From 6d0163378bcc96151b274ffe8464f258fe2be859 Mon Sep 17 00:00:00 2001 From: alanj853 Date: Tue, 1 Sep 2020 12:31:27 +0000 Subject: [PATCH 1/9] Use explicit Logger macros to allow for compile-time purging --- lib/plug/logger.ex | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/lib/plug/logger.ex b/lib/plug/logger.ex index 69d207188..33edc0bac 100644 --- a/lib/plug/logger.ex +++ b/lib/plug/logger.ex @@ -24,14 +24,14 @@ defmodule Plug.Logger do end def call(conn, level) do - Logger.log(level, fn -> + log(level, fn -> [conn.method, ?\s, conn.request_path] end) start = System.monotonic_time() Conn.register_before_send(conn, fn conn -> - Logger.log(level, fn -> + log(level, fn -> stop = System.monotonic_time() diff = System.convert_time_unit(stop - start, :native, :microsecond) status = Integer.to_string(conn.status) @@ -43,6 +43,11 @@ defmodule Plug.Logger do end) end + defp log(:debug, chardata_or_fun), do: Logger.debug(chardata_or_fun) + defp log(:info, chardata_or_fun), do: Logger.info(chardata_or_fun) + defp log(:warn, chardata_or_fun), do: Logger.warn(chardata_or_fun) + defp log(:error, chardata_or_fun), do: Logger.error(chardata_or_fun) + defp formatted_diff(diff) when diff > 1000, do: [diff |> div(1000) |> Integer.to_string(), "ms"] defp formatted_diff(diff), do: [Integer.to_string(diff), "µs"] From b300be9e17962fbec47c3cdcb83db20d554addb5 Mon Sep 17 00:00:00 2001 From: Adriana Gonzalez Date: Mon, 8 Feb 2021 10:47:06 +0000 Subject: [PATCH 2/9] fix for TLS 1.3 --- lib/plug/ssl.ex | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/lib/plug/ssl.ex b/lib/plug/ssl.ex index f3a4e491b..9aaedf234 100644 --- a/lib/plug/ssl.ex +++ b/lib/plug/ssl.ex @@ -242,9 +242,18 @@ defmodule Plug.SSL do end defp set_secure_defaults(options) do - options - |> Keyword.put_new(:secure_renegotiate, true) - |> Keyword.put_new(:reuse_sessions, true) + if List.keyfind(options, :versions, 0) == {:versions, [:"tlsv1.3"]} do + # secure_renegotiate and reuse_sessions options are not supported + # by the OTP SSL module when earlier versions of TLS are not being used. + # (i.e. TLS1.2 or earlier versions must be specified as it's not supported in TLS1.3) + options + |> Keyword.delete(:secure_renegotiate) + |> Keyword.delete(:reuse_sessions) + else + options + |> Keyword.put_new(:secure_renegotiate, true) + |> Keyword.put_new(:reuse_sessions, true) + end end defp configure_managed_tls(options) do From 786b5be6c87999398e6fe30cb22399b87bbe5e0d Mon Sep 17 00:00:00 2001 From: Adriana Gonzalez Date: Mon, 8 Feb 2021 16:09:45 +0000 Subject: [PATCH 3/9] change tlsv1.3 keyfind in options --- lib/plug/ssl.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/plug/ssl.ex b/lib/plug/ssl.ex index 9aaedf234..079d738ec 100644 --- a/lib/plug/ssl.ex +++ b/lib/plug/ssl.ex @@ -242,7 +242,7 @@ defmodule Plug.SSL do end defp set_secure_defaults(options) do - if List.keyfind(options, :versions, 0) == {:versions, [:"tlsv1.3"]} do + if options[:versions] == [:"tlsv1.3"] do # secure_renegotiate and reuse_sessions options are not supported # by the OTP SSL module when earlier versions of TLS are not being used. # (i.e. TLS1.2 or earlier versions must be specified as it's not supported in TLS1.3) From bcae2ad65bd27aeb7f2078a3d8d4944083700358 Mon Sep 17 00:00:00 2001 From: alanj853 Date: Thu, 8 Sep 2022 13:40:49 +0000 Subject: [PATCH 4/9] Replace raise with Logger.error - Raise throws an error all the way to the browser, even on production builds. So a customer would see it. --- lib/plug/static.ex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/plug/static.ex b/lib/plug/static.ex index 9e42f196f..0ebf05f06 100644 --- a/lib/plug/static.ex +++ b/lib/plug/static.ex @@ -122,6 +122,7 @@ defmodule Plug.Static do import Plug.Conn alias Plug.Conn + require Logger # In this module, the `:prim_file` Erlang module along with the `:file_info` # record are used instead of the more common and Elixir-y `File` module and @@ -173,7 +174,7 @@ defmodule Plug.Static do segments = Enum.map(segments, &uri_decode/1) if invalid_path?(segments) do - raise InvalidPathError + Logger.error("Got invalid path: #{inspect(segments)}") end path = path(from, segments) From 877bd0f4d5b9275d12fa82c9794c593e636e4575 Mon Sep 17 00:00:00 2001 From: "david.naughton" Date: Fri, 21 Apr 2023 16:43:37 +0000 Subject: [PATCH 5/9] Add error raise on invalid path --- lib/plug/static.ex | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/plug/static.ex b/lib/plug/static.ex index 0ebf05f06..5e34b8de8 100644 --- a/lib/plug/static.ex +++ b/lib/plug/static.ex @@ -175,6 +175,7 @@ defmodule Plug.Static do if invalid_path?(segments) do Logger.error("Got invalid path: #{inspect(segments)}") + raise InvalidPathError, "invalid path for static asset: #{conn.request_path}" end path = path(from, segments) From de80bb4a61aa4538c8da8821a12b87fe28e2cf62 Mon Sep 17 00:00:00 2001 From: "david.naughton" Date: Mon, 24 Apr 2023 16:22:49 +0000 Subject: [PATCH 6/9] Change to returning connection unchanged rather than raising --- lib/plug/static.ex | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/plug/static.ex b/lib/plug/static.ex index 5e34b8de8..1caa72369 100644 --- a/lib/plug/static.ex +++ b/lib/plug/static.ex @@ -175,13 +175,13 @@ defmodule Plug.Static do if invalid_path?(segments) do Logger.error("Got invalid path: #{inspect(segments)}") - raise InvalidPathError, "invalid path for static asset: #{conn.request_path}" + conn + else + path = path(from, segments) + range = get_req_header(conn, "range") + encoding = file_encoding(conn, path, range, gzip?, brotli?) + serve_static(encoding, conn, segments, range, options) end - - path = path(from, segments) - range = get_req_header(conn, "range") - encoding = file_encoding(conn, path, range, gzip?, brotli?) - serve_static(encoding, conn, segments, range, options) else conn end From eebc04f1bfbb4f349e923a3d8fdd14f77090bca1 Mon Sep 17 00:00:00 2001 From: Tomasz Kazimierz Motyl Date: Tue, 27 Jun 2023 00:41:55 -0700 Subject: [PATCH 7/9] Changing exception fail whilst given imparsable params i.e.: /login?returnUrl=%%30%30 to a Logger error print-out and binary "" as an evaluated value --- lib/plug/conn/query.ex | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/plug/conn/query.ex b/lib/plug/conn/query.ex index a2fb894c4..d51540f65 100644 --- a/lib/plug/conn/query.ex +++ b/lib/plug/conn/query.ex @@ -58,6 +58,8 @@ defmodule Plug.Conn.Query do """ + require Logger + @doc """ Decodes the given binary. @@ -109,7 +111,8 @@ defmodule Plug.Conn.Query do URI.decode_www_form(value) rescue ArgumentError -> - raise invalid_exception, "invalid urlencoded params, got #{value}" + Logger.error("Exception! invalid urlencoded params, got #{inspect value}") + "" else binary -> if validate_utf8 do From a8fe036297ba2e7ea7e4a9bf367cb79813b37563 Mon Sep 17 00:00:00 2001 From: alanj853 Date: Tue, 10 Sep 2024 11:43:43 +0100 Subject: [PATCH 8/9] tidy up after merge --- lib/plug/conn/query.ex | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lib/plug/conn/query.ex b/lib/plug/conn/query.ex index 4e6291bd2..83edf75f1 100644 --- a/lib/plug/conn/query.ex +++ b/lib/plug/conn/query.ex @@ -82,6 +82,14 @@ defmodule Plug.Conn.Query do For stateful decoding, see `decode_init/0`, `decode_each/2`, and `decode_done/2`. """ + @typedoc """ + Stateful decoder accumulator. + + See `decode_init/0`, `decode_each/2`, and `decode_done/2`. + """ + @typedoc since: "1.16.0" + @opaque decoder() :: map() + require Logger @doc """ From aa5254912157279e1e4fd213633aa96d82918db9 Mon Sep 17 00:00:00 2001 From: alanj853 Date: Tue, 10 Sep 2024 11:45:31 +0100 Subject: [PATCH 9/9] tidy up logger --- lib/plug/logger.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/plug/logger.ex b/lib/plug/logger.ex index 97f19b05f..40218c3f4 100644 --- a/lib/plug/logger.ex +++ b/lib/plug/logger.ex @@ -50,7 +50,7 @@ defmodule Plug.Logger do defp log(:debug, chardata_or_fun), do: Logger.debug(chardata_or_fun) defp log(:info, chardata_or_fun), do: Logger.info(chardata_or_fun) - defp log(:warn, chardata_or_fun), do: Logger.warn(chardata_or_fun) + defp log(:warn, chardata_or_fun), do: Logger.warning(chardata_or_fun) defp log(:error, chardata_or_fun), do: Logger.error(chardata_or_fun) defp formatted_diff(diff) when diff > 1000, do: [diff |> div(1000) |> Integer.to_string(), "ms"]