Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
      None
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity

      Description

      Sensitive Code Example

      Basic PHP configuration:

      function configure_logging() {
        error_reporting(E_RECOVERABLE_ERROR); // Sensitive
        error_reporting(32); // Sensitive
      
        ini_set('docref_root', '1'); // Sensitive
        ini_set('display_errors', '1'); // Sensitive
        ini_set('display_startup_errors', '1'); // Sensitive
        ini_set('error_log', "path/to/logfile"); // Sensitive - check logfile is secure
        ini_set('error_reporting', E_PARSE ); // Sensitive
        ini_set('error_reporting', 64); // Sensitive
        ini_set('log_errors', '0'); // Sensitive
        ini_set('log_errors_max_length', '512'); // Sensitive
        ini_set('ignore_repeated_errors', '1'); // Sensitive
        ini_set('ignore_repeated_source', '1'); // Sensitive
        ini_set('track_errors', '0'); // Sensitive
      
        ini_alter('docref_root', '1'); // Sensitive
        ini_alter('display_errors', '1'); // Sensitive
        ini_alter('display_startup_errors', '1'); // Sensitive
        ini_alter('error_log', "path/to/logfile"); // Sensitive - check logfile is secure
        ini_alter('error_reporting', E_PARSE ); // Sensitive
        ini_alter('error_reporting', 64); // Sensitive
        ini_alter('log_errors', '0'); // Sensitive
        ini_alter('log_errors_max_length', '512'); // Sensitive
        ini_alter('ignore_repeated_errors', '1'); // Sensitive
        ini_alter('ignore_repeated_source', '1'); // Sensitive
        ini_alter('track_errors', '0'); // Sensitive
      }
      

      Definition of custom loggers with psr/log

      abstract class MyLogger implements \Psr\Log\LoggerInterface { // Sensitive
          // ...
      }
      
      abstract class MyLogger2 extends \Psr\Log\AbstractLogger { // Sensitive
          // ...
      }
      
      abstract class MyLogger3 {
          use \Psr\Log\LoggerTrait; // Sensitive
          // ...
      }
      

      Exceptions

      No issue will be raised for logger configuration when it follows recommended settings for production servers. The following examples are all valid:

        ini_set('docref_root', '0');
        ini_set('display_errors', '0');
        ini_set('display_startup_errors', '0');
      
        error_reporting(E_ALL);
        error_reporting(32767);
        error_reporting(-1);
        ini_set('error_reporting', E_ALL);
        ini_set('error_reporting', 32767);
        ini_set('error_reporting', -1);
      
        ini_set('log_errors', '1');
        ini_set('log_errors_max_length', '0');
        ini_set('ignore_repeated_errors', '0');
        ini_set('ignore_repeated_source', '0');
        ini_set('track_errors', '1');
      

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            nicolas.harraudeau Nicolas Harraudeau (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: