/** * Check if our logfile is directly accessible. * * Per CiviCRM default the logfile sits in a folder which is * web-accessible, and is protected by a default .htaccess * configuration. If server config causes the .htaccess not to * function as intended, there may be information disclosure. * * The debug log may be jam-packed with sensitive data, we don't * want that. * * Being able to be retrieved directly doesn't mean the logfile * is browseable or visible to search engines; it means it can be * requested directly. * * @return array * Array of messages * @see CRM-14091 */ public function checkLogFileIsNotAccessible() { $messages = array(); $config = CRM_Core_Config::singleton(); $log = CRM_Core_Error::createDebugLogger(); $log_filename = str_replace('\\', '/', $log->_filename); $filePathMarker = $this->getFilePathMarker(); // Hazard a guess at the URL of the logfile, based on common // CiviCRM layouts. if ($upload_url = explode($filePathMarker, $config->imageUploadURL)) { $url[] = $upload_url[0]; if ($log_path = explode($filePathMarker, $log_filename)) { // CRM-17149: check if debug log path includes $filePathMarker if (count($log_path) > 1) { $url[] = $log_path[1]; $log_url = implode($filePathMarker, $url); $headers = @get_headers($log_url); if (stripos($headers[0], '200')) { $docs_url = $this->createDocUrl('checkLogFileIsNotAccessible'); $msg = 'The <a href="%1">CiviCRM debug log</a> should not be downloadable.' . '<br />' . '<a href="%2">Read more about this warning</a>'; $messages[] = new CRM_Utils_Check_Message(__FUNCTION__, ts($msg, array(1 => $log_url, 2 => $docs_url)), ts('Security Warning'), \Psr\Log\LogLevel::WARNING, 'fa-lock'); } } } } return $messages; }
/** * We have two coding conventions for writing to log. Make sure that they work together. * * This tests a theory about what caused CRM-10766. */ function testMixLog() { CRM_Core_Error::debug_log_message("static-1"); $logger = CRM_Core_Error::createDebugLogger(); CRM_Core_Error::debug_log_message("static-2"); $logger->info('obj-1'); CRM_Core_Error::debug_log_message("static-3"); $logger->info('obj-2'); CRM_Core_Error::debug_log_message("static-4"); $logger2 = CRM_Core_Error::createDebugLogger(); $logger2->info('obj-3'); CRM_Core_Error::debug_log_message("static-5"); $this->assertLogRegexp('/static-1.*static-2.*obj-1.*static-3.*obj-2.*static-4.*obj-3.*static-5/s'); }
/** * Check if our logfile is directly accessible. * * Per CiviCRM default the logfile sits in a folder which is * web-accessible, and is protected by a default .htaccess * configuration. If server config causes the .htaccess not to * function as intended, there may be information disclosure. * * The debug log may be jam-packed with sensitive data, we don't * want that. * * Being able to be retrieved directly doesn't mean the logfile * is browseable or visible to search engines; it means it can be * requested directly. * * @return array of messages * @see CRM-14091 */ public function checkLogFileIsNotAccessible() { $messages = array(); $config = CRM_Core_Config::singleton(); $log = CRM_Core_Error::createDebugLogger(); $log_filename = $log->_filename; $filePathMarker = $this->getFilePathMarker(); // Hazard a guess at the URL of the logfile, based on common // CiviCRM layouts. if ($upload_url = explode($filePathMarker, $config->imageUploadURL)) { $url[] = $upload_url[0]; if ($log_path = explode($filePathMarker, $log_filename)) { $url[] = $log_path[1]; $log_url = implode($filePathMarker, $url); $docs_url = $this->createDocUrl('checkLogFileIsNotAccessible'); if ($log = @file_get_contents($log_url)) { $msg = 'The <a href="%1">CiviCRM debug log</a> should not be downloadable.' . '<br />' . '<a href="%2">Read more about this warning</a>'; $messages[] = ts($msg, array(1 => $log_url, 2 => $docs_url)); } } } return $messages; }
/** * @return CRM_Queue_TaskContext */ protected function getTaskContext() { if (!is_object($this->taskCtx)) { $this->taskCtx = new CRM_Queue_TaskContext(); $this->taskCtx->queue = $this->queue; // $this->taskCtx->log = CRM_Core_Config::getLog(); $this->taskCtx->log = CRM_Core_Error::createDebugLogger(); } return $this->taskCtx; }
/** * Check that a debugger is created and there is no error when passing in a prefix. * * Do some basic content checks. */ public function testDebugLoggerFormat() { $log = CRM_Core_Error::createDebugLogger('my-test'); $log->log('Mary had a little lamb'); $log->log('Little lamb'); $config = CRM_Core_Config::singleton(); $fileContents = file_get_contents($log->_filename); $this->assertEquals($config->configAndLogDir . 'CiviCRM.' . 'my-test.' . CRM_Core_Error::generateLogFileHash($config) . '.log', $log->_filename); // The 5 here is a bit arbitrary - on my local the date part is 15 chars (Mar 29 05:29:16) - but we are just checking that // there are chars for the date at the start. $this->assertTrue(strpos($fileContents, '[info] Mary had a little lamb') > 10); $this->assertContains('[info] Little lamb', $fileContents); }