MAGETWO-59809: Scrub sensitive data during app:dump

Author: shiftedreality

app/code/Magento/Authorizenet/etc/di.xml

@@ -16,4 +16,14 @@
             <argument name="storage" xsi:type="object">Magento\Authorizenet\Model\Directpost\Session\Storage</argument>
         </arguments>
     </type>
+    <type name="Magento\Config\Model\Config\Export\ExcludeList">
+        <arguments>
+            <argument name="configs" xsi:type="array">
+                <item name="payment/authorizenet_directpost/login" xsi:type="string">1</item>
+                <item name="payment/authorizenet_directpost/trans_key" xsi:type="string">1</item>
+                <item name="payment/authorizenet_directpost/trans_md5" xsi:type="string">1</item>
+                <item name="payment/authorizenet_directpost/merchant_email" xsi:type="string">1</item>
+            </argument>
+        </arguments>
+    </type>
 </config>

app/code/Magento/Backend/etc/di.xml

@@ -214,4 +214,22 @@
             </argument>
         </arguments>
     </type>
+    <type name="Magento\Config\Model\Config\Export\ExcludeList">
+        <arguments>
+            <argument name="configs" xsi:type="array">
+                <item name="trans_email/ident_general/name" xsi:type="string">1</item>
+                <item name="trans_email/ident_general/email" xsi:type="string">1</item>
+                <item name="trans_email/ident_sales/name" xsi:type="string">1</item>
+                <item name="trans_email/ident_sales/email" xsi:type="string">1</item>
+                <item name="trans_email/ident_support/name" xsi:type="string">1</item>
+                <item name="trans_email/ident_support/email" xsi:type="string">1</item>
+                <item name="trans_email/ident_custom1/name" xsi:type="string">1</item>
+                <item name="trans_email/ident_custom1/email" xsi:type="string">1</item>
+                <item name="trans_email/ident_custom2/name" xsi:type="string">1</item>
+                <item name="trans_email/ident_custom2/email" xsi:type="string">1</item>
+                <item name="admin/url/custom" xsi:type="string">1</item>
+                <item name="admin/url/custom_path" xsi:type="string">1</item>
+            </argument>
+        </arguments>
+    </type>
 </config>

app/code/Magento/Braintree/etc/di.xml

@@ -434,4 +434,16 @@
         </arguments>
     </type>
 
+    <type name="Magento\Config\Model\Config\Export\ExcludeList">
+        <arguments>
+            <argument name="configs" xsi:type="array">
+                <item name="payment/braintree/merchant_id" xsi:type="string">1</item>
+                <item name="payment/braintree/public_key" xsi:type="string">1</item>
+                <item name="payment/braintree/private_key" xsi:type="string">1</item>
+                <item name="payment/braintree/merchant_account_id" xsi:type="string">1</item>
+                <item name="payment/braintree/kount_id" xsi:type="string">1</item>
+                <item name="payment/braintree_paypal/merchant_name_override" xsi:type="string">1</item>
+            </argument>
+        </arguments>
+    </type>
 </config>

app/code/Magento/Checkout/etc/di.xml

@@ -42,4 +42,11 @@
             </argument>
         </arguments>
     </type>
+    <type name="Magento\Config\Model\Config\Export\ExcludeList">
+        <arguments>
+            <argument name="configs" xsi:type="array">
+                <item name="checkout/payment_failed/copy_to" xsi:type="string">1</item>
+            </argument>
+        </arguments>
+    </type>
 </config>

app/code/Magento/Config/App/Config/Source/DumpConfigSourceAggregated.php

@@ -0,0 +1,148 @@
+<?php
+/**
+ * Copyright © 2016 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+namespace Magento\Config\App\Config\Source;
+
+use Magento\Config\Model\Config\Export\ExcludeList;
+use Magento\Framework\App\Config\ConfigSourceInterface;
+use Magento\Framework\App\Config\ScopeConfigInterface;
+
+class DumpConfigSourceAggregated implements DumpConfigSourceInterface
+{
+    /**
+     * @var ExcludeList
+     */
+    private $excludeList;
+
+    /**
+     * @var ConfigSourceInterface[]
+     */
+    private $sources;
+
+    /**
+     * @var array
+     */
+    private $excludedFields;
+
+    /**
+     * @var array
+     */
+    private $data;
+
+    /**
+     * @param ExcludeList $excludeList
+     * @param array $sources
+     */
+    public function __construct(ExcludeList $excludeList, array $sources = [])
+    {
+        $this->excludeList = $excludeList;
+        $this->sources = $sources;
+    }
+
+    /**
+     * Retrieve aggregated configuration from all available sources.
+     *
+     * @param string $path
+     * @return array
+     */
+    public function get($path = '')
+    {
+        $path = (string)$path;
+        $data = [];
+
+        if (isset($this->data[$path])) {
+            return $this->data[$path];
+        }
+
+        $this->sortSources();
+
+        foreach ($this->sources as $sourceConfig) {
+            /** @var ConfigSourceInterface $source */
+            $source = $sourceConfig['source'];
+            $data = array_replace_recursive($data, $source->get($path));
+        }
+
+        $this->excludedFields = [];
+        $this->filterChain($path, $data);
+
+        return $this->data[$path] = $data;
+    }
+
+    /**
+     * Recursive filtering of sensitive data
+     *
+     * @param string $path
+     * @param array $data
+     */
+    private function filterChain($path, &$data)
+    {
+        foreach ($data as $subKey => &$subData) {
+            $newPath = $path ? $path . '/' . $subKey : $subKey;
+            $filteredPath = $this->filterPath($newPath);
+
+            if (
+                $filteredPath
+                && !is_array($data[$subKey])
+                && $this->excludeList->isPresent($filteredPath)
+            ) {
+                $this->excludedFields[$newPath] = $filteredPath;
+
+                unset($data[$subKey]);
+            } elseif (is_array($subData)) {
+                $this->filterChain($newPath, $subData);
+            }
+        }
+    }
+
+    /**
+     * Eliminating scope info from path
+     *
+     * @param string $path
+     * @return null|string
+     */
+    private function filterPath($path)
+    {
+        $parts = explode('/', $path);
+
+        // Check if there are enough parts to recognize scope
+        if (count($parts) < 3) {
+            return null;
+        }
+
+        if ($parts[0] === ScopeConfigInterface::SCOPE_TYPE_DEFAULT) {
+            unset($parts[0]);
+        } else {
+            unset($parts[0], $parts[1]);
+        }
+
+        return implode('/', $parts);
+    }
+
+    /**
+     * Sort sources
+     *
+     * @return void
+     */
+    private function sortSources()
+    {
+        uasort($this->sources, function ($firstItem, $secondItem) {
+            return $firstItem['sortOrder'] > $secondItem['sortOrder'];
+        });
+    }
+
+    /**
+     * Retrieves list of field paths were excluded from config dump
+     * @return array
+     */
+    public function getExcludedFields()
+    {
+        $this->get();
+
+        $fields = array_values($this->excludedFields);
+        $fields = array_unique($fields);
+
+        return $fields;
+    }
+}

app/code/Magento/Config/App/Config/Source/DumpConfigSourceInterface.php

@@ -0,0 +1,21 @@
+<?php
+/**
+ * Copyright © 2016 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+namespace Magento\Config\App\Config\Source;
+
+use Magento\Framework\App\Config\ConfigSourceInterface;
+
+/**
+ * Interface DumpConfigSourceInterface
+ */
+interface DumpConfigSourceInterface extends ConfigSourceInterface
+{
+    /**
+     * Retrieves list of field paths were excluded from config dump
+     *
+     * @return array
+     */
+    public function getExcludedFields();
+}

app/code/Magento/Config/App/Config/Type/System.php

@@ -8,6 +8,7 @@
 use Magento\Framework\App\Config\ConfigTypeInterface;
 use Magento\Framework\App\Config\ConfigSourceInterface;
 use Magento\Framework\App\Config\Spi\PostProcessorInterface;
+use Magento\Framework\App\Config\Spi\PreProcessorInterface;
 use Magento\Framework\Cache\FrontendInterface;
 use Magento\Framework\DataObject;
 use Magento\Store\Model\Config\Processor\Fallback;
@@ -38,6 +39,11 @@ class System implements ConfigTypeInterface
      */
     private $postProcessor;
 
+    /**
+     * @var PreProcessorInterface
+     */
+    private $preProcessor;
+
     /**
      * @var FrontendInterface
      */
@@ -59,17 +65,20 @@ class System implements ConfigTypeInterface
      * @param PostProcessorInterface $postProcessor
      * @param Fallback $fallback
      * @param FrontendInterface $cache
+     * @param PreProcessorInterface $preProcessor
      * @param int $cachingNestedLevel
      */
     public function __construct(
         ConfigSourceInterface $source,
         PostProcessorInterface $postProcessor,
         Fallback $fallback,
         FrontendInterface $cache,
+        PreProcessorInterface $preProcessor,
         $cachingNestedLevel = 1
     ) {
         $this->source = $source;
         $this->postProcessor = $postProcessor;
+        $this->preProcessor = $preProcessor;
         $this->cache = $cache;
         $this->cachingNestedLevel = $cachingNestedLevel;
         $this->fallback = $fallback;
@@ -86,7 +95,9 @@ public function get($path = '')
         if (!$this->data) {
             $data = $this->cache->load(self::CONFIG_TYPE);
             if (!$data) {
-                $data = $this->fallback->process($this->source->get());
+                $data = $this->preProcessor->process($this->source->get());
+                $this->data = new DataObject($data);
+                $data = $this->fallback->process($data);
                 $this->data = new DataObject($data);
                 $data = $this->postProcessor->process($data);
                 $this->data = new DataObject($data);

app/code/Magento/Config/Block/System/Config/Form.php

@@ -7,8 +7,10 @@
 
 use Magento\Config\App\Config\Type\System;
 use Magento\Config\Model\Config\Reader\Source\Deployed\SettingChecker;
+use Magento\Framework\App\Config\ScopeConfigInterface;
 use Magento\Framework\App\DeploymentConfig;
 use Magento\Framework\App\ObjectManager;
+use Magento\Framework\DataObject;
 
 /**
  * System config form block
@@ -333,6 +335,16 @@ protected function _initElement(
     ) {
         $inherit = true;
         $data = $this->getAppConfigDataValue($path);
+
+        $placeholderValue = $this->getSettingChecker()->getPlaceholderValue(
+            $path,
+            $this->getScope(),
+            $this->getStringScopeCode()
+        );
+
+        if ($placeholderValue) {
+            $data = $placeholderValue;
+        }
         if ($data === null) {
             if (array_key_exists($path, $this->_configData)) {
                 $data = $this->_configData[$path];
@@ -373,9 +385,7 @@ protected function _initElement(
         $sharedClass = $this->_getSharedCssClass($field);
         $requiresClass = $this->_getRequiresCssClass($field, $fieldPrefix);
 
-        $isReadOnly = $this->getSettingChecker()->isReadOnly($path, $this->getScope(), $this->getScopeCode());
-        $canUseDefault = $this->canUseDefaultValue($field->showInDefault());
-        $canUseWebsite = $this->canUseWebsiteValue($field->showInWebsite());
+        $isReadOnly = $this->getSettingChecker()->isReadOnly($path, $this->getScope(), $this->getStringScopeCode());
         $formField = $fieldset->addField(
             $elementId,
             $field->getType(),
@@ -392,8 +402,8 @@ protected function _initElement(
                 'scope' => $this->getScope(),
                 'scope_id' => $this->getScopeId(),
                 'scope_label' => $this->getScopeLabel($field),
-                'can_use_default_value' => $canUseDefault,
-                'can_use_website_value' => $canUseWebsite,
+                'can_use_default_value' => $this->canUseDefaultValue($field->showInDefault()),
+                'can_use_website_value' => $this->canUseWebsiteValue($field->showInWebsite()),
                 'can_restore_to_default' => $this->isCanRestoreToDefault($field->canRestore()),
                 'disabled' => $isReadOnly,
                 'is_disable_inheritance' => $isReadOnly
@@ -413,6 +423,28 @@ protected function _initElement(
         $formField->setRenderer($fieldRenderer);
     }
 
+    /**
+     * Retrieve Scope string code
+     *
+     * @return string
+     */
+    private function getStringScopeCode()
+    {
+        $scopeCode = $this->getData('scope_string_code');
+        if (null === $scopeCode) {
+            if ($this->getStoreCode()) {
+                $scopeCode = $this->_storeManager->getStore($this->getStoreCode())->getCode();
+            } elseif ($this->getWebsiteCode()) {
+                $scopeCode = $this->_storeManager->getWebsite($this->getWebsiteCode())->getCode();
+            } else {
+                $scopeCode = '';
+            }
+            $this->setScopeStringCode($scopeCode);
+        }
+
+        return $scopeCode;
+    }
+
     /**
      * Populate dependencies block
      *
@@ -748,14 +780,13 @@ private function getAppConfigDataValue($path)
     {
         $appConfig = $this->getAppConfig()->get(System::CONFIG_TYPE);
         $scope = $this->getScope();
-        $scopeId = $this->getScopeId();
-        if ($scope === 'default') {
-            $data = isset($appConfig[$scope][$path]) ? $appConfig[$scope][$path] : null;
+        $scopeCode = $this->getStringScopeCode();
+
+        if ($scope === ScopeConfigInterface::SCOPE_TYPE_DEFAULT) {
+            $data = new DataObject(isset($appConfig[$scope]) ? $appConfig[$scope] : []);
         } else {
-            $data = isset($appConfig[$scope][$scopeId][$path])
-                ? $appConfig[$scope][$scopeId][$path]
-                : null;
+            $data = new DataObject(isset($appConfig[$scope][$scopeCode]) ? $appConfig[$scope][$scopeCode] : []);
         }
-        return $data;
+        return $data->getData($path);
     }
 }