CRM-8434: Hide API key from batch ERROR during Magento synchronizatio…

…n (#12577)

* CRM-8434: Hide API key from batch ERROR during Magento synchronization
- removed sensitive data from Exception message during creation

src/Oro/Bundle/IntegrationBundle/Exception/SoapConnectionException.php

@@ -2,6 +2,8 @@
 
 namespace Oro\Bundle\IntegrationBundle\Exception;
 
+use Oro\Bundle\IntegrationBundle\Utils\SecureErrorMessageHelper;
+
 class SoapConnectionException extends TransportException
 {
     /**
@@ -34,6 +36,8 @@ public static function createFromResponse($response, \Exception $exception = nul
         $message .= str_pad('[code]', 20, ' ', STR_PAD_RIGHT) . $code . PHP_EOL;
         $message .= PHP_EOL;
 
+        $message = SecureErrorMessageHelper::sanitizeSecureInfo($message);
+
         $newException = new static($message, $exceptionCode, $exception);
         if ($exception instanceof \SoapFault) {
             $newException->setFaultCode($exception->faultcode);

src/Oro/Bundle/IntegrationBundle/Test/Unit/Utils/SecureErrorMessageHelperTest.php

@@ -0,0 +1,42 @@
+<?php
+
+namespace Oro\Bundle\IntegrationBundle\Tests\Unit\Utils;
+
+use Oro\Bundle\IntegrationBundle\Utils\SecureErrorMessageHelper;
+
+class SecureErrorMessageHelperTest extends \PHPUnit_Framework_TestCase
+{
+
+    /**
+     * @dataProvider messageProvider
+     *
+     * @param string $exceptionMessage
+     * @param string $expectedMessage
+     */
+    public function testSanitizeSecureInfo($exceptionMessage, $expectedMessage)
+    {
+        $sanitisedMessage = SecureErrorMessageHelper::sanitizeSecureInfo($exceptionMessage);
+        $this->assertEquals($expectedMessage, $sanitisedMessage);
+    }
+
+    /**
+     * @return array
+     */
+    public function messageProvider()
+    {
+        return [
+            'some other text' => [
+                '$exceptionMessage' => 'some message text',
+                '$expectedMessage'  => 'some message text'
+            ],
+            'sanitized exception message'       => [
+                '$exceptionMessage' => '<?xml version="1.0" encoding="UTF-8"?>' .
+                    '<SOAP-ENV:Body><ns1:login><username xsi:type="xsd:string">abc</username>' .
+                    '<apiKey xsi:type="xsd:string">abcabc1</apiKey></ns1:login></SOAP-ENV:Body></SOAP-ENV:Envelope>',
+                '$expectedMessage'  => '<?xml version="1.0" encoding="UTF-8"?>' .
+                    '<SOAP-ENV:Body><ns1:login><username xsi:type="xsd:string">abc</username>' .
+                    '<apiKey xsi:type="xsd:string">***</apiKey></ns1:login></SOAP-ENV:Body></SOAP-ENV:Envelope>'
+            ]
+        ];
+    }
+}

src/Oro/Bundle/IntegrationBundle/Utils/SecureErrorMessageHelper.php

@@ -0,0 +1,22 @@
+<?php
+
+namespace Oro\Bundle\IntegrationBundle\Utils;
+
+class SecureErrorMessageHelper
+{
+    /**
+     * Sanitize error message for secure info
+     *
+     * @param string
+     *
+     * @return string
+     */
+    public static function sanitizeSecureInfo($message)
+    {
+        if (is_string($message)) {
+            return preg_replace('#(<apiKey.*?>)(.*)(</apiKey>)#i', '$1***$3', $message);
+        }
+
+        return $message;
+    }
+}