From a97aff29c5e4dacd6bc9f23149c71a0072909767 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ingimar=20Svanberg=20J=C3=B3hannesson?= Date: Tue, 19 Dec 2023 13:14:36 +0000 Subject: [PATCH 1/2] [processor] Prevent accidental calls to global functions if any of the values is the string 'header' or 'die' then that global function gets called. This should be done explicitly if indended. Issue: MOYA-1244 --- src/Processor/CallableContextProcessor.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Processor/CallableContextProcessor.php b/src/Processor/CallableContextProcessor.php index 265b7fd..d9a9254 100644 --- a/src/Processor/CallableContextProcessor.php +++ b/src/Processor/CallableContextProcessor.php @@ -27,7 +27,7 @@ public function __invoke(LogRecord $record): LogRecord } foreach ($context as $key => &$value) { - if (\is_callable($value)) { + if (!is_string($value) && \is_callable($value)) { try { $value = $value(); } From 2c2575077bbef85e13b86512dfbe76525bc84a48 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ingimar=20Svanberg=20J=C3=B3hannesson?= Date: Wed, 20 Dec 2023 11:05:07 +0000 Subject: [PATCH 2/2] [tests] Add test for CallableContextProcessor Assert that string functions don't get called only closures Issue: MOYA-1244 --- tests/Processor/CallableContextTest.php | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/tests/Processor/CallableContextTest.php b/tests/Processor/CallableContextTest.php index 04ffba1..d4593ff 100644 --- a/tests/Processor/CallableContextTest.php +++ b/tests/Processor/CallableContextTest.php @@ -60,4 +60,29 @@ public function testCallbackValueIsRemoved(): void $this->assertTrue($callbackExecuted); } + + public function testStringFunctionIsNotCalled():void + { + $stringFunction = 'Stefna\Logger\Processor\testingFunction'; + + $mainLogger = $this->createMock(LoggerInterface::class); + $logger = new ProcessLogger($mainLogger, new CallableContextProcessor()); + $msg = 'testCallbackValueIsRemoved'; + $callbackExecuted = false; + + $this->expectOutputString(""); + $logger->debug($msg, [ + "section" => $stringFunction, + CallableContextProcessor::CALLBACK => function () use (&$callbackExecuted) { + $callbackExecuted = true; + }, + ]); + + $this->assertTrue($callbackExecuted); + } +} + +function testingFunction() +{ + print("should not print this"); }