https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42766 Bug ID: 42766 Summary: Add ScriptLog syspref and auto-logging for non-cron Koha scripts Initiative type: --- Sponsorship --- status: Product: Koha Version: Main Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Command-line Utilities Assignee: koha-bugs@lists.koha-community.org Reporter: martin.renvoize@openfifth.co.uk QA Contact: testopia@bugs.koha-community.org CC: jake.deery@openfifth.co.uk, robin@catalyst.net.nz Depends on: 42714 Bug 42714 added automatic CRONJOBS action-log entries (start and end) for scripts that declare themselves as cron jobs via 'use Koha::Script -cron'. That bug deliberately excluded non-cron scripts (admin tools, migration utilities, maintenance scripts) to avoid polluting the CRONJOBS log. This bug extends the same auto-logging idea to all Koha scripts that use bare 'use Koha::Script' (without -cron), gated behind a new ScriptLog system preference that mirrors CronjobLog. Work required: 1. Add a new 'ScriptLog' system preference (type: YesNo, default: 0). 2. Extend the INIT/END blocks in Koha::Script to call a new logscriptaction() function (or reuse/extend cronlogaction()) when ScriptLog is enabled and $_cron is false. The logged module should be distinct from CRONJOBS (e.g. 'SCRIPTS') so admins can filter the two separately in the action log viewer. 3. Implement @ARGV scrubbing before logging. Some scripts accept sensitive values on the command line (passwords, tokens). A concrete example is misc/devel/create_superlibrarian.pl which accepts --password. The mechanism should redact any argument that follows a flag whose name contains 'password', 'passwd', 'secret', 'token', or similar, replacing the value with '[REDACTED]'. Affected scripts (or a central list in Koha::Script) should be able to declare which flags are sensitive. 4. Update the system preferences admin UI (.pref file) to expose ScriptLog alongside or near CronjobLog. 5. Add tests: - Unit test for the @ARGV scrubbing logic. - Verify ScriptLog=0 suppresses logging for non-cron scripts. - Verify ScriptLog=1 creates action log entries for non-cron scripts. Test plan: 1. Apply patch. 2. Enable ScriptLog in Administration > System preferences > Logging. 3. Run a non-cron script, e.g.: perl misc/devel/create_superlibrarian.pl --userid admin --password secret 4. Check Administration > Action logs (module: SCRIPTS) and confirm a Run entry exists with the password value replaced by [REDACTED]. 5. Confirm no entry appears in the CRONJOBS module for this run. 6. Run a cron script, e.g.: perl misc/cronjobs/cleanup_database.pl --confirm 7. Confirm the entry appears under CRONJOBS (not SCRIPTS). 8. Disable ScriptLog and re-run step 3; confirm no log entry is created. 9. Run the test suite: prove t/Koha/Script.t t/Koha/Script_cron.t Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42714 [Bug 42714] Koha::Script should automatically log start and end of scripts when they are run -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.