From 97294053aec247f4396fa7923243bdc417d19c0b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcin=20=C5=81ukaszewicz?= <mlukaszewicz@oroinc.com>
Date: Wed, 16 Aug 2017 13:52:18 +0200
Subject: [PATCH] CRM-8434: Hide API key from batch ERROR during Magento
 synchronization (#12577)

* CRM-8434: Hide API key from batch ERROR during Magento synchronization
- removed sensitive data from Exception message during creation
---
 .../Exception/SoapConnectionException.php     |  4 ++
 .../Utils/SecureErrorMessageHelperTest.php    | 42 +++++++++++++++++++
 .../Utils/SecureErrorMessageHelper.php        | 22 ++++++++++
 3 files changed, 68 insertions(+)
 create mode 100644 src/Oro/Bundle/IntegrationBundle/Test/Unit/Utils/SecureErrorMessageHelperTest.php
 create mode 100644 src/Oro/Bundle/IntegrationBundle/Utils/SecureErrorMessageHelper.php

diff --git a/src/Oro/Bundle/IntegrationBundle/Exception/SoapConnectionException.php b/src/Oro/Bundle/IntegrationBundle/Exception/SoapConnectionException.php
index 679942932bb..1af7a96a4cf 100644
--- a/src/Oro/Bundle/IntegrationBundle/Exception/SoapConnectionException.php
+++ b/src/Oro/Bundle/IntegrationBundle/Exception/SoapConnectionException.php
@@ -2,6 +2,8 @@
 
 namespace Oro\Bundle\IntegrationBundle\Exception;
 
+use Oro\Bundle\IntegrationBundle\Utils\SecureErrorMessageHelper;
+
 class SoapConnectionException extends TransportException
 {
     /**
@@ -34,6 +36,8 @@ public static function createFromResponse($response, \Exception $exception = nul
         $message .= str_pad('[code]', 20, ' ', STR_PAD_RIGHT) . $code . PHP_EOL;
         $message .= PHP_EOL;
 
+        $message = SecureErrorMessageHelper::sanitizeSecureInfo($message);
+
         $newException = new static($message, $exceptionCode, $exception);
         if ($exception instanceof \SoapFault) {
             $newException->setFaultCode($exception->faultcode);
diff --git a/src/Oro/Bundle/IntegrationBundle/Test/Unit/Utils/SecureErrorMessageHelperTest.php b/src/Oro/Bundle/IntegrationBundle/Test/Unit/Utils/SecureErrorMessageHelperTest.php
new file mode 100644
index 00000000000..b726856a249
--- /dev/null
+++ b/src/Oro/Bundle/IntegrationBundle/Test/Unit/Utils/SecureErrorMessageHelperTest.php
@@ -0,0 +1,42 @@
+<?php
+
+namespace Oro\Bundle\IntegrationBundle\Tests\Unit\Utils;
+
+use Oro\Bundle\IntegrationBundle\Utils\SecureErrorMessageHelper;
+
+class SecureErrorMessageHelperTest extends \PHPUnit_Framework_TestCase
+{
+
+    /**
+     * @dataProvider messageProvider
+     *
+     * @param string $exceptionMessage
+     * @param string $expectedMessage
+     */
+    public function testSanitizeSecureInfo($exceptionMessage, $expectedMessage)
+    {
+        $sanitisedMessage = SecureErrorMessageHelper::sanitizeSecureInfo($exceptionMessage);
+        $this->assertEquals($expectedMessage, $sanitisedMessage);
+    }
+
+    /**
+     * @return array
+     */
+    public function messageProvider()
+    {
+        return [
+            'some other text' => [
+                '$exceptionMessage' => 'some message text',
+                '$expectedMessage'  => 'some message text'
+            ],
+            'sanitized exception message'       => [
+                '$exceptionMessage' => '<?xml version="1.0" encoding="UTF-8"?>' .
+                    '<SOAP-ENV:Body><ns1:login><username xsi:type="xsd:string">abc</username>' .
+                    '<apiKey xsi:type="xsd:string">abcabc1</apiKey></ns1:login></SOAP-ENV:Body></SOAP-ENV:Envelope>',
+                '$expectedMessage'  => '<?xml version="1.0" encoding="UTF-8"?>' .
+                    '<SOAP-ENV:Body><ns1:login><username xsi:type="xsd:string">abc</username>' .
+                    '<apiKey xsi:type="xsd:string">***</apiKey></ns1:login></SOAP-ENV:Body></SOAP-ENV:Envelope>'
+            ]
+        ];
+    }
+}
diff --git a/src/Oro/Bundle/IntegrationBundle/Utils/SecureErrorMessageHelper.php b/src/Oro/Bundle/IntegrationBundle/Utils/SecureErrorMessageHelper.php
new file mode 100644
index 00000000000..fbfd2acdf2e
--- /dev/null
+++ b/src/Oro/Bundle/IntegrationBundle/Utils/SecureErrorMessageHelper.php
@@ -0,0 +1,22 @@
+<?php
+
+namespace Oro\Bundle\IntegrationBundle\Utils;
+
+class SecureErrorMessageHelper
+{
+    /**
+     * Sanitize error message for secure info
+     *
+     * @param string
+     *
+     * @return string
+     */
+    public static function sanitizeSecureInfo($message)
+    {
+        if (is_string($message)) {
+            return preg_replace('#(<apiKey.*?>)(.*)(</apiKey>)#i', '$1***$3', $message);
+        }
+
+        return $message;
+    }
+}