Redact instead of remove sensitive data #9595

PowerKiKi · PowerKiKi · commit 6db377c03478 · 2023-10-18T17:15:36.000+09:00
It is easier to debug when the keys still exist and only values are
redacted
diff --git a/src/Log/EventCompleter.php b/src/Log/EventCompleter.php
@@ -51,7 +51,7 @@ private function getEnvData(): array
         }
 
         $request = $_REQUEST;
-        $request = $this->removeSensitiveData($request);
+        $request = $this->redactSensitiveData($request);
 
         $envData = [
             'creator_id' => $user?->getId(),
@@ -66,14 +66,23 @@ private function getEnvData(): array
     }
 
     /**
-     * Remove password value from GraphQL variables well-known structure.
+     * Redact sensitive values from the entire data structure.
      */
-    protected function removeSensitiveData(array $request): array
+    private function redactSensitiveData(array $request): array
     {
-        unset($request['password']);
-        foreach ($request as &$r) {
-            if (is_array($r)) {
-                $r = $this->removeSensitiveData($r);
+        foreach ($request as $key => &$value) {
+            if (in_array($key, [
+                'password',
+                'passwordConfirmation',
+                'password_rep',
+                'cpass',
+                'npass1',
+                'npass2',
+                'password',
+            ], true)) {
+                $value = '***REDACTED***';
+            } elseif (is_array($value)) {
+                $value = $this->redactSensitiveData($value);
             }
         }
 
diff --git a/tests/Log/EventCompleterTest.php b/tests/Log/EventCompleterTest.php
@@ -47,6 +47,8 @@ public function testProcess(): void
             'variables' => [
                 'other' => [
                     'password' => 'sensitive',
+                    'passwordConfirmation' => 'sensitive',
+                    'npass2' => [123],
                     'foo' => 123,
                 ],
             ],
@@ -66,8 +68,12 @@ public function testProcess(): void
         self::assertIsString($actual['url']);
         self::assertIsString($actual['referer']);
         self::assertSame([
+            'password' => '***REDACTED***',
             'variables' => [
                 'other' => [
+                    'password' => '***REDACTED***',
+                    'passwordConfirmation' => '***REDACTED***',
+                    'npass2' => '***REDACTED***',
                     'foo' => 123,
                 ],
             ],
