Issues in ExceptionHandler.php - Failed Issues - Inspection of "Bump bootstrap from 4.6.2 to 5.3.3" - mdaniels5757/waca - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Push — dependabot/npm_and_yarn/bootst... ( 2e86fb )

unknown

created 2024-08-11 17:53 UTC

includes/ExceptionHandler.php (1 issue)

Labels

Severity

Critical 1

<?php
/******************************************************************************
 * Wikipedia Account Creation Assistance tool                                 *
 * ACC Development Team. Please see team.json for a list of contributors.     *
 *                                                                            *
 * This is free and unencumbered software released into the public domain.    *
 * Please see LICENSE.md for the full licencing statement.                    *
 ******************************************************************************/

namespace Waca;

use ErrorException;
use Throwable;

class ExceptionHandler
{
    /**
     * Global exception handler
     *
     * Smarty would be nice to use, but it COULD BE smarty that throws the errors.
     * Let's build something ourselves, and hope it works.
     *
     * @param $exception
     *
     * @category Security-Critical - has the potential to leak data when exception is thrown.
     */
    public static function exceptionHandler(Throwable $exception)
    {
        /** @global $siteConfiguration SiteConfiguration */
        global $siteConfiguration;

        $errorDocument = <<<HTML
<!DOCTYPE html>
<html lang="en"><head>
<meta charset="utf-8">
<title>Oops! Something went wrong!</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link href="{$siteConfiguration->getBaseUrl()}/resources/generated/bootstrap-main.css" rel="stylesheet">
<style>
  body {
    padding-top: 60px;
  }
</style>
</head><body><div class="container">
<h1>Oops! Something went wrong!</h1>
<p>We'll work on fixing this for you, so why not come back later?</p>
<p class="muted">If our trained monkeys ask, tell them this error ID: <code>$1$</code></p>
$2$
</div></body></html>
HTML;

        list($errorData, $errorId) = self::logExceptionToDisk($exception, $siteConfiguration, true);

        // clear and discard any content that's been saved to the output buffer
        if (ob_get_level() > 0) {
            ob_end_clean();
        }

        // push error ID into the document.
        $message = str_replace('$1$', $errorId, $errorDocument);

        if ($siteConfiguration->getDebuggingTraceEnabled()) {
            ob_start();
            var_dump($errorData);

            $textErrorData = ob_get_contents();
            ob_end_clean();

            $message = str_replace('$2$', $textErrorData, $message);
        }
        else {
            $message = str_replace('$2$', "", $message);
        }

        // While we *shouldn't* have sent headers by now due to the output buffering, PHPUnit does weird things.
        // This is "only" needed for the tests, but it's a good idea to wrap this anyway.
        if (!headers_sent()) {
            header('HTTP/1.1 500 Internal Server Error');
        }

        // output the document
        print $message;
    }

    /**
     * @param int    $errorSeverity The severity level of the exception.
     * @param string $errorMessage  The Exception message to throw.
     * @param string $errorFile     The filename where the exception is thrown.
     * @param int    $errorLine     The line number where the exception is thrown.
     *
     * @throws ErrorException
     */
    public static function errorHandler($errorSeverity, $errorMessage, $errorFile, $errorLine)
    {
        // call into the main exception handler above
        throw new ErrorException($errorMessage, 0, $errorSeverity, $errorFile, $errorLine);
    }

    /**
     * @param Throwable $exception
     *
     * @return null|array
     */
    public static function getExceptionData($exception)
    {
        if ($exception == null) {
            return null;
        }

        $array = array(
            'exception' => get_class($exception),
            'message'   => $exception->getMessage(),
            'stack'     => $exception->getTraceAsString(),
        );

        $array['previous'] = self::getExceptionData($exception->getPrevious());

        return $array;
    }

    public static function logExceptionToDisk(
        Throwable $exception,
        SiteConfiguration $siteConfiguration,
        bool $fromGlobalHandler = false
    ): array {
        $errorData = self::getExceptionData($exception);
        $errorData['server'] = $_SERVER;
        $errorData['get'] = $_GET;
        $errorData['post'] = $_POST;

        $redactions = ['password', 'newpassword', 'newpasswordconfirm', 'otp'];
        foreach ($redactions as $redaction) {
            if (isset($errorData['post'][$redaction])) {
                $errorData['post'][$redaction] = '<redacted>';
            }
        }

        if ($fromGlobalHandler) {
            $errorData['globalHandler'] = true;
        }
        else {
            $errorData['globalHandler'] = false;
        }

        $state = serialize($errorData);
        $errorId = sha1($state);

        // Save the error for later analysis
        file_put_contents($siteConfiguration->getErrorLog() . '/' . $errorId . '.log', $state);

        return array($errorData, $errorId);
    }
}


1			<?php
2			/******************************************************************************
3			* Wikipedia Account Creation Assistance tool *
4			* ACC Development Team. Please see team.json for a list of contributors. *
5			* *
6			* This is free and unencumbered software released into the public domain. *
7			* Please see LICENSE.md for the full licencing statement. *
8			******************************************************************************/
9
10			namespace Waca;
11
12			use ErrorException;
13			use Throwable;
14
15			class ExceptionHandler
16			{
17			/**
18			* Global exception handler
19			*
20			* Smarty would be nice to use, but it COULD BE smarty that throws the errors.
21			* Let's build something ourselves, and hope it works.
22			*
23			* @param $exception
24			*
25			* @category Security-Critical - has the potential to leak data when exception is thrown.
26			*/
27			public static function exceptionHandler(Throwable $exception)
28			{
29			/** @global $siteConfiguration SiteConfiguration */
30			global $siteConfiguration;
31
32			$errorDocument = <<<HTML
33			<!DOCTYPE html>
34			<html lang="en"><head>
35			<meta charset="utf-8">
36			<title>Oops! Something went wrong!</title>
37			<meta name="viewport" content="width=device-width, initial-scale=1.0">
38			<link href="{$siteConfiguration->getBaseUrl()}/resources/generated/bootstrap-main.css" rel="stylesheet">
39			<style>
40			body {
41			padding-top: 60px;
42			}
43			</style>
44			</head><body><div class="container">
45			<h1>Oops! Something went wrong!</h1>
46			<p>We'll work on fixing this for you, so why not come back later?</p>
47			<p class="muted">If our trained monkeys ask, tell them this error ID: <code>$1$</code></p>
48			$2$
49			</div></body></html>
50			HTML;
51
52			list($errorData, $errorId) = self::logExceptionToDisk($exception, $siteConfiguration, true);
53
54			// clear and discard any content that's been saved to the output buffer
55			if (ob_get_level() > 0) {
56			ob_end_clean();
57			}
58
59			// push error ID into the document.
60			$message = str_replace('$1$', $errorId, $errorDocument);
61
62			if ($siteConfiguration->getDebuggingTraceEnabled()) {
63			ob_start();
64			var_dump($errorData);
			1 ignored issue – show Security Debugging Code introduced 2020-04-26 01:56 UTC by Report Bug Copy Issue Report Show Similar Issues like this `var_dump($errorData)` looks like debug code. Are you sure you do not want to remove it? Loading history...
65			$textErrorData = ob_get_contents();
66			ob_end_clean();
67
68			$message = str_replace('$2$', $textErrorData, $message);
69			}
70			else {
71			$message = str_replace('$2$', "", $message);
72			}
73
74			// While we shouldn't have sent headers by now due to the output buffering, PHPUnit does weird things.
75			// This is "only" needed for the tests, but it's a good idea to wrap this anyway.
76			if (!headers_sent()) {
77			header('HTTP/1.1 500 Internal Server Error');
78			}
79
80			// output the document
81			print $message;
82			}
83
84			/**
85			* @param int $errorSeverity The severity level of the exception.
86			* @param string $errorMessage The Exception message to throw.
87			* @param string $errorFile The filename where the exception is thrown.
88			* @param int $errorLine The line number where the exception is thrown.
89			*
90			* @throws ErrorException
91			*/
92			public static function errorHandler($errorSeverity, $errorMessage, $errorFile, $errorLine)
93			{
94			// call into the main exception handler above
95			throw new ErrorException($errorMessage, 0, $errorSeverity, $errorFile, $errorLine);
96			}
97
98			/**
99			* @param Throwable $exception
100			*
101			* @return null\|array
102			*/
103			public static function getExceptionData($exception)
104			{
105			if ($exception == null) {
106			return null;
107			}
108
109			$array = array(
110			'exception' => get_class($exception),
111			'message' => $exception->getMessage(),
112			'stack' => $exception->getTraceAsString(),
113			);
114
115			$array['previous'] = self::getExceptionData($exception->getPrevious());
116
117			return $array;
118			}
119
120			public static function logExceptionToDisk(
121			Throwable $exception,
122			SiteConfiguration $siteConfiguration,
123			bool $fromGlobalHandler = false
124			): array {
125			$errorData = self::getExceptionData($exception);
126			$errorData['server'] = $_SERVER;
127			$errorData['get'] = $_GET;
128			$errorData['post'] = $_POST;
129
130			$redactions = ['password', 'newpassword', 'newpasswordconfirm', 'otp'];
131			foreach ($redactions as $redaction) {
132			if (isset($errorData['post'][$redaction])) {
133			$errorData['post'][$redaction] = '<redacted>';
134			}
135			}
136
137			if ($fromGlobalHandler) {
138			$errorData['globalHandler'] = true;
139			}
140			else {
141			$errorData['globalHandler'] = false;
142			}
143
144			$state = serialize($errorData);
145			$errorId = sha1($state);
146
147			// Save the error for later analysis
148			file_put_contents($siteConfiguration->getErrorLog() . '/' . $errorId . '.log', $state);
149
150			return array($errorData, $errorId);
151			}
152			}
153

mdaniels5757 / waca

Push — dependabot/npm_and_yarn/bootst... ( 2e86fb )

includes/ExceptionHandler.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like