From 1eb76c445779aba155a5ef3e31898a535b423953 Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Sun, 18 Feb 2018 14:31:40 -0600 Subject: [PATCH] Log more information for PDOExceptions while also keeping passwords out. --- CHANGELOG.md | 3 +++ app/Exceptions/Handler.php | 45 +++++++++++++++++++++++++++++++++++++- 2 files changed, 47 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2dcd758a8..e55559289 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,9 @@ This project follows [Semantic Versioning](http://semver.org) guidelines. * Fixes database naming scheme using `d###_` rather than `s###_` when creating server databases. * Fix exception thrown when attempting to update an existing database host. +### Changed +* Adjusted exception handler behavior to log more stack information for PDO exceptions while not exposing credentials. + ## v0.7.0 (Derelict Dermodactylus) ### Fixed * `[rc.2]` — Fixes bad API behavior on `/user` routes. diff --git a/app/Exceptions/Handler.php b/app/Exceptions/Handler.php index 96a9c366b..500f2d0ca 100644 --- a/app/Exceptions/Handler.php +++ b/app/Exceptions/Handler.php @@ -32,6 +32,16 @@ class Handler extends ExceptionHandler ValidationException::class, ]; + /** + * A list of exceptions that should be logged with cleaned stack + * traces to avoid exposing credentials or other sensitive information. + * + * @var array + */ + protected $cleanStacks = [ + PDOException::class, + ]; + /** * A list of the inputs that are never flashed for validation exceptions. * @@ -73,7 +83,40 @@ class Handler extends ExceptionHandler throw $exception; } - return $logger->error($exception instanceof PDOException ? $exception->getMessage() : $exception); + foreach ($this->cleanStacks as $class) { + if ($exception instanceof $class) { + $exception = $this->generateCleanedExceptionStack($exception); + break; + } + } + + return $logger->error($exception); + } + + private function generateCleanedExceptionStack(Exception $exception) + { + $cleanedStack = ''; + foreach ($exception->getTrace() as $index => $item) { + $cleanedStack .= sprintf( + "#%d %s(%d): %s%s%s\n", + $index, + array_get($item, 'file'), + array_get($item, 'line'), + array_get($item, 'class'), + array_get($item, 'type'), + array_get($item, 'function') + ); + } + + $message = sprintf( + '%s: %s in %s:%d', + class_basename($exception), + $exception->getMessage(), + $exception->getFile(), + $exception->getLine() + ); + + return $message . "\nStack trace:\n" . trim($cleanedStack); } /**