From 6afefc2e63ac0d13e08501459f6c6bb06095f50f Mon Sep 17 00:00:00 2001 From: Mattias Date: Fri, 26 Aug 2016 15:44:53 +0200 Subject: [PATCH] added the possibility to censor sensitive data in POST request to not be logged --- DependencyInjection/Configuration.php | 3 +++ .../LexikMonologBrowserExtension.php | 1 + Handler/DoctrineDBALHandler.php | 7 ++--- Processor/WebExtendedProcessor.php | 27 ++++++++++++++++--- README.md | 10 ++++++- Resources/config/services.xml | 1 + 6 files changed, 41 insertions(+), 8 deletions(-) diff --git a/DependencyInjection/Configuration.php b/DependencyInjection/Configuration.php index 709a41e..55d1a86 100644 --- a/DependencyInjection/Configuration.php +++ b/DependencyInjection/Configuration.php @@ -22,6 +22,9 @@ public function getConfigTreeBuilder() $rootNode ->children() + ->arrayNode('sensitive_data_keys') + ->prototype('scalar')->end() + ->end() ->scalarNode('base_layout') ->cannotBeEmpty() ->defaultValue('LexikMonologBrowserBundle::layout.html.twig') diff --git a/DependencyInjection/LexikMonologBrowserExtension.php b/DependencyInjection/LexikMonologBrowserExtension.php index ef6928c..e4f7c29 100644 --- a/DependencyInjection/LexikMonologBrowserExtension.php +++ b/DependencyInjection/LexikMonologBrowserExtension.php @@ -28,6 +28,7 @@ public function load(array $configs, ContainerBuilder $container) $container->setParameter('lexik_monolog_browser.base_layout', $config['base_layout']); $container->setParameter('lexik_monolog_browser.logs_per_page', $config['logs_per_page']); + $container->setParameter('lexik_monolog_browser.sensitive_data_keys', $config['sensitive_data_keys']); $container->setParameter('lexik_monolog_browser.doctrine.table_name', $config['doctrine']['table_name']); diff --git a/Handler/DoctrineDBALHandler.php b/Handler/DoctrineDBALHandler.php index c8ecbf7..400b3af 100644 --- a/Handler/DoctrineDBALHandler.php +++ b/Handler/DoctrineDBALHandler.php @@ -31,10 +31,11 @@ class DoctrineDBALHandler extends AbstractProcessingHandler /** * @param Connection $connection * @param string $tableName + * @param array $sensitiveDataKeys * @param int $level - * @param string $bubble + * @param bool $bubble */ - public function __construct(Connection $connection, $tableName, $level = Logger::DEBUG, $bubble = true) + public function __construct(Connection $connection, $tableName, array $sensitiveDataKeys = [], $level = Logger::DEBUG, $bubble = true) { $this->connection = $connection; $this->tableName = $tableName; @@ -42,7 +43,7 @@ public function __construct(Connection $connection, $tableName, $level = Logger: parent::__construct($level, $bubble); $this->pushProcessor(new WebProcessor()); - $this->pushProcessor(new WebExtendedProcessor()); + $this->pushProcessor(new WebExtendedProcessor($sensitiveDataKeys)); } /** diff --git a/Processor/WebExtendedProcessor.php b/Processor/WebExtendedProcessor.php index 40cb930..e6637c9 100644 --- a/Processor/WebExtendedProcessor.php +++ b/Processor/WebExtendedProcessor.php @@ -4,6 +4,13 @@ class WebExtendedProcessor { + const SENSITIVE_DATA_MSG = '** SENSITIVE DATA HIDDEN **'; + + /** + * @var array + */ + protected $sensitiveDataKeys; + /** * @var array */ @@ -20,19 +27,22 @@ class WebExtendedProcessor protected $getData; /** + * @param array $sensitiveDataKeys * @param array $serverData * @param array $postData * @param array $getData */ - public function __construct(array $serverData = array(), array $postData = array(), array $getData = array()) + public function __construct(array $sensitiveDataKeys = [], array $serverData = [], array $postData = [], array $getData = []) { - $this->serverData = $serverData ?: $_SERVER; - $this->postData = $postData ?: $_POST; - $this->getData = $getData ?: $_GET; + $this->sensitiveDataKeys = $sensitiveDataKeys; + $this->serverData = $serverData ?: $_SERVER; + $this->postData = $postData ?: $_POST; + $this->getData = $getData ?: $_GET; } /** * @param array $record + * * @return array */ public function __invoke(array $record) @@ -47,6 +57,15 @@ public function __invoke(array $record) $record['http_post'] = $this->postData; $record['http_get'] = $this->getData; + // Hide sensitive data in POST request + if (!empty($this->sensitiveDataKeys) && !empty($record['http_post'])) { + foreach ($record['http_post'] as $key => $value) { + if (in_array($key, $this->sensitiveDataKeys)) { + $record['http_post'][$key] = self::SENSITIVE_DATA_MSG; + } + } + } + return $record; } } diff --git a/README.md b/README.md index 003aa27..4bbefc2 100644 --- a/README.md +++ b/README.md @@ -141,7 +141,7 @@ monolog: id: lexik_monolog_browser.handler.doctrine_dbal ``` -Now you have enabled and configured the handler, you migth want to display log entries, just import the routing file: +Now you have enabled and configured the handler, you might want to display log entries, just import the routing file: ``` yaml # app/config/routing.yml @@ -150,6 +150,14 @@ lexik_monolog_browser: prefix: /admin/monolog ``` +If you have sensitive data in your POST requests that should not be logged, you can hide them with the `sensitive_data_keys` option. You can add as many keys as you need. If a listed key is found in a POST request the value of the key will be replaced with `** SENSITIVE DATA HIDDEN **` + +``` yaml +# app/config/config.yml +lexik_monolog_browser: + sensitive_data_keys: ['password'] +``` + Translations ------------ diff --git a/Resources/config/services.xml b/Resources/config/services.xml index a0b8c03..33fa832 100644 --- a/Resources/config/services.xml +++ b/Resources/config/services.xml @@ -13,6 +13,7 @@ %lexik_monolog_browser.doctrine.table_name% + %lexik_monolog_browser.sensitive_data_keys%