Skip to content

Allow a whitelist of errors to be shown when showerrors is true #2521

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
monkeyiq wants to merge 4 commits into from
Closed

Allow a whitelist of errors to be shown when showerrors is true #2521

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
f347374
Allow a whitelist of errors to be shown when showerrors is true
monkeyiq Oct 6, 2025
7bc1adb
lint
monkeyiq Oct 6, 2025
9442687
include default as default config.php.dist setting
monkeyiq Oct 20, 2025
717924c
lint
monkeyiq Oct 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 60 additions & 0 deletions config/config.php.dist
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -340,6 +340,66 @@ $config = [
'showerrors' => true,
'errorreporting' => true,

/*
* When showerrors is true, this is an array of which errors
* should still be shown to the user. By default an error will
* always be shown if showerrors==true and this setting is at the default value to allow all.
*
* If you list anything in this option you have to explicitly list each error
* you would like to be shown to the user. You can also set the value to false
* to hide that error. If this setting is used with anything other than the default
* value and an error is not listed in the list then a backtrace for that error
* will not be shown.
*
* These can be any of the error codes in
* src/SimpleSAML/Error/ErrorCodes.php
*
*/
'showerrors.whitelist' => [ '*' => true ],
/*
some of the many possibilities for this setting

'showerrors.whitelist' => [
'ACSPARAMS' => true,
'ADMINNOTHASHED' => true,
'ARSPARAMS' => true,
'AUTHSOURCEERROR' => true,
'BADREQUEST' => true,
'CASERROR' => true,
'CONFIG' => true,
'CREATEREQUEST' => true,
'DISCOPARAMS' => true,
'GENERATEAUTHNRESPONSE' => true,
'INVALIDCERT' => true,
'LDAPERROR' => true,
'LOGOUTINFOLOST' => true,
'LOGOUTREQUEST' => true,
'MEMCACHEDOWN' => true,
'METADATA' => true,
'METADATANOTFOUND' => true,
'METHODNOTALLOWED' => true,
'NOACCESS' => true,
'NOCERT' => true,
'NORELAYSTATE' => true,
'NOSTATE' => true,
'NOTFOUND' => true,
'NOTFOUNDREASON' => true,
'NOTSET' => true,
'NOTVALIDCERT' => true,
'NOTVALIDCERTSIGNATURE' => true,
'PROCESSASSERTION' => true,
'PROCESSAUTHNREQUEST' => true,
'RESPONSESTATUSNOSUCCESS' => true,
'SLOSERVICEPARAMS' => true,
'SSOPARAMS' => true,
'UNHANDLEDEXCEPTION' => true,
'UNKNOWNCERT' => true,
'USERABORTED' => true,
'WRONGUSERPASS' => true,
],
*/


/*
* Custom error show function called from SimpleSAML\Error\Error::show.
* See docs/simplesamlphp-errorhandling.md for function code example.
Expand Down
25 changes: 24 additions & 1 deletion src/SimpleSAML/Error/Error.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -206,6 +206,28 @@ protected function saveError(): array
} else {
$referer = 'unknown';
}

$showerrors = $config->getOptionalBoolean('showerrors', true);
Comment thread
monkeyiq marked this conversation as resolved.

$whitelist = Configuration::getInstance()->getOptionalArray('showerrors.whitelist', ['*' => true]);
if (count($whitelist) == 1 && array_key_exists('*', $whitelist)) {
// no change to filtering
// everything is shown by default.
} else {
// explicitly handle showing erorrs
// if not listed, do not show backtrace.
$showRealError = false;
if (array_key_exists($this->errorCode, $whitelist)) {
$showRealError = ($whitelist[$this->errorCode] == true);
}
if (!$showRealError) {
// they didn't select to show this message
$emsg = "secret";
$etrace = "trace";
$showerrors = false;
}
}

$httpUtils = new Utils\HTTP();
$errorData = [
'exceptionMsg' => $emsg,
Expand All @@ -215,6 +237,7 @@ protected function saveError(): array
'url' => $httpUtils->getSelfURLNoQuery(),
'version' => $config->getVersion(),
'referer' => $referer,
'showerrors' => $showerrors,
];
$session->setData('core:errorreport', $reportId, $errorData);

Expand All @@ -239,7 +262,7 @@ public function show(int $logLevel = Logger::ERR, bool $suppressReport = false):
$config = Configuration::getInstance();

$data = [];
$data['showerrors'] = $config->getOptionalBoolean('showerrors', true);
$data['showerrors'] = $errorData['showerrors'];
$data['error'] = $errorData;
$data['errorCode'] = $this->errorCode;
$data['parameters'] = $this->parameters;
Expand Down
Loading