Cleanup exception reporting, stop logging PDO exception stacks.

PDOException stacks include the MySQL password for the connection attempt and many people do not realize this when providing logs.
This commit is contained in:
Dane Everitt 2018-02-04 13:31:39 -06:00
parent ff8b5fc5a3
commit f42bc8a031
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
3 changed files with 45 additions and 3 deletions

View file

@ -12,6 +12,9 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
* `[rc.1]` — Fixed a bug that would occur when attempting to reset the daemon secret for a node.
* `[rc.1]` — Fix exception thrown when attempting to modify an existing database host.
### Changed
* Changed logger to skip reporting stack-traces on PDO exceptions due to sensitive information being contained within.
## v0.7.0-rc.1 (Derelict Dermodactylus)
### Fixed
* `[beta.4]` — Fixes some bad search and replace action that happened previously and was throwing errors when validating user permissions.

View file

@ -3,6 +3,8 @@
namespace Pterodactyl\Exceptions;
use Exception;
use PDOException;
use Psr\Log\LoggerInterface;
use Illuminate\Auth\AuthenticationException;
use Illuminate\Session\TokenMismatchException;
use Illuminate\Validation\ValidationException;
@ -43,17 +45,35 @@ class Handler extends ExceptionHandler
];
/**
* Report or log an exception.
* Report or log an exception. Skips Laravel's internal reporter since we
* don't need or want the user information in our logs by default.
*
* This is a great spot to send exceptions to Sentry, Bugsnag, etc.
* If you want to implement logging in a different format to integrate with
* services such as AWS Cloudwatch or other monitoring you can replace the
* contents of this function with a call to the parent reporter.
*
* @param \Exception $exception
* @return mixed
*
* @throws \Exception
*/
public function report(Exception $exception)
{
parent::report($exception);
if (! config('app.exceptions.report_all', false) && $this->shouldntReport($exception)) {
return null;
}
if (method_exists($exception, 'report')) {
return $exception->report();
}
try {
$logger = $this->container->make(LoggerInterface::class);
} catch (Exception $ex) {
throw $exception;
}
return $logger->error($exception instanceof PDOException ? $exception->getMessage() : $exception);
}
/**
@ -71,6 +91,9 @@ class Handler extends ExceptionHandler
}
/**
* Transform a validation exception into a consistent format to be returned for
* calls to the API.
*
* @param \Illuminate\Http\Request $request
* @param \Illuminate\Validation\ValidationException $exception
* @return \Illuminate\Http\JsonResponse

View file

@ -133,6 +133,22 @@ return [
'log_level' => env('APP_LOG_LEVEL', 'info'),
/*
|--------------------------------------------------------------------------
| Exception Reporter Configuration
|--------------------------------------------------------------------------
|
| If you're encountering weird behavior with the Panel and no exceptions
| are being logged try changing the environment variable below to be true.
| This will override the default "don't report" behavior of the Panel and log
| all exceptions. This will be quite noisy.
|
*/
'exceptions' => [
'report_all' => env('APP_REPORT_ALL_EXCEPTIONS', false),
],
/*
|--------------------------------------------------------------------------
| Autoloaded Service Providers