mirror of
https://github.com/nextcloud/server.git
synced 2025-02-24 08:56:48 +00:00
fix(logger): Prevent infinite recursion with log.condition => matches
When we need to check the log condition for a user matches, there is a risk that something on the way checks the log level and would result in an infinite loop. So we simply check if it's a nested call and use the default warning level in that case. Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
parent
2d77570e1e
commit
b9493cc12d
2 changed files with 51 additions and 0 deletions
39
build/integration/features/log-condition.feature
Normal file
39
build/integration/features/log-condition.feature
Normal file
|
@ -0,0 +1,39 @@
|
|||
# SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
Feature: log-condition
|
||||
|
||||
Background:
|
||||
Given invoking occ with "config:system:set log.condition matches 0 users 0 --value admin"
|
||||
Then the command was successful
|
||||
|
||||
Scenario: Accessing /status.php with log.condition
|
||||
When requesting "/status.php" with "GET"
|
||||
Then the HTTP status code should be "200"
|
||||
|
||||
Scenario: Accessing /index.php with log.condition
|
||||
When requesting "/index.php" with "GET"
|
||||
Then the HTTP status code should be "200"
|
||||
|
||||
Scenario: Accessing /remote.php/webdav with log.condition
|
||||
When requesting "/remote.php/webdav" with "GET"
|
||||
Then the HTTP status code should be "401"
|
||||
|
||||
Scenario: Accessing /remote.php/dav with log.condition
|
||||
When requesting "/remote.php/dav" with "GET"
|
||||
Then the HTTP status code should be "401"
|
||||
|
||||
Scenario: Accessing /ocs/v1.php with log.condition
|
||||
When requesting "/ocs/v1.php" with "GET"
|
||||
Then the HTTP status code should be "200"
|
||||
|
||||
Scenario: Accessing /ocs/v2.php with log.condition
|
||||
When requesting "/ocs/v2.php" with "GET"
|
||||
Then the HTTP status code should be "404"
|
||||
|
||||
Scenario: Accessing /public.php/webdav with log.condition
|
||||
When requesting "/public.php/webdav" with "GET"
|
||||
Then the HTTP status code should be "401"
|
||||
|
||||
Scenario: Accessing /public.php/dav with log.condition
|
||||
When requesting "/public.php/dav" with "GET"
|
||||
Then the HTTP status code should be "503"
|
|
@ -37,6 +37,7 @@ use function strtr;
|
|||
class Log implements ILogger, IDataLogger {
|
||||
private ?bool $logConditionSatisfied = null;
|
||||
private ?IEventDispatcher $eventDispatcher = null;
|
||||
private int $nestingLevel = 0;
|
||||
|
||||
public function __construct(
|
||||
private IWriter $logger,
|
||||
|
@ -196,6 +197,11 @@ class Log implements ILogger, IDataLogger {
|
|||
}
|
||||
|
||||
public function getLogLevel(array $context, string $message): int {
|
||||
if ($this->nestingLevel > 1) {
|
||||
return ILogger::WARN;
|
||||
}
|
||||
|
||||
$this->nestingLevel++;
|
||||
/**
|
||||
* @psalm-var array{
|
||||
* shared_secret?: string,
|
||||
|
@ -246,6 +252,7 @@ class Log implements ILogger, IDataLogger {
|
|||
|
||||
// if log condition is satisfied change the required log level to DEBUG
|
||||
if ($this->logConditionSatisfied) {
|
||||
$this->nestingLevel--;
|
||||
return ILogger::DEBUG;
|
||||
}
|
||||
|
||||
|
@ -260,6 +267,7 @@ class Log implements ILogger, IDataLogger {
|
|||
* once this is met -> change the required log level to debug
|
||||
*/
|
||||
if (in_array($context['app'], $logCondition['apps'] ?? [], true)) {
|
||||
$this->nestingLevel--;
|
||||
return ILogger::DEBUG;
|
||||
}
|
||||
}
|
||||
|
@ -272,6 +280,7 @@ class Log implements ILogger, IDataLogger {
|
|||
|
||||
// Invalid configuration, warn the user and fall back to default level of WARN
|
||||
error_log('Nextcloud configuration: "loglevel" is not a valid integer');
|
||||
$this->nestingLevel--;
|
||||
return ILogger::WARN;
|
||||
}
|
||||
|
||||
|
@ -285,12 +294,15 @@ class Log implements ILogger, IDataLogger {
|
|||
if (!isset($option['apps']) && !isset($option['loglevel']) && !isset($option['message'])) {
|
||||
/* Only user and/or secret are listed as conditions, we can cache the result for the rest of the request */
|
||||
$this->logConditionSatisfied = true;
|
||||
$this->nestingLevel--;
|
||||
return ILogger::DEBUG;
|
||||
}
|
||||
$this->nestingLevel--;
|
||||
return $option['loglevel'] ?? ILogger::DEBUG;
|
||||
}
|
||||
}
|
||||
|
||||
$this->nestingLevel--;
|
||||
return ILogger::WARN;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue