ivuorinen/monolog-gdpr-filter
1
0
Fork 0
mirror of https://github.com/ivuorinen/monolog-gdpr-filter.git synced 2026-03-12 10:00:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
85 Commits 2 Branches 1 Tag
16a986001cab06b316e036e76b4c548a26151914
Commit Graph

85 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
renovate[bot]
16a986001c chore(deps): update pre-commit hook bridgecrewio/checkov (3.2.506 → 3.2.508) (#102) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-09 22:50:51 +02:00
renovate[bot]
8425411b6c chore(deps)!: update dependency phpunit/phpunit (12.5.14 → 13.0.5) (#88) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-08 19:28:33 +02:00
renovate[bot]
57acc7847f chore(deps)!: update dependency phpunit/phpunit (11.5.55 → 12.5.14) (#87) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-08 19:21:40 +02:00
Ismo Vuorinen
d1cbf50c5e fix: switch from xdebug to pcov for code coverage (#101) 
* fix: remove xdebug-specific settings from phpunit.xml and composer.json

Remove `<ini name="xdebug.mode" value="coverage"/>` from phpunit.xml and
`XDEBUG_MODE=coverage` prefix from composer scripts. These fail when xdebug
is not installed and are unnecessary when using PCOV for code coverage.

* ci: switch from xdebug to pcov for code coverage

Both test matrix and coverage jobs now use `coverage: pcov`, matching
the existing test-coverage.yaml workflow. PCOV is faster for
coverage-only use and avoids the xdebug dependency conflict.

* build: replace xdebug with pcov in Docker setup

Switch Docker development environment from xdebug to pcov for code
coverage and remove the XDEBUG_MODE environment variable from
docker-compose.yml. Standardizes on pcov across all environments.
 2026-03-08 19:16:07 +02:00
renovate[bot]
e26312a6ee chore(deps): update image php to v8.5 (#68) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-08 14:36:49 +02:00
Ismo Vuorinen
b0925ce489 refactor: replace hardcoded strings with constant references (#100) 
* fix(tests): remove error_log calls and clean up ComprehensiveValidationTest

* refactor: replace hardcoded strings with MaskConstants and TestConstants references

* fix(streaming): replace overcounting '[' heuristic with proper mask detection

StreamingProcessor::getStatistics() was counting any message containing '['
as masked, causing false positives. Now checks for specific mask constants
(MASK_GENERIC, MASK_BRACKETS, MASK_REDACTED_BRACKETS) instead.

Also adds MASK_REDACTED_BRACKETS constant to MaskConstants and removes
the now-unnecessary UnusedFunctionCall psalm suppression.

* refactor(tests): replace remaining hardcoded literals with constant references

Add new constants to TestConstants (MASK_REDACTED_PLAIN, MASK_SECRET_BRACKETS,
MASK_SSN_BRACKETS, PATTERN_REDOS_NESTED_STAR, FIELD_USER_SSN, FIELD_USER_DATA)
and replace all matching literals across 21 test files.

Also removes dead memory_get_usage() call and uses existing
TestConstants::IP_ADDRESS_PUBLIC for hardcoded IP.

* fix(streaming): replace mask-token heuristic with accurate record comparison in getStatistics()

The previous implementation only detected masking when specific mask tokens
appeared in the message, missing cases where context was masked or different
mask values were used. Compare original vs processed records instead.

* refactor(tests): add PATTERN_EMAIL_SIMPLE, MASK_CARD_BRACKETS, EXPECTED_SSN_MASKED constants

Replace cross-file duplicate literals with TestConstants references:
- Email regex (4 files), '[CARD]' (2 files), 'SSN: [SSN]' (2 files)

* fix(streaming): bypass audit logger in getStatistics() by calling orchestrator directly

getStatistics() previously routed through processStream()/processChunk() which
triggered the audit logger for each record. A read-only statistics method should
not produce audit side-effects. Now calls orchestrator.process() directly and
processes records one at a time without materializing the entire iterable.

* refactor(tests): fix test quality issues and add PATTERN_CREDIT_CARD constant

- Replace fail() message that leaked sensitive terms with count-only message
- Replace bare 'EMAIL' string with MaskConstants::MASK_EMAIL for consistency
- Remove error_log() debug output from CriticalBugRegressionTest
- Add TestConstants::PATTERN_CREDIT_CARD and replace inline regex in 3 files
 2026-03-08 13:50:17 +02:00
Ismo Vuorinen
e58397a75d ci: harden workflow permissions and fix shellcheck warnings (#99) 
* ci: add least-privilege permissions and quote shell variables in CI workflow

* ci: restrict root permissions and quote shell variables in test-coverage workflow

* ci: quote shell variables and group redirects in release workflow
 2026-03-08 03:45:56 +02:00
Ismo Vuorinen
f6b0f864b4 fix: workflows now use .php-version, other fixes (#98) 
* ci: use .php-version file in CI coverage and security jobs

* ci: use .php-version file in release workflow

* ci: use .php-version file in phpcs workflow

* ci: use .php-version file in test-coverage workflow

* ci: remove master branch from pr-lint workflow triggers
 2026-03-07 23:30:32 +02:00
renovate[bot]
0fd7cd099f chore(deps): update ivuorinen/actions action (v2026.02.24 → v2026.03.06) (#97) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-07 20:56:38 +02:00
Ismo Vuorinen
38946574a4 ci: migrate CodeQL to ivuorinen/actions/codeql-analysis (#96) 
* ci: migrate codeql to composable workflow

* fix: correct codeql workflow language, queries, permissions, and action ref

- Use 'javascript' instead of 'javascript-typescript' for CodeQL language
- Add queries: security-and-quality parameter
- Set root-level permissions to {}
- Add job-level permissions (actions, contents, packages, security-events)
- Pin action ref to commit hash with version comment
- Fix mangled cron schedule
 2026-03-07 18:44:29 +02:00
renovate[bot]
1be44fff9d chore(deps): lock file maintenance (#95) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-02 09:09:46 +02:00
renovate[bot]
3be9c07d6c chore(deps)!: update actions/upload-artifact (v6.0.0 → v7.0.0) (#94) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-02 03:45:27 +02:00
renovate[bot]
8ec91aad35 chore(deps): update ivuorinen/actions action (v2026.01.21 → v2026.02.24) (#93) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-02-26 21:04:01 +02:00
renovate[bot]
5eb01578d2 chore(deps): update github/codeql-action action (v4.32.0 → v4.32.4) (#90) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-02-25 10:09:09 +00:00
renovate[bot]
110598e921 chore(deps): update pre-commit hook rhysd/actionlint (v1.7.10 → v1.7.11) (#92) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-02-25 07:57:48 +00:00
renovate[bot]
9af85cb9b1 chore(deps): update pre-commit hook bridgecrewio/checkov (3.2.499 → 3.2.506) (#91) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-02-25 07:58:30 +02:00
renovate[bot]
1a60d2b573 chore(deps): lock file maintenance (#89) 2026-02-23 21:41:03 +02:00
renovate[bot]
97ac6b1eae chore(deps): update actions/cache action (v5.0.2 → v5.0.3) (#84) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-02-01 10:25:28 +02:00
Ismo Vuorinen
47564c5cd6 feat!: upgrade min. php version to 8.4 (#86) 
* feat: upgrade min php to 7.4, upgrade packages

* chore: update ci/cd, docs, supporting config to php 8.4

* chore: update rest of the docs, supporting config to php 8.4
 2026-02-01 10:20:40 +02:00
renovate[bot]
3d3448dcf0 chore(deps): update phpunit/phpunit (11.5.46 → 11.5.50) [security] (#82) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-01-31 11:26:11 +02:00
renovate[bot]
f16eb2a095 chore(deps): update github/codeql-action action (v4.31.9 → v4.32.0) (#81) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-01-28 16:44:13 +02:00
renovate[bot]
451726a365 chore(deps): update pre-commit hook bridgecrewio/checkov (3.2.497 → 3.2.499) (#79) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-01-27 12:15:38 +00:00
renovate[bot]
966618ec5a chore(deps): update ivuorinen/actions action (v2026.01.13 → v2026.01.21) (#78) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-01-27 11:49:02 +00:00
renovate[bot]
c3f5ddcc45 chore(deps): update actions/cache action (v5.0.1 → v5.0.2) (#76) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-01-27 11:32:05 +00:00
renovate[bot]
e499663b5d chore(deps): update actions/checkout action (v6.0.1 → v6.0.2) (#77) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-01-27 10:32:44 +00:00
renovate[bot]
c89bc1ae72 chore(deps): update pre-commit hook adrienverge/yamllint (v1.37.1 → v1.38.0) (#80) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-01-27 08:51:37 +02:00
renovate[bot]
74ec52721e chore(deps): update pre-commit hook renovatebot/pre-commit-hooks (42.69.2 → 42.84.0) (#75) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-01-20 17:54:42 +02:00
renovate[bot]
7fe55b86f8 chore(deps): update ivuorinen/actions action (v2026.01.06 → v2026.01.13) (#74) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-01-15 21:33:45 +02:00
renovate[bot]
2a157f1871 chore(deps): update pre-commit hook bridgecrewio/checkov (3.2.496 → 3.2.497) (#72) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-01-07 14:02:08 +00:00
renovate[bot]
36c4fd6e1d chore(deps): update pre-commit hook rhysd/actionlint (v1.7.9 → v1.7.10) (#73) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-01-07 15:53:57 +02:00
renovate[bot]
497353f4f3 chore(deps)!: update ivuorinen/actions (v2025.12.21 → v2026.01.06) (#71) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-01-07 15:49:08 +02:00
renovate[bot]
4ab3db8a12 chore(deps): update pre-commit hook renovatebot/pre-commit-hooks (42.64.1 → 42.69.2) (#70) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-01-02 12:25:44 +02:00
renovate[bot]
b3eea46780 chore(deps): update pre-commit hook bridgecrewio/checkov (3.2.495 → 3.2.496) (#67) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-30 08:40:39 +02:00
Ismo Vuorinen
86deca0371 chore: update README.md 2025-12-22 14:03:27 +02:00
Ismo Vuorinen
8866daaf33 feat: add advanced architecture, documentation, and coverage improvements (#65) 
* fix(style): resolve PHPCS line-length warnings in source files

* fix(style): resolve PHPCS line-length warnings in test files

* feat(audit): add structured audit logging with ErrorContext and AuditContext

- ErrorContext: standardized error information with sensitive data sanitization
- AuditContext: structured context for audit entries with operation types
- StructuredAuditLogger: enhanced audit logger wrapper with timing support

* feat(recovery): add recovery mechanism for failed masking operations

- FailureMode enum: FAIL_OPEN, FAIL_CLOSED, FAIL_SAFE modes
- RecoveryStrategy interface and RecoveryResult value object
- RetryStrategy: exponential backoff with configurable attempts
- FallbackMaskStrategy: type-aware fallback values

* feat(strategies): add CallbackMaskingStrategy for custom masking logic

- Wraps custom callbacks as MaskingStrategy implementations
- Factory methods: constant(), hash(), partial() for common use cases
- Supports exact match and prefix match for field paths

* docs: add framework integration guides and examples

- symfony-integration.md: Symfony service configuration and Monolog setup
- psr3-decorator.md: PSR-3 logger decorator pattern implementation
- framework-examples.md: CakePHP, CodeIgniter 4, Laminas, Yii2, PSR-15
- docker-development.md: Docker development environment guide

* chore(docker): add Docker development environment

- Dockerfile: PHP 8.2-cli-alpine with Xdebug for coverage
- docker-compose.yml: development services with volume mounts

* feat(demo): add interactive GDPR pattern tester playground

- PatternTester.php: pattern testing utility with strategy support
- index.php: web API endpoint with JSON response handling
- playground.html: interactive web interface for testing patterns

* docs(todo): update with completed medium priority items

- Mark all PHPCS warnings as fixed (81 → 0)
- Document new Audit and Recovery features
- Update test count to 1,068 tests with 2,953 assertions
- Move remaining items to low priority

* feat: add advanced architecture, documentation, and coverage improvements

- Add architecture improvements:
  - ArrayAccessorInterface and DotArrayAccessor for decoupled array access
  - MaskingOrchestrator for single-responsibility masking coordination
  - GdprProcessorBuilder for fluent configuration
  - MaskingPluginInterface and AbstractMaskingPlugin for plugin architecture
  - PluginAwareProcessor for plugin hook execution
  - AuditLoggerFactory for instance-based audit logger creation

- Add advanced features:
  - SerializedDataProcessor for handling print_r/var_export/serialize output
  - KAnonymizer with GeneralizationStrategy for GDPR k-anonymity
  - RetentionPolicy for configurable data retention periods
  - StreamingProcessor for memory-efficient large log processing

- Add comprehensive documentation:
  - docs/performance-tuning.md - benchmarking, optimization, caching
  - docs/troubleshooting.md - common issues and solutions
  - docs/logging-integrations.md - ELK, Graylog, Datadog, etc.
  - docs/plugin-development.md - complete plugin development guide

- Improve test coverage (84.41% → 85.07%):
  - ConditionalRuleFactoryInstanceTest (100% coverage)
  - GdprProcessorBuilderEdgeCasesTest (100% coverage)
  - StrategyEdgeCasesTest for ReDoS detection and type parsing
  - 78 new tests, 119 new assertions

- Update TODO.md with current statistics:
  - 141 PHP files, 1,346 tests, 85.07% line coverage

* chore: tests, update actions, sonarcloud issues

* chore: rector

* fix: more sonarcloud fixes

* chore: more fixes

* refactor: copilot review fix

* chore: rector
 2025-12-22 13:38:18 +02:00
renovate[bot]
b1eb567b92 chore(deps): update pre-commit hook renovatebot/pre-commit-hooks (42.40.3 → 42.64.1) (#66) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-20 12:47:47 +02:00
renovate[bot]
170cfb2fc9 chore(deps)!: update actions/cache (v4.3.0 → v5.0.1) (#60) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-17 23:01:36 +02:00
renovate[bot]
b5fec58dd5 chore(deps): update pre-commit hook igorshubovych/markdownlint-cli (v0.46.0 → v0.47.0) (#64) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-17 16:19:29 +02:00
renovate[bot]
6307a37e4d chore(deps): update codecov/codecov-action action (v5.5.1 → v5.5.2) (#62) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-16 10:09:39 +00:00
renovate[bot]
1967ee722b chore(deps)!: update actions/upload-artifact (v5.0.0 → v6.0.0) (#61) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-16 12:03:41 +02:00
renovate[bot]
03d24479c0 chore(deps): update github/codeql-action action (v4.31.7 → v4.31.8) (#63) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-16 09:49:32 +02:00
renovate[bot]
8d82b70304 chore(deps): update pre-commit hook renovatebot/pre-commit-hooks (42.27.1 → 42.40.3) (#58) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-09 06:27:08 +00:00
renovate[bot]
10923e99e9 chore(deps): update ivuorinen/actions action (v2025.11.30 → v2025.12.07) (#30) 2025-12-08 15:04:18 +02:00
renovate[bot]
7a48d493c4 chore(deps): update actions/checkout action (v6.0.0 → v6.0.1) (#50) 2025-12-08 07:40:16 +02:00
renovate[bot]
ad11859b46 chore(deps): update github/codeql-action action (v4.31.5 → v4.31.7) (#57) 2025-12-08 07:17:22 +02:00
Ismo Vuorinen
c3d6b8b1c6 chore: workflow and package updates, linting (#59) 
* chore(deps): update composer packages

* chore(ci): update workflows

* chore(lint): fix codeql language, composer lint:fix

* chore: set php version 8.2, update pre-commit hooks, linting
 2025-12-01 11:18:44 +02:00
Ismo Vuorinen
e293587296 fix(ci): actions not workflows 2025-11-11 22:55:15 +02:00
Ismo Vuorinen
ac4559ae48 fix(ci): add workflows write to pr-lint 2025-11-11 22:45:13 +02:00
Ismo Vuorinen
c30c136a92 chore(ci): add content write permission to pr-lint 2025-11-11 22:38:13 +02:00
renovate[bot]
5f2793ca99 chore(deps)!: update renovatebot/pre-commit-hooks (41.173.1 → 42.2.0) (#45) 2025-11-10 08:19:09 +02:00