Coder Social home page Coder Social logo

leocavalcante / redact-sensitive Goto Github PK

View Code? Open in Web Editor NEW
24.0 4.0 6.0 50 KB

๐Ÿ™ˆ A Monolog processor that protects sensitive data from miss logging

License: MIT License

PHP 100.00%
logging monolog monolog-processor lgpd grpd senstive-logging

redact-sensitive's Introduction

Redact Sensitive CI

๐Ÿ™ˆ A Monolog processor that protects sensitive data from miss logging.

Avoids logging something like {"api_key":"mysupersecretapikey"} by masking partially or completely sensitive data:

Readme.INFO: Hello, World! {"api_key":"mysu***************"} []

Install

composer require leocavalcante/redact-sensitive

Usage

1. Prepare your sensitive keys

It is a map of key names and how much of it can be displayed, for example:

$sensitive_keys = [
    'api_key' => 4,
];

Shows the first 4 characters of the api_key.

If you want to display the last chars, you can use negative values like ['api_key' => -4], then it will display the last 4 characters.

2. Create a Processor using the keys

You can now create a new Processor with the given keys:

use RedactSensitive\RedactSensitiveProcessor;

$sensitive_keys = ['api_key' => 4];

$processor = new RedactSensitiveProcessor($sensitive_keys);

3. Set the Processor to a Monolog\Logger

use RedactSensitive\RedactSensitiveProcessor;

$sensitive_keys = ['api_key' => 4];

$processor = new RedactSensitiveProcessor($sensitive_keys);

$logger = new \Monolog\Logger('Readme');
$logger->pushProcessor($processor);

Examples

use Monolog\Handler\StreamHandler;
use RedactSensitive\RedactSensitiveProcessor;

$sensitive_keys = ['api_key' => 4];

$processor = new RedactSensitiveProcessor($sensitive_keys);

$logger = new \Monolog\Logger('Readme', [new StreamHandler(STDOUT)]);
$logger->pushProcessor($processor);

$logger->info('Hello, World!', ['api_key' => 'mysupersecretapikey']);
Readme.INFO: Hello, World! {"api_key":"mysu***************"} []

Completely hidden

You can hide it completely by passing 0 to the key.

use Monolog\Handler\StreamHandler;
use RedactSensitive\RedactSensitiveProcessor;

$sensitive_keys = ['you_know_nothing' => 0];

$processor = new RedactSensitiveProcessor($sensitive_keys);

$logger = new \Monolog\Logger('Example', [new StreamHandler(STDOUT)]);
$logger->pushProcessor($processor);

$logger->info('Completely hidden', ['you_know_nothing' => 'John Snow']);
Example.INFO: Completely hidden {"you_know_nothing":"*********"} []

Custom format

Feel free to customize a replacement character * and/or provide your own template.

use Monolog\Handler\StreamHandler;
use RedactSensitive\RedactSensitiveProcessor;

$sensitive_keys = ['secret' => 2];

$processor = new RedactSensitiveProcessor($sensitive_keys, template: '%s(redacted)');

$logger = new \Monolog\Logger('Example', [new StreamHandler(STDOUT)]);
$logger->pushProcessor($processor);

$logger->info('Sensitive', ['secret' => 'my_secret_value']);
Example.INFO: Sensitive {"secret":"my*************(redacted)"} []

Custom template allows to discard the masked characters altogether:

use Monolog\Handler\StreamHandler;
use RedactSensitive\RedactSensitiveProcessor;

$sensitive_keys = ['secret' => 2];

$processor = new RedactSensitiveProcessor($sensitive_keys, template: '...');

$logger = new \Monolog\Logger('Example', [new StreamHandler(STDOUT)]);
$logger->pushProcessor($processor);

$logger->info('Sensitive', ['secret' => 'my_secret_value']);
Example.INFO: Sensitive {"secret":"my..."} []

Length limit

Use lengthLimit to truncate redacted sensitive information, such as lengthy tokens.

use Monolog\Handler\StreamHandler;
use RedactSensitive\RedactSensitiveProcessor;

$sensitive_keys = ['access_token' => 0];

$processor = new RedactSensitiveProcessor($sensitive_keys, lengthLimit: 5);

$logger = new \Monolog\Logger('Example', [new StreamHandler(STDOUT)]);
$logger->pushProcessor($processor);

$logger->info('Truncated secret', ['access_token' => 'Very long JWT ...']);
Example.INFO: Truncated secret {"access_token":"*****"} []

Right to left

And, as said before, you can mask the value from right to left using negative values.

use Monolog\Handler\StreamHandler;
use RedactSensitive\RedactSensitiveProcessor;

$sensitive_keys = ['credit_card' => -4];

$processor = new RedactSensitiveProcessor($sensitive_keys);

$logger = new \Monolog\Logger('Example', [new StreamHandler(STDOUT)]);
$logger->pushProcessor($processor);

$logger->info('You are not storing credit cards, right?', ['credit_card' => '4111111145551142']);
Example.INFO: You are not storing credit cards, right? {"credit_card":"************1142"} []

Nested values

It should work with nested objects and arrays as well.

use Monolog\Handler\StreamHandler;
use RedactSensitive\RedactSensitiveProcessor;

$sensitive_keys = [
    'nested' => [
        'arr' => [
            'value' => 3,
            'or_obj' => ['secret' => -3],
        ],
    ]
];

$processor = new RedactSensitiveProcessor($sensitive_keys);

$logger = new \Monolog\Logger('Example', [new StreamHandler(STDOUT)]);
$logger->pushProcessor($processor);

$nested_obj = new stdClass();
$nested_obj->secret = 'donttellanyone';

$logger->info('Nested', [
    'nested' => [
        'arr' => [
            'value' => 'abcdfg',
            'or_obj' => $nested_obj,
        ],
    ],
]);
Example.INFO: Nested {"nested":{"arr":{"value":"abc***","or_obj":{"stdClass":{"secret":"***********one"}}}}} []

Thanks

Feel free to open any issues or PRs.

MIT ยฉ 2021

redact-sensitive's People

Contributors

aymanrb avatar deoomen avatar dnsbty avatar leocavalcante avatar sshymko-promenade avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

thiagoeramos deoomen marianbalan dnsbty sjustein

redact-sensitive's Issues

Cannot modify readonly property

PHP since version 8.1 supports readonly keyword to mark properties as non modifiable. But there is one problem. When an object has readonly props and it's passed to monolog, Redact will try to overwrite this property, but it's not possible so an exception will be thrown.

Maybe an option is to use reflection to create a clone of a not-readonly object and use that cloned object to overwrite props?

Quick example:

use Monolog\Handler\StreamHandler;
use RedactSensitive\RedactSensitiveProcessor;

class ReadonlyDTO
{
    public function __construct(
        public string $nonReadonlyProp1,
        public readonly string $readonlyProp1,
        public readonly string $readonlyProp2,
    ) {
    }
}

$obj = new ReadonlyDTO('nonreadonly', 'readonly', 'readonly');

$sensitive_keys = [
    'nonReadonlyProp1' => 4,
    'readonlyProp1' => 4,
];

$processor = new RedactSensitiveProcessor($sensitive_keys);

$logger = new \Monolog\Logger('Readme', [new StreamHandler(STDOUT)]);
$logger->pushProcessor($processor);

$logger->info('Hello, World!', ['obj' => $obj]);

Result:

PHP Fatal error:  Uncaught Error: Cannot modify readonly property ReadonlyDTO::$readonlyProp1 in /vendor/leocavalcante/redact-sensitive/src/RedactSensitiveProcessor.php:108

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.