/**
* Check if our logfile is directly accessible.
*
* Per CiviCRM default the logfile sits in a folder which is
* web-accessible, and is protected by a default .htaccess
* configuration. If server config causes the .htaccess not to
* function as intended, there may be information disclosure.
*
* The debug log may be jam-packed with sensitive data, we don't
* want that.
*
* Being able to be retrieved directly doesn't mean the logfile
* is browseable or visible to search engines; it means it can be
* requested directly.
*
* @return array
* Array of messages
* @see CRM-14091
*/
public function checkLogFileIsNotAccessible()
{
$messages = array();
$config = CRM_Core_Config::singleton();
$log = CRM_Core_Error::createDebugLogger();
$log_filename = str_replace('\\', '/', $log->_filename);
$filePathMarker = $this->getFilePathMarker();
// Hazard a guess at the URL of the logfile, based on common
// CiviCRM layouts.
if ($upload_url = explode($filePathMarker, $config->imageUploadURL)) {
$url[] = $upload_url[0];
if ($log_path = explode($filePathMarker, $log_filename)) {
// CRM-17149: check if debug log path includes $filePathMarker
if (count($log_path) > 1) {
$url[] = $log_path[1];
$log_url = implode($filePathMarker, $url);
$headers = @get_headers($log_url);
if (stripos($headers[0], '200')) {
$docs_url = $this->createDocUrl('checkLogFileIsNotAccessible');
$msg = 'The <a href="%1">CiviCRM debug log</a> should not be downloadable.' . '<br />' . '<a href="%2">Read more about this warning</a>';
$messages[] = new CRM_Utils_Check_Message(__FUNCTION__, ts($msg, array(1 => $log_url, 2 => $docs_url)), ts('Security Warning'), \Psr\Log\LogLevel::WARNING, 'fa-lock');
}
}
}
}
return $messages;
}
/**
* We have two coding conventions for writing to log. Make sure that they work together.
*
* This tests a theory about what caused CRM-10766.
*/
function testMixLog()
{
CRM_Core_Error::debug_log_message("static-1");
$logger = CRM_Core_Error::createDebugLogger();
CRM_Core_Error::debug_log_message("static-2");
$logger->info('obj-1');
CRM_Core_Error::debug_log_message("static-3");
$logger->info('obj-2');
CRM_Core_Error::debug_log_message("static-4");
$logger2 = CRM_Core_Error::createDebugLogger();
$logger2->info('obj-3');
CRM_Core_Error::debug_log_message("static-5");
$this->assertLogRegexp('/static-1.*static-2.*obj-1.*static-3.*obj-2.*static-4.*obj-3.*static-5/s');
}
/**
* Check if our logfile is directly accessible.
*
* Per CiviCRM default the logfile sits in a folder which is
* web-accessible, and is protected by a default .htaccess
* configuration. If server config causes the .htaccess not to
* function as intended, there may be information disclosure.
*
* The debug log may be jam-packed with sensitive data, we don't
* want that.
*
* Being able to be retrieved directly doesn't mean the logfile
* is browseable or visible to search engines; it means it can be
* requested directly.
*
* @return array of messages
* @see CRM-14091
*/
public function checkLogFileIsNotAccessible()
{
$messages = array();
$config = CRM_Core_Config::singleton();
$log = CRM_Core_Error::createDebugLogger();
$log_filename = $log->_filename;
$filePathMarker = $this->getFilePathMarker();
// Hazard a guess at the URL of the logfile, based on common
// CiviCRM layouts.
if ($upload_url = explode($filePathMarker, $config->imageUploadURL)) {
$url[] = $upload_url[0];
if ($log_path = explode($filePathMarker, $log_filename)) {
$url[] = $log_path[1];
$log_url = implode($filePathMarker, $url);
$docs_url = $this->createDocUrl('checkLogFileIsNotAccessible');
if ($log = @file_get_contents($log_url)) {
$msg = 'The <a href="%1">CiviCRM debug log</a> should not be downloadable.' . '<br />' . '<a href="%2">Read more about this warning</a>';
$messages[] = ts($msg, array(1 => $log_url, 2 => $docs_url));
}
}
}
return $messages;
}
/**
* @return CRM_Queue_TaskContext
*/
protected function getTaskContext()
{
if (!is_object($this->taskCtx)) {
$this->taskCtx = new CRM_Queue_TaskContext();
$this->taskCtx->queue = $this->queue;
// $this->taskCtx->log = CRM_Core_Config::getLog();
$this->taskCtx->log = CRM_Core_Error::createDebugLogger();
}
return $this->taskCtx;
}
/**
* Check that a debugger is created and there is no error when passing in a prefix.
*
* Do some basic content checks.
*/
public function testDebugLoggerFormat()
{
$log = CRM_Core_Error::createDebugLogger('my-test');
$log->log('Mary had a little lamb');
$log->log('Little lamb');
$config = CRM_Core_Config::singleton();
$fileContents = file_get_contents($log->_filename);
$this->assertEquals($config->configAndLogDir . 'CiviCRM.' . 'my-test.' . CRM_Core_Error::generateLogFileHash($config) . '.log', $log->_filename);
// The 5 here is a bit arbitrary - on my local the date part is 15 chars (Mar 29 05:29:16) - but we are just checking that
// there are chars for the date at the start.
$this->assertTrue(strpos($fileContents, '[info] Mary had a little lamb') > 10);
$this->assertContains('[info] Little lamb', $fileContents);
}
