fix: maskSensitiveData() may mask backtrace data like file

kenjis · kenjis · commit 76595ee4837e · 2023-07-21T15:06:55.000+09:00
diff --git a/phpstan-baseline.php b/phpstan-baseline.php
@@ -931,11 +931,6 @@
 	'count' => 1,
 	'path' => __DIR__ . '/system/Debug/Exceptions.php',
 ];
-$ignoreErrors[] = [
-	'message' => '#^Method CodeIgniter\\\\Debug\\\\Exceptions\\:\\:maskSensitiveData\\(\\) has no return type specified\\.$#',
-	'count' => 1,
-	'path' => __DIR__ . '/system/Debug/Exceptions.php',
-];
 $ignoreErrors[] = [
 	'message' => '#^Method CodeIgniter\\\\Debug\\\\Exceptions\\:\\:render\\(\\) has no return type specified\\.$#',
 	'count' => 1,
diff --git a/system/Debug/Exceptions.php b/system/Debug/Exceptions.php
@@ -315,31 +315,48 @@ protected function collectVars(Throwable $exception, int $statusCode): array
      * @return array|object
      */
     protected function maskSensitiveData($trace, array $keysToMask, string $path = '')
+    {
+        foreach ($trace as $i => $line) {
+            $trace[$i]['args'] = $this->maskData($line['args'], $this->config->sensitiveDataInTrace);
+        }
+
+        return $trace;
+    }
+
+    /**
+     * @param array|object $args
+     *
+     * @return array|object
+     */
+    private function maskData($args, array $keysToMask, string $path = '')
     {
         foreach ($keysToMask as $keyToMask) {
             $explode = explode('/', $keyToMask);
             $index   = end($explode);
 
             if (strpos(strrev($path . '/' . $index), strrev($keyToMask)) === 0) {
-                if (is_array($trace) && array_key_exists($index, $trace)) {
-                    $trace[$index] = '******************';
-                } elseif (is_object($trace) && property_exists($trace, $index) && isset($trace->{$index})) {
-                    $trace->{$index} = '******************';
+                if (is_array($args) && array_key_exists($index, $args)) {
+                    $args[$index] = '******************';
+                } elseif (
+                    is_object($args) && property_exists($args, $index)
+                    && isset($args->{$index}) && is_scalar($args->{$index})
+                ) {
+                    $args->{$index} = '******************';
                 }
             }
         }
 
-        if (is_array($trace)) {
-            foreach ($trace as $pathKey => $subarray) {
-                $trace[$pathKey] = $this->maskSensitiveData($subarray, $keysToMask, $path . '/' . $pathKey);
+        if (is_array($args)) {
+            foreach ($args as $pathKey => $subarray) {
+                $args[$pathKey] = $this->maskData($subarray, $keysToMask, $path . '/' . $pathKey);
             }
-        } elseif (is_object($trace)) {
-            foreach ($trace as $pathKey => $subarray) {
-                $trace->{$pathKey} = $this->maskSensitiveData($subarray, $keysToMask, $path . '/' . $pathKey);
+        } elseif (is_object($args)) {
+            foreach ($args as $pathKey => $subarray) {
+                $args->{$pathKey} = $this->maskData($subarray, $keysToMask, $path . '/' . $pathKey);
             }
         }
 
-        return $trace;
+        return $args;
     }
 
     /**
