leocavalcante / redact-sensitive
Monolog 处理器,用于保护日志中的敏感信息
v0.4.0
2024-04-22 17:34 UTC
Requires
- php: >=8.1
- monolog/monolog: ^3.0
Requires (Dev)
- pestphp/pest: ^2.4
README
🙈 一款Monolog处理器,可防止敏感数据被错误记录。
通过屏蔽部分或全部敏感数据,避免记录类似 {"api_key":"mysupersecretapikey"}
的信息
Readme.INFO: Hello, World! {"api_key":"mysu***************"} []
安装
composer require leocavalcante/redact-sensitive
使用方法
1. 准备敏感密钥
这是一个键名和可显示部分的比例的映射,例如
$sensitive_keys = [ 'api_key' => 4, ];
显示 api_key
的前4个字符。
如果您想显示最后几个字符,可以使用负值,如 ['api_key' => -4]
,然后它将显示最后4个字符。
2. 使用键创建处理器
现在,您可以使用这些键创建一个新的处理器
use RedactSensitive\RedactSensitiveProcessor; $sensitive_keys = ['api_key' => 4]; $processor = new RedactSensitiveProcessor($sensitive_keys);
3. 将处理器设置到Monolog\Logger中
use RedactSensitive\RedactSensitiveProcessor; $sensitive_keys = ['api_key' => 4]; $processor = new RedactSensitiveProcessor($sensitive_keys); $logger = new \Monolog\Logger('Readme'); $logger->pushProcessor($processor);
示例
use Monolog\Handler\StreamHandler; use RedactSensitive\RedactSensitiveProcessor; $sensitive_keys = ['api_key' => 4]; $processor = new RedactSensitiveProcessor($sensitive_keys); $logger = new \Monolog\Logger('Readme', [new StreamHandler(STDOUT)]); $logger->pushProcessor($processor); $logger->info('Hello, World!', ['api_key' => 'mysupersecretapikey']);
Readme.INFO: Hello, World! {"api_key":"mysu***************"} []
完全隐藏
您可以通过将 0
传递给键来完全隐藏它。
use Monolog\Handler\StreamHandler; use RedactSensitive\RedactSensitiveProcessor; $sensitive_keys = ['you_know_nothing' => 0]; $processor = new RedactSensitiveProcessor($sensitive_keys); $logger = new \Monolog\Logger('Example', [new StreamHandler(STDOUT)]); $logger->pushProcessor($processor); $logger->info('Completely hidden', ['you_know_nothing' => 'John Snow']);
Example.INFO: Completely hidden {"you_know_nothing":"*********"} []
自定义格式
您可以根据需要自定义替换字符 *
和/或提供自己的模板。
use Monolog\Handler\StreamHandler; use RedactSensitive\RedactSensitiveProcessor; $sensitive_keys = ['secret' => 2]; $processor = new RedactSensitiveProcessor($sensitive_keys, template: '%s(redacted)'); $logger = new \Monolog\Logger('Example', [new StreamHandler(STDOUT)]); $logger->pushProcessor($processor); $logger->info('Sensitive', ['secret' => 'my_secret_value']);
Example.INFO: Sensitive {"secret":"my*************(redacted)"} []
自定义模板允许完全删除被屏蔽的字符
use Monolog\Handler\StreamHandler; use RedactSensitive\RedactSensitiveProcessor; $sensitive_keys = ['secret' => 2]; $processor = new RedactSensitiveProcessor($sensitive_keys, template: '...'); $logger = new \Monolog\Logger('Example', [new StreamHandler(STDOUT)]); $logger->pushProcessor($processor); $logger->info('Sensitive', ['secret' => 'my_secret_value']);
Example.INFO: Sensitive {"secret":"my..."} []
长度限制
使用 lengthLimit
截断被编辑的敏感信息,如长令牌。
use Monolog\Handler\StreamHandler; use RedactSensitive\RedactSensitiveProcessor; $sensitive_keys = ['access_token' => 0]; $processor = new RedactSensitiveProcessor($sensitive_keys, lengthLimit: 5); $logger = new \Monolog\Logger('Example', [new StreamHandler(STDOUT)]); $logger->pushProcessor($processor); $logger->info('Truncated secret', ['access_token' => 'Very long JWT ...']);
Example.INFO: Truncated secret {"access_token":"*****"} []
从右到左
如前所述,您可以使用负值从右到左屏蔽值。
use Monolog\Handler\StreamHandler; use RedactSensitive\RedactSensitiveProcessor; $sensitive_keys = ['credit_card' => -4]; $processor = new RedactSensitiveProcessor($sensitive_keys); $logger = new \Monolog\Logger('Example', [new StreamHandler(STDOUT)]); $logger->pushProcessor($processor); $logger->info('You are not storing credit cards, right?', ['credit_card' => '4111111145551142']);
Example.INFO: You are not storing credit cards, right? {"credit_card":"************1142"} []
嵌套值
它应该也可以用于嵌套对象和数组。
use Monolog\Handler\StreamHandler; use RedactSensitive\RedactSensitiveProcessor; $sensitive_keys = [ 'nested' => [ 'arr' => [ 'value' => 3, 'or_obj' => ['secret' => -3], ], ] ]; $processor = new RedactSensitiveProcessor($sensitive_keys); $logger = new \Monolog\Logger('Example', [new StreamHandler(STDOUT)]); $logger->pushProcessor($processor); $nested_obj = new stdClass(); $nested_obj->secret = 'donttellanyone'; $logger->info('Nested', [ 'nested' => [ 'arr' => [ 'value' => 'abcdfg', 'or_obj' => $nested_obj, ], ], ]);
Example.INFO: Nested {"nested":{"arr":{"value":"abc***","or_obj":{"stdClass":{"secret":"***********one"}}}}} []
感谢
请随时提出问题或发送PR。
MIT © 2021