From 219826db4aceae37e6b3f374455e893d3549b8dc Mon Sep 17 00:00:00 2001 From: bencroker Date: Tue, 19 Nov 2024 11:14:07 +0100 Subject: [PATCH] Redact deployer settings --- CHANGELOG.md | 6 ++++++ composer.json | 2 +- src/controllers/DiagnosticsController.php | 21 ++++++++++++++++----- 3 files changed, 23 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d0d5683b..b7831e58 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Release Notes for Blitz +## 5.9.7 - Unreleased + +### Changed + +- More deployer settings are now redacted when generating a diagnostics report. + ## 5.9.6 - 2024-11-15 ### Fixed diff --git a/composer.json b/composer.json index 1fad989d..c0cb6c7a 100644 --- a/composer.json +++ b/composer.json @@ -1,7 +1,7 @@ { "name": "putyourlightson/craft-blitz", "description": "Intelligent static page caching for creating lightning-fast sites.", - "version": "5.9.6", + "version": "5.9.7", "type": "craft-plugin", "homepage": "https://putyourlightson.com/plugins/blitz", "license": "proprietary", diff --git a/src/controllers/DiagnosticsController.php b/src/controllers/DiagnosticsController.php index 7da9b3de..c7cb8a03 100755 --- a/src/controllers/DiagnosticsController.php +++ b/src/controllers/DiagnosticsController.php @@ -119,14 +119,25 @@ public function actionExportIncludes(int $siteId): Response } /** - * Returns redacted values as a JSON encoded string. + * Returns redacted plugin settings as a JSON encoded string. */ - private function getRedacted(array $values): string + private function getRedactedPluginSettings(): string { - $redacted = Craft::$app->getSecurity()->redactIfSensitive('', $values); + $settings = Blitz::$plugin->settings; + + if (!empty($settings->deployerSettings)) { + $allowedKeys = ['gitRepositories']; + foreach ($settings->deployerSettings as $key => $value) { + if (!empty($settings->deployerSettings[$key]) && !in_array($key, $allowedKeys)) { + $settings->deployerSettings[$key] = '*'; + } + } + } + + $redacted = Craft::$app->getSecurity()->redactIfSensitive('', $settings->getAttributes()); $encoded = Json::encode($redacted, JSON_PRETTY_PRINT); - // Replace unicode character with asterisk + // Replace Unicode character with asterisk return str_replace('\u2022', '*', $encoded); } @@ -158,7 +169,7 @@ private function getReport(): string 'dbDriver' => $this->dbDriver(), 'plugins' => Craft::$app->getPlugins()->getAllPlugins(), 'modules' => $modules, - 'blitzPluginSettings' => $this->getRedacted(Blitz::$plugin->getSettings()->getAttributes()), + 'blitzPluginSettings' => $this->getRedactedPluginSettings(), ] ); }