mirror of
https://github.com/ivuorinen/monolog-gdpr-filter.git
synced 2026-03-18 05:03:03 +00:00
Ismo Vuorinen
b0925ce489
* fix(tests): remove error_log calls and clean up ComprehensiveValidationTest * refactor: replace hardcoded strings with MaskConstants and TestConstants references * fix(streaming): replace overcounting '[' heuristic with proper mask detection StreamingProcessor::getStatistics() was counting any message containing '[' as masked, causing false positives. Now checks for specific mask constants (MASK_GENERIC, MASK_BRACKETS, MASK_REDACTED_BRACKETS) instead. Also adds MASK_REDACTED_BRACKETS constant to MaskConstants and removes the now-unnecessary UnusedFunctionCall psalm suppression. * refactor(tests): replace remaining hardcoded literals with constant references Add new constants to TestConstants (MASK_REDACTED_PLAIN, MASK_SECRET_BRACKETS, MASK_SSN_BRACKETS, PATTERN_REDOS_NESTED_STAR, FIELD_USER_SSN, FIELD_USER_DATA) and replace all matching literals across 21 test files. Also removes dead memory_get_usage() call and uses existing TestConstants::IP_ADDRESS_PUBLIC for hardcoded IP. * fix(streaming): replace mask-token heuristic with accurate record comparison in getStatistics() The previous implementation only detected masking when specific mask tokens appeared in the message, missing cases where context was masked or different mask values were used. Compare original vs processed records instead. * refactor(tests): add PATTERN_EMAIL_SIMPLE, MASK_CARD_BRACKETS, EXPECTED_SSN_MASKED constants Replace cross-file duplicate literals with TestConstants references: - Email regex (4 files), '[CARD]' (2 files), 'SSN: [SSN]' (2 files) * fix(streaming): bypass audit logger in getStatistics() by calling orchestrator directly getStatistics() previously routed through processStream()/processChunk() which triggered the audit logger for each record. A read-only statistics method should not produce audit side-effects. Now calls orchestrator.process() directly and processes records one at a time without materializing the entire iterable. * refactor(tests): fix test quality issues and add PATTERN_CREDIT_CARD constant - Replace fail() message that leaked sensitive terms with count-only message - Replace bare 'EMAIL' string with MaskConstants::MASK_EMAIL for consistency - Remove error_log() debug output from CriticalBugRegressionTest - Add TestConstants::PATTERN_CREDIT_CARD and replace inline regex in 3 files
92 lines
3.1 KiB
PHP
92 lines
3.1 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace Ivuorinen\MonologGdprFilter;
|
|
|
|
/**
|
|
* Constants for mask replacement values.
|
|
*
|
|
* This class provides standardized mask values to avoid duplication
|
|
* and ensure consistency across the codebase.
|
|
*/
|
|
final class MaskConstants
|
|
{
|
|
// Data type masks
|
|
public const MASK_INT = '***INT***';
|
|
public const MASK_FLOAT = '***FLOAT***';
|
|
public const MASK_STRING = '***STRING***';
|
|
public const MASK_BOOL = '***BOOL***';
|
|
public const MASK_NULL = '***NULL***';
|
|
public const MASK_ARRAY = '***ARRAY***';
|
|
public const MASK_OBJECT = '***OBJECT***';
|
|
public const MASK_RESOURCE = '***RESOURCE***';
|
|
|
|
// Generic masks
|
|
public const MASK_GENERIC = '***'; // Simple generic mask
|
|
public const MASK_MASKED = '***MASKED***';
|
|
public const MASK_REDACTED = '***REDACTED***';
|
|
public const MASK_FILTERED = '***FILTERED***';
|
|
public const MASK_BRACKETS = '[MASKED]';
|
|
public const MASK_REDACTED_BRACKETS = '[REDACTED]';
|
|
|
|
// Personal identifiers
|
|
public const MASK_HETU = '***HETU***'; // Finnish SSN
|
|
public const MASK_SSN = '***SSN***'; // Generic SSN
|
|
public const MASK_USSSN = '***USSSN***'; // US SSN
|
|
public const MASK_UKNI = '***UKNI***'; // UK National Insurance
|
|
public const MASK_CASIN = '***CASIN***'; // Canadian SIN
|
|
public const MASK_PASSPORT = '***PASSPORT***';
|
|
|
|
// Financial information
|
|
public const MASK_IBAN = '***IBAN***';
|
|
public const MASK_CC = '***CC***'; // Credit Card
|
|
public const MASK_CARD = '***CARD***'; // Credit Card (alternative)
|
|
public const MASK_UKBANK = '***UKBANK***';
|
|
public const MASK_CABANK = '***CABANK***';
|
|
|
|
// Contact information
|
|
public const MASK_EMAIL = '***EMAIL***';
|
|
public const MASK_PHONE = '***PHONE***';
|
|
public const MASK_IP = '***IP***';
|
|
|
|
// Security tokens and keys
|
|
public const MASK_TOKEN = '***TOKEN***';
|
|
public const MASK_APIKEY = '***APIKEY***';
|
|
public const MASK_SECRET = '***SECRET***';
|
|
|
|
// Personal data
|
|
public const MASK_DOB = '***DOB***'; // Date of Birth
|
|
public const MASK_MAC = '***MAC***'; // MAC Address
|
|
|
|
// Vehicle and identification
|
|
public const MASK_VEHICLE = '***VEHICLE***';
|
|
|
|
// Healthcare
|
|
public const MASK_MEDICARE = '***MEDICARE***';
|
|
public const MASK_EHIC = '***EHIC***'; // European Health Insurance Card
|
|
|
|
// Custom/Internal
|
|
public const MASK_INTERNAL = '***INTERNAL***';
|
|
public const MASK_CUSTOMER = '***CUSTOMER***';
|
|
public const MASK_NUMBER = '***NUMBER***';
|
|
public const MASK_ITEM = '***ITEM***';
|
|
|
|
// Custom mask patterns for partial masking
|
|
public const MASK_SSN_PATTERN = '***-**-****'; // SSN with format preserved
|
|
public const MASK_EMAIL_PATTERN = '***@***.***'; // Email with format preserved
|
|
|
|
// Error states
|
|
public const MASK_INVALID = '***INVALID***';
|
|
public const MASK_TOOLONG = '***TOOLONG***';
|
|
public const MASK_ERROR = '***ERROR***';
|
|
|
|
/**
|
|
* Prevent instantiation.
|
|
*
|
|
* @psalm-suppress UnusedConstructor
|
|
*/
|
|
private function __construct()
|
|
{}
|
|
}
|