ExceptionSerializerTest.php 2.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * @copyright Copyright (c) 2021 Arthur Schiwon <blizzz@arthur-schiwon.de>
  5. *
  6. * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  7. *
  8. * @license GNU AGPL version 3 or any later version
  9. *
  10. * This program is free software: you can redistribute it and/or modify
  11. * it under the terms of the GNU Affero General Public License as
  12. * published by the Free Software Foundation, either version 3 of the
  13. * License, or (at your option) any later version.
  14. *
  15. * This program is distributed in the hope that it will be useful,
  16. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  18. * GNU Affero General Public License for more details.
  19. *
  20. * You should have received a copy of the GNU Affero General Public License
  21. * along with this program. If not, see <https://www.gnu.org/licenses/>.
  22. *
  23. */
  24. namespace lib\Log;
  25. use OC\Log\ExceptionSerializer;
  26. use OC\SystemConfig;
  27. use Test\TestCase;
  28. class ExceptionSerializerTest extends TestCase {
  29. private ExceptionSerializer $serializer;
  30. public function setUp(): void {
  31. parent::setUp();
  32. $config = $this->createMock(SystemConfig::class);
  33. $this->serializer = new ExceptionSerializer($config);
  34. }
  35. private function emit($arguments) {
  36. \call_user_func_array([$this, 'bind'], $arguments);
  37. }
  38. private function bind(array &$myValues): void {
  39. throw new \Exception('my exception');
  40. }
  41. private function customMagicAuthThing(string $login, string $parole): void {
  42. throw new \Exception('expected custom auth exception');
  43. }
  44. /**
  45. * this test ensures that the serializer does not overwrite referenced
  46. * variables. It is crafted after a scenario we experienced: the DAV server
  47. * emitting the "validateTokens" event, of which later on a handled
  48. * exception was passed to the logger. The token was replaced, the original
  49. * variable overwritten.
  50. */
  51. public function testSerializer() {
  52. try {
  53. $secret = ['Secret'];
  54. $this->emit([&$secret]);
  55. } catch (\Exception $e) {
  56. $serializedData = $this->serializer->serializeException($e);
  57. $this->assertSame(['Secret'], $secret);
  58. $this->assertSame(ExceptionSerializer::SENSITIVE_VALUE_PLACEHOLDER, $serializedData['Trace'][0]['args'][0]);
  59. }
  60. }
  61. public function testSerializerWithRegisteredMethods() {
  62. $this->serializer->enlistSensitiveMethods(self::class, ['customMagicAuthThing']);
  63. try {
  64. $this->customMagicAuthThing('u57474', 'Secret');
  65. } catch (\Exception $e) {
  66. $serializedData = $this->serializer->serializeException($e);
  67. $this->assertSame('customMagicAuthThing', $serializedData['Trace'][0]['function']);
  68. $this->assertSame(ExceptionSerializer::SENSITIVE_VALUE_PLACEHOLDER, $serializedData['Trace'][0]['args'][0]);
  69. $this->assertFalse(isset($serializedData['Trace'][0]['args'][1]));
  70. }
  71. }
  72. }