Skip to content

Allow custom sensitive values to be filtered out by OC\Log\ExceptionSerializer #36611

New issue
New issue
Open
Open
Allow custom sensitive values to be filtered out by OC\Log\ExceptionSerializer#36611
Labels
0. Needs triagePending check for reproducibility or if it fits our roadmapenhancementfeature: loggingsecurity
@summersab

Description

@summersab
summersab
opened on Feb 8, 2023

How to use GitHub

  • Please use the 👍 reaction to show that you are interested into the same feature.
  • Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
  • Subscribe to receive notifications on status change and new comments.

Is your feature request related to a problem? Please describe.
The OC\Log\ExceptionSerializer class provides a mechanism to redact sensitive values from the log with the SENSITIVE_VALUE_PLACEHOLDER constant. However, some apps and integrations use secret values that should also not be written to the log. For example, the JWT of the OnlyOffice app and the certificates of the SSO & SAML Authentication (user_saml) app should never be written to the log and should be redacted.

Describe the solution you'd like
There should be a way to add custom values to the ExceptionSerializer or OC\Log classes in order to have them filtered out of the stack trace and error log.

Describe alternatives you've considered
I managed to write an app that registers a custom error logger class to the server which overrides and replaces the default logger. However, if errors occur before all apps are loaded, my custom logger will not be available.

Additional context
There are a number of considerations to be made to provide this functionality:

  • It cannot be provided using an app. As previously mentioned, any errors that occur before all apps have loaded will not be filtered if the solution is app-based.
  • App developers could submit PRs to the ExceptionSerializer class to support any sensitive values used by their apps. However, hard-coding these values isn't a great solution. It would be better to somehow allow adding custom values.
  • Many sensitive values are dynamic and only accessible via a function. For example, if an authentication app is using OCP\Authentication\IProvideUserSecretBackend, the value is different for every user, and getCurrentUserSecret() must be used to get the value. Registering these types of values with the ExceptionSerializer would be difficult.

I wouldn't mind tackling this project, but given these sorts of challenges, I wanted to have a discussion to see if anyone had suggestions on how best to proceed.

Metadata

Metadata

Assignees

No one assigned

    Labels

    0. Needs triagePending check for reproducibility or if it fits our roadmapenhancementfeature: loggingsecurity

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions