Skip to content
Snippets Groups Projects
Commit d909040e authored by John Maguire's avatar John Maguire
Browse files

Remove sensitive data from logs during LDAP filters

parent b9f92f33
No related branches found
No related tags found
No related merge requests found
...@@ -280,7 +280,7 @@ abstract class sspmod_ldap_Auth_Process_BaseFilter extends SimpleSAML_Auth_Proce ...@@ -280,7 +280,7 @@ abstract class sspmod_ldap_Auth_Process_BaseFilter extends SimpleSAML_Auth_Proce
' Referrals: ' . ($referrals ? 'Yes' : 'No') . ' Referrals: ' . ($referrals ? 'Yes' : 'No') .
' Timeout: ' . $timeout . ' Timeout: ' . $timeout .
' Username: ' . $username . ' Username: ' . $username .
' Password: ' . str_repeat('*', strlen($password)) ' Password: ' . (empty($password) ? '' : '********')
); );
// Connect to the LDAP server to be queried during processing // Connect to the LDAP server to be queried during processing
...@@ -300,8 +300,16 @@ abstract class sspmod_ldap_Auth_Process_BaseFilter extends SimpleSAML_Auth_Proce ...@@ -300,8 +300,16 @@ abstract class sspmod_ldap_Auth_Process_BaseFilter extends SimpleSAML_Auth_Proce
* @param mixed $value * @param mixed $value
* @return string * @return string
*/ */
protected function var_export($value) public function var_export($value)
{ {
// Remove sensitive data
foreach ($value as $key => &$val) {
if ($key === 'ldap.password') {
$val = empty($val) ? '' : '********';
}
}
unset($val);
$export = var_export($value, true); $export = var_export($value, true);
$lines = explode("\n", $export); $lines = explode("\n", $export);
foreach ($lines as &$line) { foreach ($lines as &$line) {
......
<?php
class sspmod_ldap_Auth_Process_BaseFilter_Test extends PHPUnit_Framework_TestCase
{
public function testVarExportHidesLdapPassword()
{
$stub = $this->getMockBuilder('sspmod_ldap_Auth_Process_BaseFilter')
->disableOriginalConstructor()
->getMockForAbstractClass();
$this->assertEquals(
"array ( 'ldap.hostname' => 'ldap://172.17.101.32', 'ldap.port' => 389, 'ldap.password' => '********', )",
$stub->var_export(array(
'ldap.hostname' => 'ldap://172.17.101.32',
'ldap.port' => 389,
'ldap.password' => 'password',
))
);
}
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment