feat(logs): Truncate too long raw body in appsec debug logs

CHANGELOG.md

@@ -13,6 +13,15 @@ As far as possible, we try to adhere to [Symfony guidelines](https://symfony.com
 
 ---
 
+## [3.3.2](https://github.com/crowdsecurity/php-lapi-client/releases/tag/v3.3.2) - 2024-10-21
+[_Compare with previous release_](https://github.com/crowdsecurity/php-lapi-client/compare/v3.3.1...v3.3.2)
+
+### Fixed
+
+- Truncate long raw body in logs
+
+---
+
 ## [3.3.1](https://github.com/crowdsecurity/php-lapi-client/releases/tag/v3.3.1) - 2024-10-11
 [_Compare with previous release_](https://github.com/crowdsecurity/php-lapi-client/compare/v3.3.0...v3.3.1)
 

src/Bouncer.php

@@ -109,6 +109,11 @@ private function cleanHeadersForLog(array $headers): array
         return $cleanedHeaders;
     }
 
+    private function cleanRawBodyForLog(string $rawBody, int $maxLength): string
+    {
+        return strlen($rawBody) > $maxLength ? substr($rawBody, 0, $maxLength) . '...[TRUNCATED]' : $rawBody;
+    }
+
     /**
      * Process and validate input configurations.
      */
@@ -145,7 +150,8 @@ private function manageAppSecRequest(
             $this->logger->debug('Now processing a bouncer AppSec request', [
                 'type' => 'BOUNCER_CLIENT_APPSEC_REQUEST',
                 'method' => $method,
-                'rawBody' => $rawBody,
+                'raw body' => $this->cleanRawBodyForLog($rawBody, 200),
+                'raw body length' => strlen($rawBody),
                 'headers' => $this->cleanHeadersForLog($headers),
             ]);
 

src/Constants.php

@@ -41,5 +41,5 @@ class Constants extends CommonConstants
     /**
      * @var string The current version of this library
      */
-    public const VERSION = 'v3.3.1';
+    public const VERSION = 'v3.3.2';
 }

tests/Unit/AbstractClientTest.php

@@ -32,6 +32,7 @@
  * @covers \CrowdSec\LapiClient\Bouncer::__construct
  * @covers \CrowdSec\LapiClient\Bouncer::configure
  * @covers \CrowdSec\LapiClient\Bouncer::cleanHeadersForLog
+ * @covers \CrowdSec\LapiClient\Bouncer::cleanRawBodyForLog
  */
 final class AbstractClientTest extends AbstractClient
 {
@@ -88,6 +89,7 @@ public function testClientInit()
 
     public function testPrivateOrProtectedMethods()
     {
+        // cleanHeadersForLog
         $client = new Bouncer($this->configs);
         $headers = ['test' => 'test'];
         $cleanedHeaders = PHPUnitUtil::callMethod(
@@ -112,7 +114,29 @@ public function testPrivateOrProtectedMethods()
             $cleanedHeaders,
             'Headers should be cleaned as they are not sensitive'
         );
-
+        // cleanRawBodyForLog
+        $rawBody = 'test';
+        $cleanedRawBody = PHPUnitUtil::callMethod(
+            $client,
+            'cleanRawBodyForLog',
+            [$rawBody, 10]
+        );
+        $this->assertEquals(
+            $rawBody,
+            $cleanedRawBody,
+            'Raw body should be untouched if not too long'
+        );
+        $rawBody = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
+        $cleanedRawBody = PHPUnitUtil::callMethod(
+            $client,
+            'cleanRawBodyForLog',
+            [$rawBody, 10]
+        );
+        $this->assertEquals(
+            'aaaaaaaaaa...[TRUNCATED]',
+            $cleanedRawBody,
+            'Raw body should be cut if too long'
+        );
         $fullUrl = PHPUnitUtil::callMethod(
             $client,
             'getFullUrl',

tests/Unit/BouncerTest.php

@@ -36,7 +36,9 @@
  * @covers \CrowdSec\LapiClient\Configuration::addConnectionNodes
  * @covers \CrowdSec\LapiClient\Configuration::addAppSecNodes
  * @covers \CrowdSec\LapiClient\Configuration::validate
+ *
  * @uses \CrowdSec\LapiClient\Bouncer::cleanHeadersForLog
+ * @uses \CrowdSec\LapiClient\Bouncer::cleanRawBodyForLog()
  */
 final class BouncerTest extends AbstractClient
 {

tests/Unit/CurlTest.php

@@ -28,6 +28,7 @@
  * @uses \CrowdSec\LapiClient\Configuration::validate
  * @uses \CrowdSec\LapiClient\Configuration::addAppSecNodes
  * @uses \CrowdSec\LapiClient\Bouncer::cleanHeadersForLog
+ * @uses \CrowdSec\LapiClient\Bouncer::cleanRawBodyForLog()
  *
  * @covers \CrowdSec\LapiClient\Bouncer::getStreamDecisions
  * @covers \CrowdSec\LapiClient\Bouncer::getFilteredDecisions