Skip to content

PLT-1764: Sanitize sensitive fields in FormatterTrait object normaliz… #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
ypppa wants to merge 1 commit into
base: master
Choose a base branch
from
Open

PLT-1764: Sanitize sensitive fields in FormatterTrait object normaliz… #21

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## 3.3.0
### Added
- Sanitization of sensitive fields (password, secret, apiKey, etc.) in `FormatterTrait` object normalization

## 3.2.1
### Fixed
- Changed versions for graylog2/gelf-php
Expand Down
16 changes: 16 additions & 0 deletions src/Service/Formatter/FormatterTrait.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,16 @@

trait FormatterTrait
{
/** @var string[] */
private static $sensitiveKeys = [
Copy link
Copy Markdown

@ashamrov ashamrov Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

private static array $sensitiveKeys = [...]

'password',
'secret',
'apikey',
'apisecret',
'apisecretkey',
'secretkey',
'credentials',
];
/**
Copy link
Copy Markdown

@ashamrov ashamrov Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

blank line sparator?

* Normalizes given data with pre-processing for Doctrine entities and collections.
*
Expand Down Expand Up @@ -96,6 +106,12 @@ private function normalizeObject($data)
continue;
}

$normalizedKey = preg_replace('/[^a-z]/', '', strtolower($fixedKey));
Copy link
Copy Markdown

@ashamrov ashamrov Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could we make sanitization enabled by default, but allow disabling it via a configuration option? There may be cases (e.g., debugging in a controlled environment) where logging the actual values is preferred over redacting them.

if (in_array($normalizedKey, self::$sensitiveKeys, true)) {
$result[$fixedKey] = '***';
Copy link
Copy Markdown

@ashamrov ashamrov Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if the value at a sensitive key is an object or array, the whole thing gets replaced with ***, not sure if this is expected, we might lose some useful non-sensitive data for debugging

continue;
}

$result[$fixedKey] = $value;
}

Expand Down
157 changes: 157 additions & 0 deletions tests/Unit/FormatterTraitTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,157 @@
<?php

declare(strict_types=1);

namespace Paysera\LoggingExtraBundle\Tests\Unit;

use PHPUnit\Framework\TestCase;
use Paysera\LoggingExtraBundle\Service\Formatter\FormatterTrait;

class FormatterTraitTest extends TestCase
{
/**
* @dataProvider sensitiveKeysProvider
*/
public function testSensitiveKeysAreRedacted(string $propertyName)
{
$object = new \stdClass();
$object->$propertyName = 'sensitive_value';
$object->name = 'visible';

$result = $this->normalizeObject($object);

$this->assertSame('***', $result[$propertyName]);
$this->assertSame('visible', $result['name']);
}

public function sensitiveKeysProvider(): array
{
return [
'password' => ['password'],
'secret' => ['secret'],
'apiKey' => ['apiKey'],
'apiSecret' => ['apiSecret'],
'secretKey' => ['secretKey'],
'credentials' => ['credentials'],
];
Copy link
Copy Markdown

@ashamrov ashamrov Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

missing: 'apiSecretKey' => ['apiSecretKey'],

}

/**
* @dataProvider caseInsensitiveProvider
*/
public function testSensitiveKeysAreCaseInsensitive(string $propertyName)
{
$object = new \stdClass();
$object->$propertyName = 'sensitive_value';

$result = $this->normalizeObject($object);

$this->assertSame('***', $result[$propertyName]);
}

public function caseInsensitiveProvider(): array
{
return [
'Password' => ['Password'],
'PASSWORD' => ['PASSWORD'],
'pAsSwOrD' => ['pAsSwOrD'],
'SECRET' => ['SECRET'],
'ApiKey' => ['ApiKey'],
'APIKEY' => ['APIKEY'],
'Credentials' => ['Credentials'],
];
}

/**
* @dataProvider separatorVariantsProvider
*/
public function testSensitiveKeysWithSeparators(string $propertyName)
{
$object = new \stdClass();
$object->$propertyName = 'sensitive_value';

$result = $this->normalizeObject($object);

$this->assertSame('***', $result[$propertyName]);
}

public function separatorVariantsProvider(): array
{
return [
'api_key' => ['api_key'],
'api-key' => ['api-key'],
'api.key' => ['api.key'],
'api_secret' => ['api_secret'],
'api-secret' => ['api-secret'],
'secret_key' => ['secret_key'],
'secret-key' => ['secret-key'],
'api_secret_key' => ['api_secret_key'],
'api-secret-key' => ['api-secret-key'],
'API_KEY' => ['API_KEY'],
'API_SECRET' => ['API_SECRET'],
'SECRET_KEY' => ['SECRET_KEY'],
];
}

public function testNonSensitivePropertiesPassThrough()
{
$object = new \stdClass();
$object->name = 'John';
$object->email = 'john@example.com';
$object->age = 30;
$object->active = true;

$result = $this->normalizeObject($object);

$this->assertSame('John', $result['name']);
$this->assertSame('john@example.com', $result['email']);
$this->assertSame(30, $result['age']);
$this->assertTrue($result['active']);
}

public function testDoubleUnderscorePrefixedPropertiesAreExcluded()
{
$object = new \stdClass();
$object->__internal = 'hidden';
$object->name = 'visible';

$result = $this->normalizeObject($object);

$this->assertArrayNotHasKey('__internal', $result);
$this->assertSame('visible', $result['name']);
}

public function testMixedSensitiveAndNonSensitiveProperties()
{
$object = new \stdClass();
$object->username = 'admin';
$object->password = 'super_secret';
$object->email = 'admin@example.com';
$object->apiKey = 'key-123';
$object->role = 'admin';
$object->credentials = ['token' => 'abc'];

$result = $this->normalizeObject($object);

$this->assertSame('admin', $result['username']);
$this->assertSame('***', $result['password']);
$this->assertSame('admin@example.com', $result['email']);
$this->assertSame('***', $result['apiKey']);
$this->assertSame('admin', $result['role']);
$this->assertSame('***', $result['credentials']);
}

private function normalizeObject(object $data): array
{
$formatter = new class {
use FormatterTrait;

public function callNormalizeObject(object $data): array
{
return $this->normalizeObject($data);
}
};

return $formatter->callNormalizeObject($data);
}
}
Loading