Skip to content

Commit f1525c0

Browse files
henderkeshenderkes
authored
Merge branch 'v3' into feat/pgo-v3
2 parents 433043c + 8a37303 commit f1525c0

3 files changed

Lines changed: 124 additions & 2 deletions

File tree

src/StaticPHP/Artifact/Downloader/Type/GitHubTokenSetupTrait.php

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,8 +16,9 @@ public static function getGitHubTokenHeadersStatic(): array
1616
// GITHUB_TOKEN support
1717
if (($token = getenv('GITHUB_TOKEN')) !== false && ($user = getenv('GITHUB_USER')) !== false) {
1818
logger()->debug("Using 'GITHUB_TOKEN' with user {$user} for authentication");
19-
spc_add_log_filter([$user, $token]);
20-
return ['Authorization: Basic ' . base64_encode("{$user}:{$token}")];
19+
$encoded = base64_encode("{$user}:{$token}");
20+
spc_add_log_filter([$user, $token, $encoded]);
21+
return ["Authorization: Basic {$encoded}"];
2122
}
2223
if (($token = getenv('GITHUB_TOKEN')) !== false) {
2324
logger()->debug("Using 'GITHUB_TOKEN' for authentication");

src/bootstrap.php

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,23 @@
3333
ConsoleLogger::$format = '[%date% %level_long%] %body%';
3434
$ob_logger = new ConsoleLogger(LogLevel::WARNING);
3535

36+
$ob_logger->addLogCallback(function ($level, &$output, &$message, &$context, bool $shouldLog) {
37+
global $spc_log_filters;
38+
if (!is_array($spc_log_filters)) {
39+
$spc_log_filters = [];
40+
}
41+
// filter message and context
42+
$output = str_replace($spc_log_filters, '***', $output);
43+
$message = str_replace($spc_log_filters, '***', $message);
44+
$context = array_map(function ($item) use ($spc_log_filters) {
45+
if (is_string($item)) {
46+
return str_replace($spc_log_filters, '***', $item);
47+
}
48+
return $item;
49+
}, $context);
50+
return true;
51+
});
52+
3653
// setup log file
3754
if (filter_var(getenv('SPC_ENABLE_LOG_FILE'), FILTER_VALIDATE_BOOLEAN)) {
3855
// init spc log files

tests/GlobalsFunctionsTest.php

Lines changed: 104 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,104 @@
1+
<?php
2+
3+
declare(strict_types=1);
4+
5+
namespace Tests;
6+
7+
use PHPUnit\Framework\TestCase;
8+
use Psr\Log\LogLevel;
9+
use ZM\Logger\ConsoleLogger;
10+
11+
/**
12+
* @internal
13+
*/
14+
class GlobalsFunctionsTest extends TestCase
15+
{
16+
protected function setUp(): void
17+
{
18+
$GLOBALS['spc_log_filters'] = null;
19+
}
20+
21+
protected function tearDown(): void
22+
{
23+
$GLOBALS['spc_log_filters'] = null;
24+
}
25+
26+
public function testAddLogFilterDeduplicates(): void
27+
{
28+
spc_add_log_filter('secret-value');
29+
spc_add_log_filter('secret-value');
30+
spc_add_log_filter(['secret-value', 'other']);
31+
32+
$this->assertSame(['secret-value', 'other'], $GLOBALS['spc_log_filters']);
33+
}
34+
35+
public function testWriteLogMasksRegisteredValues(): void
36+
{
37+
spc_add_log_filter(['octocat', 'ghp_abcdef1234567890']);
38+
39+
$stream = fopen('php://memory', 'r+');
40+
spc_write_log($stream, 'user=octocat token=ghp_abcdef1234567890');
41+
rewind($stream);
42+
$written = stream_get_contents($stream);
43+
fclose($stream);
44+
45+
$this->assertSame('user=*** token=***', $written);
46+
}
47+
48+
public function testLoggerCallbackMasksOutput(): void
49+
{
50+
$token = 'ghp_abcdef1234567890';
51+
spc_add_log_filter($token);
52+
53+
$stream = fopen('php://memory', 'r+');
54+
$logger = new ConsoleLogger(LogLevel::DEBUG, $stream, false);
55+
$logger->addLogCallback(function ($level, &$output, &$message, &$context, bool $shouldLog) {
56+
global $spc_log_filters;
57+
if (!is_array($spc_log_filters)) {
58+
$spc_log_filters = [];
59+
}
60+
$output = str_replace($spc_log_filters, '***', $output);
61+
$message = str_replace($spc_log_filters, '***', $message);
62+
$context = array_map(function ($item) use ($spc_log_filters) {
63+
if (is_string($item)) {
64+
return str_replace($spc_log_filters, '***', $item);
65+
}
66+
return $item;
67+
}, $context);
68+
return true;
69+
});
70+
71+
$logger->debug("[PASSTHRU] curl -H\"Authorization: Bearer {$token}\" https://api.github.com/x");
72+
73+
rewind($stream);
74+
$written = stream_get_contents($stream);
75+
fclose($stream);
76+
77+
$this->assertStringNotContainsString($token, $written);
78+
$this->assertStringContainsString('***', $written);
79+
}
80+
81+
public function testGitHubTokenTraitRegistersEncodedBasicAuthBlob(): void
82+
{
83+
$user = 'octocat';
84+
$token = 'ghp_abcdef1234567890';
85+
$original_token = getenv('GITHUB_TOKEN');
86+
$original_user = getenv('GITHUB_USER');
87+
88+
putenv("GITHUB_TOKEN={$token}");
89+
putenv("GITHUB_USER={$user}");
90+
91+
try {
92+
$headers = \StaticPHP\Artifact\Downloader\Type\GitHubRelease::getGitHubTokenHeadersStatic();
93+
94+
$encoded = base64_encode("{$user}:{$token}");
95+
$this->assertSame(["Authorization: Basic {$encoded}"], $headers);
96+
$this->assertContains($user, $GLOBALS['spc_log_filters']);
97+
$this->assertContains($token, $GLOBALS['spc_log_filters']);
98+
$this->assertContains($encoded, $GLOBALS['spc_log_filters']);
99+
} finally {
100+
$original_token === false ? putenv('GITHUB_TOKEN') : putenv("GITHUB_TOKEN={$original_token}");
101+
$original_user === false ? putenv('GITHUB_USER') : putenv("GITHUB_USER={$original_user}");
102+
}
103+
}
104+
}

0 commit comments

Comments
 (0)