Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F14590498
D7657.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
6 KB
Referenced Files
None
Subscribers
None
D7657.diff
View Options
Index: src/applications/config/option/PhabricatorSecurityConfigOptions.php
===================================================================
--- src/applications/config/option/PhabricatorSecurityConfigOptions.php
+++ src/applications/config/option/PhabricatorSecurityConfigOptions.php
@@ -94,7 +94,7 @@
"in a vague, mostly theoretical way. But it will take you like 3 ".
"seconds of mashing on your keyboard to set it up so you might ".
"as well.")),
- $this->newOption(
+ $this->newOption(
'phabricator.mail-key',
'string',
'5ce3e7e8787f6e40dfae861da315a5cdf1018f12')
@@ -108,7 +108,7 @@
"unique to your install. In particular, you will want to do ".
"this if you accidentally send a bunch of mail somewhere you ".
"shouldn't have, to invalidate all old reply-to addresses.")),
- $this->newOption(
+ $this->newOption(
'uri.allowed-protocols',
'set',
array(
@@ -126,7 +126,7 @@
->addExample(
'{"http": true, "https": true"}', pht('Valid Setting'))
->setLocked(true),
- $this->newOption(
+ $this->newOption(
'celerity.resource-hash',
'string',
'd9455ea150622ee044f7931dabfa52aa')
@@ -141,21 +141,21 @@
"to something else and rebuild the Celerity map to break user ".
"caches. Unless you are doing Celerity development, it is ".
"exceptionally unlikely that you need to modify this.")),
- $this->newOption('remarkup.enable-embedded-youtube', 'bool', false)
- ->setBoolOptions(
- array(
- pht("Embed YouTube videos"),
- pht("Don't embed YouTube videos"),
- ))
- ->setSummary(
- pht("Determines whether or not YouTube videos get embedded."))
- ->setDescription(
- pht(
- "If you enable this, linked YouTube videos will be embeded ".
- "inline. This has mild security implications (you'll leak ".
- "referrers to YouTube) and is pretty silly (but sort of ".
- "awesome).")),
- $this->newOption('security.allow-outbound-http', 'bool', true)
+ $this->newOption('remarkup.enable-embedded-youtube', 'bool', false)
+ ->setBoolOptions(
+ array(
+ pht("Embed YouTube videos"),
+ pht("Don't embed YouTube videos"),
+ ))
+ ->setSummary(
+ pht("Determines whether or not YouTube videos get embedded."))
+ ->setDescription(
+ pht(
+ "If you enable this, linked YouTube videos will be embeded ".
+ "inline. This has mild security implications (you'll leak ".
+ "referrers to YouTube) and is pretty silly (but sort of ".
+ "awesome).")),
+ $this->newOption('security.allow-outbound-http', 'bool', true)
->setBoolOptions(
array(
pht("Allow"),
@@ -167,6 +167,16 @@
pht(
"If you enable this, you are allowing Phabricator to potentially ".
"make requests to external servers.")),
+ $this->newOption('log.service.path', 'string', null)
+ ->setSummary(pht('Write an very high-volume log of all service calls.'))
+ ->setLocked(true)
+ ->setDescription(
+ pht(
+ "Provide the path to a logfile to write all service calls ".
+ "(queries, command execution, remote calls, etc.) into it. This ".
+ "log is extremely high volume, but provides a low-level audit ".
+ "record of all data access and mutation."))
+ ->addExample('/var/log/phabricator/service.log', pht('Valid Path')),
);
}
Index: src/infrastructure/env/PhabricatorEnv.php
===================================================================
--- src/infrastructure/env/PhabricatorEnv.php
+++ src/infrastructure/env/PhabricatorEnv.php
@@ -114,6 +114,11 @@
PhutilTranslator::getInstance()
->setLanguage($translation->getLanguage())
->addTranslations($translation->getTranslations());
+
+ if (PhabricatorEnv::getEnvConfig('log.service.path')) {
+ PhutilServiceProfiler::getInstance()->addListener(
+ array(__CLASS__, 'logServiceCall'));
+ }
}
private static function buildConfigurationSourceStack() {
@@ -536,4 +541,85 @@
self::$cache = array();
}
+ public static function logServiceCall($type, $id, array $data) {
+ switch ($type) {
+ case 'end':
+ // Skip these types, we don't care about event results.
+ return;
+ }
+
+ $event_type = idx($data, 'type');
+ switch ($event_type) {
+ case 'kvcache-set':
+ case 'kvcache-get':
+ case 'event':
+ // Skip these events, they don't impact anything relevant.
+ return;
+ }
+
+ $log = PhabricatorEnv::getEnvConfig('log.service.path');
+
+ $params = array();
+ foreach ($data as $key => $value) {
+ switch ($key) {
+ case 'begin':
+ case 'end':
+ case 'duration':
+ // Skip these keys, they aren't useful for auditing.
+ continue 2;
+ }
+
+ switch ($event_type) {
+ case 'query':
+ if ($key == 'config') {
+ $key = 'database';
+ $value = idx($value, 'database');
+ }
+ if ($key == 'host') {
+ continue 2;
+ }
+ break;
+ default:
+ break;
+ }
+
+ if (!strlen($value)) {
+ continue;
+ }
+
+ if (is_array($value)) {
+ foreach ($value as $vkey => $vvalue) {
+ $value[$vkey] = phutil_loggable_string("{$vkey}:{$vvalue}");
+ }
+ $value = implode(';', $value);
+ }
+
+ $params[] = phutil_loggable_string("{$key}={$value}");
+ }
+ $params = implode("\t", $params);
+
+ $line = sprintf(
+ "[%d]\t[%s]\t%s\t%d\t%s\n",
+ getmypid(),
+ date('r'),
+ nonempty(idx($_SERVER, 'REMOTE_ADDR'), getenv('USER')),
+ $id,
+ $params);
+
+ static $handle;
+ if (!$handle) {
+ $handle = @fopen($log, 'a');
+ if (!$handle) {
+ throw new Exception(
+ pht('Failed to open event log "%s" for writing!', $log));
+ }
+ }
+
+ $ok = fwrite($handle, $line);
+ if (!$ok) {
+ throw new Exception(
+ pht('Failed to write to event log "%s"!', $log));
+ }
+ }
+
}
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Thu, Jan 9, 2:33 PM (2 h, 34 m)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
6979165
Default Alt Text
D7657.diff (6 KB)
Attached To
Mode
D7657: Implement a service call log for auditing
Attached
Detach File
Event Timeline
Log In to Comment