ivuorinen/monolog-gdpr-filter
1
0
Fork 0
mirror of https://github.com/ivuorinen/monolog-gdpr-filter.git synced 2026-03-12 21:01:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: replace hardcoded strings with constant references (#100)

Browse Source 
* fix(tests): remove error_log calls and clean up ComprehensiveValidationTest

* refactor: replace hardcoded strings with MaskConstants and TestConstants references

* fix(streaming): replace overcounting '[' heuristic with proper mask detection

StreamingProcessor::getStatistics() was counting any message containing '['
as masked, causing false positives. Now checks for specific mask constants
(MASK_GENERIC, MASK_BRACKETS, MASK_REDACTED_BRACKETS) instead.

Also adds MASK_REDACTED_BRACKETS constant to MaskConstants and removes
the now-unnecessary UnusedFunctionCall psalm suppression.

* refactor(tests): replace remaining hardcoded literals with constant references

Add new constants to TestConstants (MASK_REDACTED_PLAIN, MASK_SECRET_BRACKETS,
MASK_SSN_BRACKETS, PATTERN_REDOS_NESTED_STAR, FIELD_USER_SSN, FIELD_USER_DATA)
and replace all matching literals across 21 test files.

Also removes dead memory_get_usage() call and uses existing
TestConstants::IP_ADDRESS_PUBLIC for hardcoded IP.

* fix(streaming): replace mask-token heuristic with accurate record comparison in getStatistics()

The previous implementation only detected masking when specific mask tokens
appeared in the message, missing cases where context was masked or different
mask values were used. Compare original vs processed records instead.

* refactor(tests): add PATTERN_EMAIL_SIMPLE, MASK_CARD_BRACKETS, EXPECTED_SSN_MASKED constants

Replace cross-file duplicate literals with TestConstants references:
- Email regex (4 files), '[CARD]' (2 files), 'SSN: [SSN]' (2 files)

* fix(streaming): bypass audit logger in getStatistics() by calling orchestrator directly

getStatistics() previously routed through processStream()/processChunk() which
triggered the audit logger for each record. A read-only statistics method should
not produce audit side-effects. Now calls orchestrator.process() directly and
processes records one at a time without materializing the entire iterable.

* refactor(tests): fix test quality issues and add PATTERN_CREDIT_CARD constant

- Replace fail() message that leaked sensitive terms with count-only message
- Replace bare 'EMAIL' string with MaskConstants::MASK_EMAIL for consistency
- Remove error_log() debug output from CriticalBugRegressionTest
- Add TestConstants::PATTERN_CREDIT_CARD and replace inline regex in 3 files
This commit is contained in:
Ismo Vuorinen
2026-03-08 13:50:17 +02:00
committed by GitHub
parent e58397a75d
commit b0925ce489
51 changed files with 386 additions and 430 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
tests/TestConstants.php
View File

@@ -145,6 +145,8 @@ final class TestConstants
public const FIELD_USER_NAME = 'user.name';
public const FIELD_USER_PUBLIC = 'user.public';
public const FIELD_USER_PASSWORD = 'user.password';
public const FIELD_USER_SSN = 'user.ssn';
public const FIELD_USER_DATA = 'user.data';
public const FIELD_SYSTEM_LOG = 'system.log';
// Path Patterns
@@ -168,20 +170,32 @@ final class TestConstants
// Mask placeholders used in tests (bracketed format)
public const MASK_REDACTED_BRACKETS = '[REDACTED]';
public const MASK_MASKED_BRACKETS = '[MASKED]';
public const MASK_SECRET_BRACKETS = '[SECRET]';
public const MASK_SSN_BRACKETS = '[SSN]';
public const MASK_EMAIL_BRACKETS = '[EMAIL]';
public const MASK_DIGITS_BRACKETS = '[DIGITS]';
public const MASK_INT_BRACKETS = '[INT]';
public const MASK_ALWAYS_THIS = '[ALWAYS_THIS]';
public const MASK_REDACTED_PLAIN = 'REDACTED';
// Test values
public const VALUE_TEST = 'test value';
public const VALUE_SUFFIX = ' value';
// Expected output strings
public const EXPECTED_SSN_MASKED = 'SSN: [SSN]';
// Mask placeholders (bracketed format, additional)
public const MASK_CARD_BRACKETS = '[CARD]';
// Additional pattern constants
public const PATTERN_EMAIL_SIMPLE = '/[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/';
public const PATTERN_VALID_SIMPLE = '/^test$/';
public const PATTERN_INVALID_UNCLOSED = '/unclosed';
public const PATTERN_REDOS_VULNERABLE = '/^(a+)+$/';
public const PATTERN_REDOS_NESTED_STAR = '/^(a*)*$/';
public const PATTERN_SAFE = '/[a-z]+/';
public const PATTERN_CREDIT_CARD = '/\b\d{4}[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}\b/';
/**
* Prevent instantiation.