Redact deployer settings

putyourlightson · Nov 19, 2024 · 219826d · 219826d
1 parent aa4c056
commit 219826d
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 6 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Release Notes for Blitz
 
+## 5.9.7 - Unreleased
+
+### Changed
+
+- More deployer settings are now redacted when generating a diagnostics report.
+
 ## 5.9.6 - 2024-11-15
 
 ### Fixed

diff --git a/composer.json b/composer.json
@@ -1,7 +1,7 @@
 {
   "name": "putyourlightson/craft-blitz",
   "description": "Intelligent static page caching for creating lightning-fast sites.",
-  "version": "5.9.6",
+  "version": "5.9.7",
   "type": "craft-plugin",
   "homepage": "https://putyourlightson.com/plugins/blitz",
   "license": "proprietary",

diff --git a/src/controllers/DiagnosticsController.php b/src/controllers/DiagnosticsController.php
@@ -119,14 +119,25 @@ public function actionExportIncludes(int $siteId): Response
     }
 
     /**
-     * Returns redacted values as a JSON encoded string.
+     * Returns redacted plugin settings as a JSON encoded string.
      */
-    private function getRedacted(array $values): string
+    private function getRedactedPluginSettings(): string
     {
-        $redacted = Craft::$app->getSecurity()->redactIfSensitive('', $values);
+        $settings = Blitz::$plugin->settings;
+
+        if (!empty($settings->deployerSettings)) {
+            $allowedKeys = ['gitRepositories'];
+            foreach ($settings->deployerSettings as $key => $value) {
+                if (!empty($settings->deployerSettings[$key]) && !in_array($key, $allowedKeys)) {
+                    $settings->deployerSettings[$key] = '*';
+                }
+            }
+        }
+
+        $redacted = Craft::$app->getSecurity()->redactIfSensitive('', $settings->getAttributes());
         $encoded = Json::encode($redacted, JSON_PRETTY_PRINT);
 
-        // Replace unicode character with asterisk
+        // Replace Unicode character with asterisk
         return str_replace('\u2022', '*', $encoded);
     }
 
@@ -158,7 +169,7 @@ private function getReport(): string
                 'dbDriver' => $this->dbDriver(),
                 'plugins' => Craft::$app->getPlugins()->getAllPlugins(),
                 'modules' => $modules,
-                'blitzPluginSettings' => $this->getRedacted(Blitz::$plugin->getSettings()->getAttributes()),
+                'blitzPluginSettings' => $this->getRedactedPluginSettings(),
             ]
         );
     }