Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
72eeb24cd73f1f8c7bea2d71e9835c7667b315d7
Siro/fix_exception_leaks.py
Hamza-Ayed 72eeb24cd7 Fix #18: Exception leak remediation across 87 PHP files 
- Replaced all client-facing $e->getMessage() with generic error messages
- Added error_log() with filename prefix to all catch blocks
- Covered jsonError(), echo, and json_encode() response patterns
- Also fixed 2 remaining display_errors=1 and add_invoice.php leak
- Script-assisted fix for 75 files, manual fix for 12 remaining edge cases
2026-06-17 07:48:31 +03:00

77 lines
2.5 KiB
Python
Raw Blame History

#!/usr/bin/env python3
"""Replace $e->getMessage() in client-facing JSON/echo responses with generic error + error_log."""
import os, re, glob
BACKEND = "/Users/hamzaaleghwairyeen/development/App/Siro/backend"
def fix_file(fpath):
with open(fpath) as f:
content = f.read()
original = content
base = os.path.basename(fpath)
# Add error_log before any line that does jsonError/echo with $e->getMessage() inside a catch block
# Pattern: catch (...) {\n jsonError/echo(... $e->getMessage() )
content = re.sub(
r'(catch\s*\((?:PDOException|Exception|\\Exception|Throwable)\s*\$\w+\)\s*\{)\n(\s*)(jsonError|echo)\s*\(',
lambda m: f"{m.group(1)}\n{m.group(2)}error_log(\"[{base}] \" . $e->getMessage());\n{m.group(2)}{m.group(3)}(",
content,
)
# Replace jsonError("... " . $e->getMessage()) with generic message
content = re.sub(
r'jsonError\s*\(\s*"[^"]*"\s*\.\s*\$\w+->getMessage\s*\(\s*\)\s*\)',
'jsonError("An internal error occurred. Please try again later.")',
content,
)
# Replace jsonError($e->getMessage())
content = re.sub(
r'jsonError\s*\(\s*\$\w+->getMessage\s*\(\s*\)\s*\)',
'jsonError("An internal error occurred. Please try again later.")',
content,
)
# Replace echo "... " . $e->getMessage()
content = re.sub(
r'echo\s+"[^"]*"\s*\.\s*\$\w+->getMessage\s*\(\s*\)',
'echo "An internal error occurred"',
content,
)
# Replace echo $e->getMessage()
content = re.sub(
r'echo\s+\$\w+->getMessage\s*\(\s*\)',
'echo "An internal error occurred"',
content,
)
# Replace json_encode with $e->getMessage() in response
content = re.sub(
r'(json_encode\s*\(\s*(?:array\s*\(|\[)[^)]*"message"\s*=>?\s*)"[^"]*"\s*\.\s*\$\w+->getMessage\s*\(\s*\)([^)]*[)\]]\s*\))',
r'\1"An internal error occurred"\2',
content,
)
content = re.sub(
r'(json_encode\s*\(\s*(?:array\s*\(|\[)[^)]*"message"\s*=>?\s*)\$\w+->getMessage\s*\(\s*\)([^)]*[)\]]\s*\))',
r'\1"An internal error occurred"\2',
content,
)
if content != original:
with open(fpath, 'w') as f:
f.write(content)
return True
return False
fixed = 0
for fpath in glob.glob(os.path.join(BACKEND, '**/*.php'), recursive=True):
if '/vendor/' in fpath:
continue
if fix_file(fpath):
fixed += 1
rel = os.path.relpath(fpath, BACKEND)
print(f" {rel}")
print(f"\nFixed: {fixed} files")
Reference in New Issue View Git Blame Copy Permalink