This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace Eccube\EventListener; |
||
4 | |||
5 | use Eccube\Application; |
||
6 | use Monolog\Logger; |
||
7 | use Symfony\Component\EventDispatcher\EventSubscriberInterface; |
||
8 | use Symfony\Component\HttpFoundation\Request; |
||
9 | use Symfony\Component\HttpFoundation\Response; |
||
10 | use Symfony\Component\HttpFoundation\Session\SessionInterface; |
||
11 | use Symfony\Component\HttpKernel\Event\FilterResponseEvent; |
||
12 | use Symfony\Component\HttpKernel\Event\GetResponseEvent; |
||
13 | use Symfony\Component\HttpKernel\KernelEvents; |
||
14 | |||
15 | /** |
||
16 | * リクエストログ出力ため Listener |
||
17 | * |
||
18 | * ログ出力を除外したいキーは log.yml の exclude_keys で設定します. |
||
19 | * addExcludeKey(), removeExcludeKey() でも設定できます. |
||
20 | * |
||
21 | * @author Kentaro Ohkouchi |
||
22 | */ |
||
23 | class RequestDumpListener implements EventSubscriberInterface |
||
24 | { |
||
25 | private $app; |
||
26 | private $excludeKeys; |
||
27 | |||
28 | /** |
||
29 | * Constructor function. |
||
30 | * |
||
31 | * @param Application $app |
||
32 | */ |
||
33 | 1192 | public function __construct(Application $app) |
|
34 | { |
||
35 | 1192 | $this->app = $app; |
|
36 | 1192 | $this->excludeKeys = $app['config']['log']['exclude_keys']; |
|
37 | } |
||
38 | |||
39 | /** |
||
40 | * Kernel request listener callback. |
||
41 | * |
||
42 | * @param GetResponseEvent $event |
||
43 | */ |
||
44 | 573 | public function onKernelRequest(GetResponseEvent $event) |
|
45 | { |
||
46 | 573 | if (!$event->isMasterRequest()) { |
|
47 | 83 | return; |
|
48 | } |
||
49 | 571 | $log = '** before *****************************************:'.PHP_EOL; |
|
50 | 571 | $request = $event->getRequest(); |
|
51 | 571 | $log .= $this->logRequest($request); |
|
52 | 571 | $Session = $request->getSession(); |
|
53 | 571 | if ($request->hasSession()) { |
|
54 | 570 | $log .= $this->logSession($Session); |
|
0 ignored issues
–
show
|
|||
55 | } |
||
56 | 571 | $this->app->log($log, array(), Logger::DEBUG); |
|
57 | 571 | log_debug($log); |
|
58 | } |
||
59 | |||
60 | /** |
||
61 | * Kernel response listener callback. |
||
62 | * |
||
63 | * @param FilterResponseEvent $event |
||
64 | */ |
||
65 | 563 | public function onResponse(FilterResponseEvent $event) |
|
66 | { |
||
67 | 563 | if (!$event->isMasterRequest()) { |
|
68 | 83 | return; |
|
69 | } |
||
70 | 563 | $log = '** after *****************************************:'.PHP_EOL; |
|
71 | 563 | $response = $event->getResponse(); |
|
72 | 563 | $log .= $this->logResponse($response); |
|
73 | 563 | $request = $event->getRequest(); |
|
74 | 563 | $log .= $this->logRequest($request); |
|
75 | 563 | $Session = $request->getSession(); |
|
76 | 563 | if ($request->hasSession()) { |
|
77 | 559 | $log .= $this->logSession($Session); |
|
0 ignored issues
–
show
It seems like
$Session defined by $request->getSession() on line 75 can be null ; however, Eccube\EventListener\Req...pListener::logSession() does not accept null , maybe add an additional type check?
Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: /** @return stdClass|null */
function mayReturnNull() { }
function doesNotAcceptNull(stdClass $x) { }
// With potential error.
function withoutCheck() {
$x = mayReturnNull();
doesNotAcceptNull($x); // Potential error here.
}
// Safe - Alternative 1
function withCheck1() {
$x = mayReturnNull();
if ( ! $x instanceof stdClass) {
throw new \LogicException('$x must be defined.');
}
doesNotAcceptNull($x);
}
// Safe - Alternative 2
function withCheck2() {
$x = mayReturnNull();
if ($x instanceof stdClass) {
doesNotAcceptNull($x);
}
}
Loading history...
|
|||
78 | } |
||
79 | 563 | $this->app->log($log, array(), Logger::DEBUG); |
|
80 | 563 | log_debug($log); |
|
81 | } |
||
82 | |||
83 | /** |
||
84 | * Return the events to subscribe to. |
||
85 | * |
||
86 | * @return array |
||
87 | */ |
||
88 | 1192 | public static function getSubscribedEvents() |
|
89 | { |
||
90 | return array( |
||
91 | 1192 | KernelEvents::REQUEST => 'onKernelRequest', |
|
92 | KernelEvents::RESPONSE => 'onResponse', |
||
93 | ); |
||
94 | } |
||
95 | |||
96 | /** |
||
97 | * ログ出力を除外するキーを追加します. |
||
98 | * |
||
99 | * @param string $key 除外対象のキー |
||
100 | */ |
||
101 | protected function addExcludeKey($key) |
||
102 | { |
||
103 | $this->excludeKeys[] = $key; |
||
104 | } |
||
105 | |||
106 | /** |
||
107 | * ログ出力を除外するキーを削除します. |
||
108 | * |
||
109 | * @param string $key 削除対象のキー |
||
110 | */ |
||
111 | protected function removeExcludeKey($key) |
||
112 | { |
||
113 | if (array_key_exists($key, $this->excludeKeys)) { |
||
114 | unset($this->excludeKeys[$key]); |
||
115 | } |
||
116 | } |
||
117 | |||
118 | /** |
||
119 | * Request のログを出力する. |
||
120 | * |
||
121 | * @param Request $request |
||
122 | * @return string Request のログ |
||
123 | */ |
||
124 | 577 | protected function logRequest(Request $request) |
|
125 | { |
||
126 | 577 | $log = ''; |
|
127 | 577 | $log .= $this->logKeyValuePair('REMOTE_ADDR', $request->getClientIp()); |
|
128 | 577 | $log .= $this->logKeyValuePair('SCRIPT_NAME', $request->getScriptName()); |
|
129 | 577 | $log .= $this->logKeyValuePair('PATH_INFO', $request->getPathInfo()); |
|
130 | 577 | $log .= $this->logKeyValuePair('BASE_PATH', $request->getBasePath()); |
|
131 | 577 | $log .= $this->logKeyValuePair('BASE_URL', $request->getBaseUrl()); |
|
132 | 577 | $log .= $this->logKeyValuePair('SCHEME', $request->getScheme()); |
|
133 | 577 | $log .= $this->logKeyValuePair('REMOTE_USER', $request->getUser()); |
|
134 | 577 | $log .= $this->logKeyValuePair('HTTP_HOST', $request->getSchemeAndHttpHost()); |
|
135 | 577 | $log .= $this->logKeyValuePair('REQUEST_URI', $request->getRequestUri()); |
|
136 | 577 | $log .= $this->logKeyValuePair('METHOD', $request->getRealMethod()); |
|
137 | 577 | $log .= $this->logKeyValuePair('LOCALE', $request->getLocale()); |
|
138 | // $log .= $this->logArray($request->server->all(), '[server]'); // 大量にログ出力される... |
||
0 ignored issues
–
show
Unused Code
Comprehensibility
introduced
by
57% of this comment could be valid code. Did you maybe forget this after debugging?
Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them.
Loading history...
|
|||
139 | 577 | $log .= $this->logArray($request->headers->all(), '[header]'); |
|
140 | 577 | $log .= $this->logArray($request->query->all(), '[get]'); |
|
141 | 577 | $log .= $this->logArray($request->request->all(), '[post]'); |
|
142 | 577 | $log .= $this->logArray($request->attributes->all(), '[attributes]'); |
|
143 | 577 | $log .= $this->logArray($request->cookies->all(), '[cookie]'); |
|
144 | 577 | $log .= $this->logArray($request->files->all(), '[files]'); |
|
145 | |||
146 | 577 | return $log; |
|
147 | } |
||
148 | |||
149 | /** |
||
150 | * Response のログを出力する. |
||
151 | * |
||
152 | * @param Response $response |
||
153 | * @return string Response のログ |
||
154 | */ |
||
155 | 563 | protected function logResponse(Response $response) |
|
156 | { |
||
157 | 563 | $log = ''; |
|
158 | 563 | $log .= $this->logKeyValuePair('HTTP_STATUS', $response->getStatusCode()); |
|
159 | |||
160 | 563 | return $log; |
|
161 | } |
||
162 | |||
163 | /** |
||
164 | * Session のログを出力する. |
||
165 | */ |
||
166 | 573 | protected function logSession(SessionInterface $Session) |
|
167 | { |
||
168 | 573 | return $this->logArray($Session->all(), '[session]'); |
|
169 | } |
||
170 | |||
171 | /** |
||
172 | * 配列をログ出力する. |
||
173 | */ |
||
174 | 577 | protected function logArray(array $values, $prefix = '') |
|
175 | { |
||
176 | 577 | $log = ''; |
|
177 | 577 | foreach ($values as $key => $val) { |
|
178 | 577 | $log .= $this->logKeyValuePair($key, $val, $prefix); |
|
179 | } |
||
180 | |||
181 | 577 | return $log; |
|
182 | } |
||
183 | |||
184 | /** |
||
185 | * キーと値のペアをログ出力する. |
||
186 | * |
||
187 | * 除外キーに該当する値は, マスクをかける |
||
188 | */ |
||
189 | 577 | protected function logKeyValuePair($key, $value, $prefix = '') |
|
190 | { |
||
191 | 577 | if (in_array($key, $this->excludeKeys)) { |
|
192 | 556 | return ''; |
|
193 | } |
||
194 | 577 | if (is_null($value) || is_scalar($value) || (is_object($value) && method_exists($value, '__toString'))) { |
|
195 | 577 | $copy_value = $value; |
|
196 | 577 | } elseif (is_object($value)) { |
|
197 | try { |
||
198 | 133 | $copy_value = '[object '.serialize($value).']'; |
|
199 | 3 | } catch (\Exception $e) { |
|
200 | 133 | return $e->getMessage().PHP_EOL; |
|
201 | } |
||
202 | } else { |
||
203 | 577 | $copy_value = $value; |
|
204 | 577 | if (is_array($copy_value)) { |
|
205 | 577 | foreach ($copy_value as $key => &$val) { |
|
206 | 577 | if (in_array($key, $this->excludeKeys) |
|
207 | 577 | && $prefix != '[header]') { // XXX header にもマスクがかかってしまう |
|
208 | 577 | $val = '******'; |
|
209 | } |
||
210 | } |
||
211 | } |
||
212 | try { |
||
213 | 577 | $copy_value = '['.serialize($copy_value).']'; |
|
214 | 6 | } catch (\Exception $e) { |
|
215 | 6 | return $e->getMessage().PHP_EOL; |
|
216 | } |
||
217 | } |
||
218 | |||
219 | 577 | return ' '.$prefix.' '.$key.'='.$copy_value.PHP_EOL; |
|
220 | } |
||
221 | } |
||
222 |
Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: