/
[system-log, debugger] Anonymize file path in error messages
[system-log, debugger] Anonymize file path in error messages
- Alex
Owned by Alex
I think, that when displaying a paths to a files in error messages we need to anonymize the path by:
- replacing path to In-Portal with
<in-portal> - replacing path to an Composer-provided external libraries
/vendor/company-name/library-name/with<company-name/library-name>
This would not only makes path shorter and more readable, but would also prevent exposing web server details, when users report error messages in debug reports.
Examples
| Before | After |
|---|---|
| /home/sites/alex/d/in-portal.5.2.x/core/kernel/startup.php | <in-portal>/core/kernel/startup.php |
| /home/sites/alex/d/in-portal.5.2.x/vendor/behat/mink/src/Mink.php | <behat/mink>/src/Mink.php |
It seems, that we're already replace path to In-Portal with "..." in "Logs & Reports > System Logs" section, but doing that system-wide would be better. Places I think are still using full paths:
- kLogger class, when displaying an error when "debug mode" is turned off
- Debugger, seems to replace something in path, still keeps base in-portal folder in file names
Solution
- create the
kUtil::anonymizeFilePath($file)method to avoid any code duplication between Debugger and System Log - use method in all relevant places
- store anonymized paths in database (e.g. System Log stack traces) to avoid doing anonymization on each output attempt