (self::PASSWORD_KEY === strtolower($key) || ('args' === $key && $shouldRedactArgs)) {
+                $record[$key] = self::REDACTED;
+            } elseif (is_array($item)) {
+                $record[$key] = $this($item);
+            }
+        }
+
+        return $record;
+    }
+}
--- a/src/Services/IMAPAuth.php
+++ b/src/Services/IMAPAuth.php
@ -62,7 +62,12 @@ final class IMAPAuth extends IMAP
                $this->utils->createPasswordlessUserWithDefaultObjects($username, $username, $username);

                $em = $this->doctrine->getManager();
-                $em->flush();
+
+                try {
+                    $em->flush();
+                } catch (\Exception $e) {
+                    error_log('IMAP Error (flush): '.$e->getMessage());
+                }
            }
        }

--- a/src/Services/LDAPAuth.php
+++ b/src/Services/LDAPAuth.php
@ -91,7 +91,7 @@ final class LDAPAuth extends AbstractBasic
        try {
            $ldap = ldap_connect($this->LDAPAuthUrl);
        } catch (\ErrorException $e) {
-            error_log($e->getMessage());
+            error_log('LDAP Error (ldap_connect): '.ldap_error($ldap).' ('.ldap_errno($ldap).')');
        }

        if (!$ldap || !ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3)) {
@ -124,8 +124,7 @@ final class LDAPAuth extends AbstractBasic
                $success = true;
            }
        } catch (\ErrorException $e) {
-            error_log($e->getMessage());
-            error_log('LDAP Error: '.ldap_error($ldap).' ('.ldap_errno($ldap).')');
+            error_log('LDAP Error (ldap_bind): '.ldap_error($ldap).' ('.ldap_errno($ldap).')');
        }

        if ($success && $this->autoCreate) {
@ -161,7 +160,12 @@ final class LDAPAuth extends AbstractBasic
                $this->utils->createPasswordlessUserWithDefaultObjects($username, $displayName, $email);

                $em = $this->doctrine->getManager();
-                $em->flush();
+
+                try {
+                    $em->flush();
+                } catch (\Exception $e) {
+                    error_log('LDAP Error (flush): '.$e->getMessage());
+                }
            }
        }