env sanitizier (#7342)

* Hide ENV variables with Password #474 * Hide ENV variables with Password #474
2025-04-20 23:21:54 +02:00 · 2024-12-13 16:30:05 +04:00 · 2024-12-13 16:30:05 +04:00 · 0272bbaf99
commit 0272bbaf99
parent cc54e1986a
2 changed files with 29 additions and 28 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -17,6 +17,7 @@ HumHub Changelog
 - Enh #7334: New safe method to rename a database column
 - Enh #7336: Update GitHub workflow versions
 - Enh #7339: Add `DeviceDetectorHelper::isMultiInstanceApp()` method to detect if the app is running in a multi-instance mode
+- Enh #7342: Mask .env `DB__PASSWORD` variable in logs

 1.17.0-beta.2 (November 12, 2024)
 ---------------------------------
--- a/protected/humhub/config/common.php
+++ b/protected/humhub/config/common.php
@ -20,6 +20,26 @@ if (!defined('PKCS7_DETACHED')) {
    define('PKCS7_DETACHED', 64);
 }

+$logTargetConfig = [
+    'levels' => ['error', 'warning'],
+    'except' => [
+        'yii\web\HttpException:400',
+        'yii\web\HttpException:401',
+        'yii\web\HttpException:403',
+        'yii\web\HttpException:404',
+        'yii\web\HttpException:405',
+        'yii\web\User::getIdentityAndDurationFromCookie',
+        'yii\web\User::renewAuthStatus',
+    ],
+    'logVars' => ['_GET', '_SERVER'],
+    'maskVars' => [
+        '_SERVER.HTTP_AUTHORIZATION',
+        '_SERVER.PHP_AUTH_USER',
+        '_SERVER.PHP_AUTH_PW',
+        '_SERVER.HUMHUB_CONFIG__COMPONENTS__DB__PASSWORD',
+    ],
+];
+
 $config = [
    'name' => 'HumHub',
    'version' => '1.17.0-beta.2',
@ -61,34 +81,14 @@ $config = [
        'log' => [
            'traceLevel' => YII_DEBUG ? 3 : 0,
            'targets' => [
-                \yii\log\FileTarget::class => [
-                    'class' => \yii\log\FileTarget::class,
-                    'levels' => ['error', 'warning'],
-                    'except' => [
-                        'yii\web\HttpException:400',
-                        'yii\web\HttpException:401',
-                        'yii\web\HttpException:403',
-                        'yii\web\HttpException:404',
-                        'yii\web\HttpException:405',
-                        'yii\web\User::getIdentityAndDurationFromCookie',
-                        'yii\web\User::renewAuthStatus',
-                    ],
-                    'logVars' => ['_GET', '_SERVER'],
-                ],
-                \yii\log\DbTarget::class => [
-                    'class' => \yii\log\DbTarget::class,
-                    'levels' => ['error', 'warning'],
-                    'except' => [
-                        'yii\web\HttpException:400',
-                        'yii\web\HttpException:401',
-                        'yii\web\HttpException:403',
-                        'yii\web\HttpException:404',
-                        'yii\web\HttpException:405',
-                        'yii\web\User::getIdentityAndDurationFromCookie',
-                        'yii\web\User::renewAuthStatus',
-                    ],
-                    'logVars' => ['_GET', '_SERVER'],
-                ],
+                \yii\log\FileTarget::class => \yii\helpers\ArrayHelper::merge(
+                    ['class' => \yii\log\FileTarget::class],
+                    $logTargetConfig
+                ),
+                \yii\log\DbTarget::class => \yii\helpers\ArrayHelper::merge(
+                    ['class' => \yii\log\DbTarget::class],
+                    $logTargetConfig
+                ),
            ],
        ],
        'settings' => [