leocavalcante/redact-sensitive

Monolog 处理器,用于保护日志中的敏感信息

v0.4.0 2024-04-22 17:34 UTC

This package is auto-updated.

Last update: 2024-09-22 18:38:13 UTC


README

🙈 一款Monolog处理器,可防止敏感数据被错误记录。

通过屏蔽部分或全部敏感数据,避免记录类似 {"api_key":"mysupersecretapikey"} 的信息

Readme.INFO: Hello, World! {"api_key":"mysu***************"} []

安装

composer require leocavalcante/redact-sensitive

使用方法

1. 准备敏感密钥

这是一个键名和可显示部分的比例的映射,例如

$sensitive_keys = [
    'api_key' => 4,
];

显示 api_key 的前4个字符。

如果您想显示最后几个字符,可以使用负值,如 ['api_key' => -4],然后它将显示最后4个字符。

2. 使用键创建处理器

现在,您可以使用这些键创建一个新的处理器

use RedactSensitive\RedactSensitiveProcessor;

$sensitive_keys = ['api_key' => 4];

$processor = new RedactSensitiveProcessor($sensitive_keys);

3. 将处理器设置到Monolog\Logger中

use RedactSensitive\RedactSensitiveProcessor;

$sensitive_keys = ['api_key' => 4];

$processor = new RedactSensitiveProcessor($sensitive_keys);

$logger = new \Monolog\Logger('Readme');
$logger->pushProcessor($processor);

示例

use Monolog\Handler\StreamHandler;
use RedactSensitive\RedactSensitiveProcessor;

$sensitive_keys = ['api_key' => 4];

$processor = new RedactSensitiveProcessor($sensitive_keys);

$logger = new \Monolog\Logger('Readme', [new StreamHandler(STDOUT)]);
$logger->pushProcessor($processor);

$logger->info('Hello, World!', ['api_key' => 'mysupersecretapikey']);
Readme.INFO: Hello, World! {"api_key":"mysu***************"} []

完全隐藏

您可以通过将 0 传递给键来完全隐藏它。

use Monolog\Handler\StreamHandler;
use RedactSensitive\RedactSensitiveProcessor;

$sensitive_keys = ['you_know_nothing' => 0];

$processor = new RedactSensitiveProcessor($sensitive_keys);

$logger = new \Monolog\Logger('Example', [new StreamHandler(STDOUT)]);
$logger->pushProcessor($processor);

$logger->info('Completely hidden', ['you_know_nothing' => 'John Snow']);
Example.INFO: Completely hidden {"you_know_nothing":"*********"} []

自定义格式

您可以根据需要自定义替换字符 * 和/或提供自己的模板。

use Monolog\Handler\StreamHandler;
use RedactSensitive\RedactSensitiveProcessor;

$sensitive_keys = ['secret' => 2];

$processor = new RedactSensitiveProcessor($sensitive_keys, template: '%s(redacted)');

$logger = new \Monolog\Logger('Example', [new StreamHandler(STDOUT)]);
$logger->pushProcessor($processor);

$logger->info('Sensitive', ['secret' => 'my_secret_value']);
Example.INFO: Sensitive {"secret":"my*************(redacted)"} []

自定义模板允许完全删除被屏蔽的字符

use Monolog\Handler\StreamHandler;
use RedactSensitive\RedactSensitiveProcessor;

$sensitive_keys = ['secret' => 2];

$processor = new RedactSensitiveProcessor($sensitive_keys, template: '...');

$logger = new \Monolog\Logger('Example', [new StreamHandler(STDOUT)]);
$logger->pushProcessor($processor);

$logger->info('Sensitive', ['secret' => 'my_secret_value']);
Example.INFO: Sensitive {"secret":"my..."} []

长度限制

使用 lengthLimit 截断被编辑的敏感信息,如长令牌。

use Monolog\Handler\StreamHandler;
use RedactSensitive\RedactSensitiveProcessor;

$sensitive_keys = ['access_token' => 0];

$processor = new RedactSensitiveProcessor($sensitive_keys, lengthLimit: 5);

$logger = new \Monolog\Logger('Example', [new StreamHandler(STDOUT)]);
$logger->pushProcessor($processor);

$logger->info('Truncated secret', ['access_token' => 'Very long JWT ...']);
Example.INFO: Truncated secret {"access_token":"*****"} []

从右到左

如前所述,您可以使用负值从右到左屏蔽值。

use Monolog\Handler\StreamHandler;
use RedactSensitive\RedactSensitiveProcessor;

$sensitive_keys = ['credit_card' => -4];

$processor = new RedactSensitiveProcessor($sensitive_keys);

$logger = new \Monolog\Logger('Example', [new StreamHandler(STDOUT)]);
$logger->pushProcessor($processor);

$logger->info('You are not storing credit cards, right?', ['credit_card' => '4111111145551142']);
Example.INFO: You are not storing credit cards, right? {"credit_card":"************1142"} []

嵌套值

它应该也可以用于嵌套对象和数组。

use Monolog\Handler\StreamHandler;
use RedactSensitive\RedactSensitiveProcessor;

$sensitive_keys = [
    'nested' => [
        'arr' => [
            'value' => 3,
            'or_obj' => ['secret' => -3],
        ],
    ]
];

$processor = new RedactSensitiveProcessor($sensitive_keys);

$logger = new \Monolog\Logger('Example', [new StreamHandler(STDOUT)]);
$logger->pushProcessor($processor);

$nested_obj = new stdClass();
$nested_obj->secret = 'donttellanyone';

$logger->info('Nested', [
    'nested' => [
        'arr' => [
            'value' => 'abcdfg',
            'or_obj' => $nested_obj,
        ],
    ],
]);
Example.INFO: Nested {"nested":{"arr":{"value":"abc***","or_obj":{"stdClass":{"secret":"***********one"}}}}} []

感谢

请随时提出问题或发送PR。

MIT © 2021