Better redaction

tchapi · Nov 4, 2023 · 4f303a4 · 4f303a4
1 parent 06e8240
commit 4f303a4
Showing 1 changed file with 7 additions and 6 deletions.
diff --git a/src/Logging/Monolog/PasswordFilterProcessor.php b/src/Logging/Monolog/PasswordFilterProcessor.php
@@ -6,19 +6,20 @@
 
 final class PasswordFilterProcessor implements ProcessorInterface
 {
+    private const REDACTED = '****';
     private const PASSWORD_KEY = 'password';
     private const SENSITIVE_ARGS_FUNCTIONS = ['validateUserPass', 'ldapOpen', 'password_verify', 'imapOpen', 'ldap_bind', 'hashPassword', 'dav'];
 
     public function __invoke(array $record): array
     {
+        // Remove potentially sensitive data from function arguments
+        $shouldRedactArgs = array_key_exists("function", $record) && in_array($record['function'], self::SENSITIVE_ARGS_FUNCTIONS);
+
         foreach ($record as $key => $item) {
             if (self::PASSWORD_KEY === strtolower($key)) {
-                $record[$key] = '****';
-            } elseif ('function' === strtolower($key)) {
-                // Remove potentially sensitive data from function arguments
-                if (in_array($item, self::SENSITIVE_ARGS_FUNCTIONS)) {
-                    $record['args'] = ['****'];
-                }
+                $record[$key] = self::REDACTED;
+            } elseif($key === 'args' && $shouldRedactArgs) {
+                $record["args"] = [self::REDACTED];
             } elseif (is_array($item)) {
                 $record[$key] = $this($item);
             }