From ab959da12314cc55775feba9ae4ab74e637c66e3 Mon Sep 17 00:00:00 2001 From: Joe Haines Date: Wed, 9 Sep 2020 16:17:50 +0100 Subject: [PATCH] Add HTTP basic auth headers to default filters MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Technically only 'authorization' is used as a header, but PHP will parse the username & password (or digest) — these aren't counted as headers by PHP, but Symfony treats them as headers. Since a lot of other projects use Symfony's HTTP foundation (e.g. Laravel), it makes sense to add them as default filters too --- CHANGELOG.md | 3 +++ src/Configuration.php | 9 ++++++++- tests/ClientTest.php | 3 +++ tests/ReportTest.php | 23 +++++++++++++++++++---- 4 files changed, 33 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 25c20961..c0c8eea6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,9 @@ Changelog * Cookies are now filtered from events by default [#596](https://github.com/bugsnag/bugsnag-php/pull/596) +* HTTP basic auth headers are filtered from events by default + [#597](https://github.com/bugsnag/bugsnag-php/pull/597) + ## 3.22.0 (2020-08-20) ### Enhancements diff --git a/src/Configuration.php b/src/Configuration.php index a58a6b77..4d2c2b13 100644 --- a/src/Configuration.php +++ b/src/Configuration.php @@ -45,7 +45,14 @@ class Configuration * * @var string[] */ - protected $filters = ['password', 'cookie']; + protected $filters = [ + 'password', + 'cookie', + 'authorization', + 'php-auth-user', + 'php-auth-pw', + 'php-auth-digest', + ]; /** * The project root regex. diff --git a/tests/ClientTest.php b/tests/ClientTest.php index 0d0d29ac..840715eb 100644 --- a/tests/ClientTest.php +++ b/tests/ClientTest.php @@ -372,6 +372,7 @@ public function testItAddsADefaultSetOfMiddlewares() $_SERVER['HTTP_COOKIE'] = 'tastes=delicious'; $_SERVER['HTTP_X_FORWARDED_FOR'] = '8.76.54.321'; $_SERVER['REQUEST_URI'] = '/abc/xyz?abc=1&xyz=2'; + $_SERVER['HTTP_AUTHORIZATION'] = 'Basic YTpi'; $_GET['abc'] = '1'; $_GET['xyz'] = '2'; $_COOKIE['tastes'] = 'delicious'; @@ -408,6 +409,7 @@ function (Report $report) use (&$pipelineCompleted) { 'Host' => 'example.com', 'Cookie' => 'tastes=delicious', 'X-Forwarded-For' => '8.76.54.321', + 'Authorization' => 'Basic YTpi', ], ], 'session' => [ @@ -426,6 +428,7 @@ function (Report $report) use (&$pipelineCompleted) { 'Host' => 'example.com', 'Cookie' => '[FILTERED]', 'X-Forwarded-For' => '8.76.54.321', + 'Authorization' => '[FILTERED]', ], $payload['metaData']['request']['headers'] ); diff --git a/tests/ReportTest.php b/tests/ReportTest.php index 154b8732..2e660f98 100644 --- a/tests/ReportTest.php +++ b/tests/ReportTest.php @@ -102,12 +102,27 @@ public function testUser() public function testDefaultFilters() { - $this->report->setMetaData([ - 'Testing' => ['password' => '123456', 'Cookie' => 'abc=xyz'], - ]); + $metadata = array_reduce( + $this->config->getFilters(), + function ($metadata, $filter) { + $metadata[$filter] = "abc {$filter} xyz"; + + return $metadata; + }, + [] + ); + + $this->report->setMetaData(['Testing' => $metadata]); $this->assertSame( - ['password' => '[FILTERED]', 'Cookie' => '[FILTERED]'], + [ + 'password' => '[FILTERED]', + 'cookie' => '[FILTERED]', + 'authorization' => '[FILTERED]', + 'php-auth-user' => '[FILTERED]', + 'php-auth-pw' => '[FILTERED]', + 'php-auth-digest' => '[FILTERED]', + ], $this->report->toArray()['metaData']['Testing'] ); }