Home Explore Help
Register Sign In
dream
/
platform
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: a53fcaeb45
Branches Tags
platform
/
framework
/
library
/
sentry
/
Raven
/
Processor
/
SanitizeHttpHeadersProcessor.php

SanitizeHttpHeadersProcessor.php 1.7 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364 
  1. <?php
    2. 

  2. 

  3. /*
    4. 

  4.  * This file is part of Raven.
    5. 

  5.  *
    6. 

  6.  * (c) Sentry Team
    7. 

  7.  *
    8. 

  8.  * For the full copyright and license information, please view the LICENSE
    9. 

  9.  * file that was distributed with this source code.
    10. 

  10.  */
    11. 

  11. 

  12. /**
    13. 

  13.  * This processor sanitizes the configured HTTP headers to ensure no sensitive
    14. 

  14.  * informations are sent to the server.
    15. 

  15.  *
    16. 

  16.  * @author Stefano Arlandini <sarlandini@alice.it>
    17. 

  17.  */
    18. 

  18. final class Raven_Processor_SanitizeHttpHeadersProcessor extends Raven_Processor
    19. 

  19. {
    20. 

  20.     /**
    21. 

  21.      * @var string[] $httpHeadersToSanitize The list of HTTP headers to sanitize
    22. 

  22.      */
    23. 

  23.     private $httpHeadersToSanitize = array();
    24. 

  24. 

  25.     /**
    26. 

  26.      * {@inheritdoc}
    27. 

  27.      */
    28. 

  28.     public function __construct(Raven_Client $client)
    29. 

  29.     {
    30. 

  30.         parent::__construct($client);
    31. 

  31.     }
    32. 

  32. 

  33.     /**
    34. 

  34.      * {@inheritdoc}
    35. 

  35.      */
    36. 

  36.     public function setProcessorOptions(array $options)
    37. 

  37.     {
    38. 

  38.         $this->httpHeadersToSanitize = array_merge($this->getDefaultHeaders(), isset($options['sanitize_http_headers']) ? $options['sanitize_http_headers'] : array());
    39. 

  39.     }
    40. 

  40. 

  41.     /**
    42. 

  42.      * {@inheritdoc}
    43. 

  43.      */
    44. 

  44.     public function process(&$data)
    45. 

  45.     {
    46. 

  46.         if (isset($data['request']) && isset($data['request']['headers'])) {
    47. 

  47.             foreach ($data['request']['headers'] as $header => &$value) {
    48. 

  48.                 if (in_array($header, $this->httpHeadersToSanitize)) {
    49. 

  49.                     $value = self::STRING_MASK;
    50. 

  50.                 }
    51. 

  51.             }
    52. 

  52.         }
    53. 

  53.     }
    54. 

  54. 

  55.     /**
    56. 

  56.      * Gets the list of default headers that must be sanitized.
    57. 

  57.      *
    58. 

  58.      * @return string[]
    59. 

  59.      */
    60. 

  60.     private function getDefaultHeaders()
    61. 

  61.     {
    62. 

  62.         return array('Authorization', 'Proxy-Authorization', 'X-Csrf-Token', 'X-CSRFToken', 'X-XSRF-TOKEN');
    63. 

  63.     }
    64. 

  64. }
    65.