Skip to content

Commit

Permalink
fix(logger): Prevent infinite recursion with log.condition => matches
Browse files Browse the repository at this point in the history
When we need to check the log condition for a user matches,
there is a risk that something on the way checks the log level
and would result in an infinite loop.
So we simply check if it's a nested call and use the default
warning level in that case.

Signed-off-by: Joas Schilling <coding@schilljs.com>
  • Loading branch information
nickvergessen committed Jan 3, 2025
1 parent 9e18d34 commit 63f3309
Show file tree
Hide file tree
Showing 2 changed files with 51 additions and 0 deletions.
39 changes: 39 additions & 0 deletions build/integration/features/log-condition.feature
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
# SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
Feature: log-condition

Background:
Given invoking occ with "config:system:set log.condition matches 0 users 0 --value admin"
Then the command was successful

Scenario: Accessing /status.php with log.condition
When requesting "/status.php" with "GET"
Then the HTTP status code should be "200"

Scenario: Accessing /index.php with log.condition
When requesting "/index.php" with "GET"
Then the HTTP status code should be "200"

Scenario: Accessing /remote.php/webdav with log.condition
When requesting "/remote.php/webdav" with "GET"
Then the HTTP status code should be "401"

Scenario: Accessing /remote.php/dav with log.condition
When requesting "/remote.php/dav" with "GET"
Then the HTTP status code should be "401"

Scenario: Accessing /ocs/v1.php with log.condition
When requesting "/ocs/v1.php" with "GET"
Then the HTTP status code should be "200"

Scenario: Accessing /ocs/v2.php with log.condition
When requesting "/ocs/v2.php" with "GET"
Then the HTTP status code should be "404"

Scenario: Accessing /public.php/webdav with log.condition
When requesting "/public.php/webdav" with "GET"
Then the HTTP status code should be "401"

Scenario: Accessing /public.php/dav with log.condition
When requesting "/public.php/dav" with "GET"
Then the HTTP status code should be "503"
12 changes: 12 additions & 0 deletions lib/private/Log.php
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@
class Log implements ILogger, IDataLogger {
private ?bool $logConditionSatisfied = null;
private ?IEventDispatcher $eventDispatcher = null;
private int $nestingLevel = 0;

public function __construct(
private IWriter $logger,
Expand Down Expand Up @@ -192,6 +193,11 @@ public function log(int $level, string $message, array $context = []): void {
}

public function getLogLevel(array $context, string $message): int {
if ($this->nestingLevel > 1) {
return ILogger::WARN;
}

$this->nestingLevel++;
/**
* @psalm-var array{
* shared_secret?: string,
Expand Down Expand Up @@ -242,6 +248,7 @@ public function getLogLevel(array $context, string $message): int {

// if log condition is satisfied change the required log level to DEBUG
if ($this->logConditionSatisfied) {
$this->nestingLevel--;
return ILogger::DEBUG;
}

Expand All @@ -256,6 +263,7 @@ public function getLogLevel(array $context, string $message): int {
* once this is met -> change the required log level to debug
*/
if (in_array($context['app'], $logCondition['apps'] ?? [], true)) {
$this->nestingLevel--;
return ILogger::DEBUG;
}
}
Expand All @@ -268,6 +276,7 @@ public function getLogLevel(array $context, string $message): int {

// Invalid configuration, warn the user and fall back to default level of WARN
error_log('Nextcloud configuration: "loglevel" is not a valid integer');
$this->nestingLevel--;
return ILogger::WARN;
}

Expand All @@ -281,12 +290,15 @@ public function getLogLevel(array $context, string $message): int {
if (!isset($option['apps']) && !isset($option['loglevel']) && !isset($option['message'])) {
/* Only user and/or secret are listed as conditions, we can cache the result for the rest of the request */
$this->logConditionSatisfied = true;
$this->nestingLevel--;
return ILogger::DEBUG;
}
$this->nestingLevel--;
return $option['loglevel'] ?? ILogger::DEBUG;
}
}

$this->nestingLevel--;
return ILogger::WARN;
}

Expand Down

0 comments on commit 63f3309

Please sign in to comment.