Child pages
  • [system-log, debugger] Anonymize file path in error messages
Skip to end of metadata
Go to start of metadata

I think, that when displaying a paths to a files in error messages we need to anonymize the path by:

  • replacing path to In-Portal with <in-portal>
  • replacing path to an Composer-provided external libraries /vendor/company-name/library-name/ with <company-name/library-name>

This would not only makes path shorter and more readable, but would also prevent exposing web server details, when users report error messages in debug reports.

Examples

BeforeAfter
/home/sites/alex/d/in-portal.5.2.x/core/kernel/startup.php<in-portal>/core/kernel/startup.php
/home/sites/alex/d/in-portal.5.2.x/vendor/behat/mink/src/Mink.php<behat/mink>/src/Mink.php

It seems, that we're already replace path to In-Portal with "..." in "Logs & Reports > System Logs" section, but doing that system-wide would be better. Places I think are still using full paths:

  • kLogger class, when displaying an error when "debug mode" is turned off
  • Debugger, seems to replace something in path, still keeps base in-portal folder in file names

Solution

  1. create the kUtil::anonymizeFilePath($file) method to avoid any code duplication between Debugger and System Log
  2. use method in all relevant places
  3. store anonymized paths in database (e.g. System Log stack traces) to avoid doing anonymization on each output attempt

Related Tasks

1 Comment

  1. For example if somebody sees an error on their website, then he can safely do a screenshot without fearing that his server configuration would be compromised (by displaying it on screenshot).