EventCompleter::removeSensitiveData() - Code Metrics - Inspection of "Fix Scrutinizer config" - Ecodev/felix - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 89f24e...8c4dad )

by Sylvain

created 2020-12-21 18:44 UTC

EventCompleter::removeSensitiveData() A

↳ Parent: EventCompleter

Complexity

Conditions	3
Paths	3

Size

Total Lines	9
Code Lines	4

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	4
CRAP Score	3.072

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
cc	3
eloc	4
c	1
b	0
f	0
nc	3
nop	1
dl	0
loc	9
ccs	4
cts	5
cp	0.8
crap	3.072
rs	10

<?php

declare(strict_types=1);

namespace Ecodev\Felix\Log;

use Ecodev\Felix\Model\CurrentUser;
use Laminas\Log\Processor\ProcessorInterface;

class EventCompleter implements ProcessorInterface
{
    /**
     * @var string
     */
    private $baseUrl;

    public function __construct(string $baseUrl)
    {
        $this->baseUrl = $baseUrl;
    }

    /**
     * Complete a log event with extra data, including stacktrace and any global stuff relevant to the app
     */
    public function process(array $event): array
    {
        $envData = $this->getEnvData();
        $event = array_merge($event, $envData);

        // If we are logging PHP errors, then we include all known information in message
        if ($event['extra']['errno'] ?? false) {
            $event['message'] .= "\nStacktrace:\n" . $this->getStacktrace();
        }

        // Security hide clear text password
        unset($event['extra']['password']);

        return $event;
    }

    /**
     * Retrieve dynamic information from environment to be logged.
     */
    private function getEnvData(): array
    {
        $user = CurrentUser::get();

        if (PHP_SAPI === 'cli') {
            global $argv;
            $request = $argv;
            $ip = 'script';
            $url = implode(' ', $argv);
            $referer = '';
        } else {
            $request = $_REQUEST;
            $ip = $_SERVER['REMOTE_ADDR'] ?? '';
            $url = $this->baseUrl . $_SERVER['REQUEST_URI'];
            $referer = $_SERVER['HTTP_REFERER'] ?? '';
        }

        $request = $this->removeSensitiveData($request);

        $envData = [
            'creator_id' => $user ? $user->getId() : null,
            'login' => $user ? $user->getLogin() : null,
            'url' => $url,
            'referer' => $referer,
            'request' => json_encode($request, JSON_PRETTY_PRINT),
            'ip' => $ip,
        ];

        return $envData;
    }

    /**
     * Remove password value from GraphQL variables well-known structure
     */
    protected function removeSensitiveData(array $request): array
    {
        foreach ($request as &$r) {
            if (is_array($r)) {
                unset($r['variables']['password']);
            }
        }

        return $request;
    }

    /**
     * Returns the backtrace excluding the most recent calls to this function so we only get the interesting parts
     */
    private function getStacktrace(): string
    {
        ob_start();
        @debug_print_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS);
        $trace = ob_get_contents();
        ob_end_clean();

        if ($trace === false) {
            return 'Could not get stacktrace';
        }

        // Remove first items from backtrace as it's this function and previous logging functions which is not interesting
        $shortenTrace = preg_replace('/^#[0-4]\s+[^\n]*\n/m', '', $trace);

        if ($shortenTrace === null) {
            return $trace;
        }

        // Renumber backtrace items.
        $renumberedTrace = preg_replace_callback('/^#(\d+)/m', function ($matches) {
            return '#' . ($matches[1] - 5);
        }, $shortenTrace);

        if ($renumberedTrace === null) {
            return $shortenTrace;
        }

        return $renumberedTrace;
    }
}


1		<?php
2
3		declare(strict_types=1);
4
5		namespace Ecodev\Felix\Log;
6
7		use Ecodev\Felix\Model\CurrentUser;
8		use Laminas\Log\Processor\ProcessorInterface;
9
10		class EventCompleter implements ProcessorInterface
11		{
12		/**
13		* @var string
14		*/
15		private $baseUrl;
16
17	5	public function __construct(string $baseUrl)
18		{
19	5	$this->baseUrl = $baseUrl;
20	5	}
21
22		/**
23		* Complete a log event with extra data, including stacktrace and any global stuff relevant to the app
24		*/
25	4	public function process(array $event): array
26		{
27	4	$envData = $this->getEnvData();
28	4	$event = array_merge($event, $envData);
29
30		// If we are logging PHP errors, then we include all known information in message
31	4	if ($event['extra']['errno'] ?? false) {
32	1	$event['message'] .= "\nStacktrace:\n" . $this->getStacktrace();
33		}
34
35		// Security hide clear text password
36	4	unset($event['extra']['password']);
37
38	4	return $event;
39		}
40
41		/**
42		* Retrieve dynamic information from environment to be logged.
43		*/
44	4	private function getEnvData(): array
45		{
46	4	$user = CurrentUser::get();
47
48	4	if (PHP_SAPI === 'cli') {
49		global $argv;
50	4	$request = $argv;
51	4	$ip = 'script';
52	4	$url = implode(' ', $argv);
53	4	$referer = '';
54		} else {
55		$request = $_REQUEST;
56		$ip = $_SERVER['REMOTE_ADDR'] ?? '';
57		$url = $this->baseUrl . $_SERVER['REQUEST_URI'];
58		$referer = $_SERVER['HTTP_REFERER'] ?? '';
59		}
60
61	4	$request = $this->removeSensitiveData($request);
62
63		$envData = [
64	4	'creator_id' => $user ? $user->getId() : null,
65	4	'login' => $user ? $user->getLogin() : null,
66	4	'url' => $url,
67	4	'referer' => $referer,
68	4	'request' => json_encode($request, JSON_PRETTY_PRINT),
69	4	'ip' => $ip,
70		];
71
72	4	return $envData;
73		}
74
75		/**
76		* Remove password value from GraphQL variables well-known structure
77		*/
78	4	protected function removeSensitiveData(array $request): array
79		{
80	4	foreach ($request as &$r) {
81	4	if (is_array($r)) {
82		unset($r['variables']['password']);
83		}
84		}
85
86	4	return $request;
87		}
88
89		/**
90		* Returns the backtrace excluding the most recent calls to this function so we only get the interesting parts
91		*/
92	1	private function getStacktrace(): string
93		{
94	1	ob_start();
95	1	@debug_print_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS);
96	1	$trace = ob_get_contents();
97	1	ob_end_clean();
98
99	1	if ($trace === false) {
100		return 'Could not get stacktrace';
101		}
102
103		// Remove first items from backtrace as it's this function and previous logging functions which is not interesting
104	1	$shortenTrace = preg_replace('/^#[0-4]\s+[^\n]*\n/m', '', $trace);
105
106	1	if ($shortenTrace === null) {
107		return $trace;
108		}
109
110		// Renumber backtrace items.
111		$renumberedTrace = preg_replace_callback('/^#(\d+)/m', function ($matches) {
112	1	return '#' . ($matches[1] - 5);
113	1	}, $shortenTrace);
114
115	1	if ($renumberedTrace === null) {
116		return $shortenTrace;
117		}
118
119	1	return $renumberedTrace;
120		}
121		}
122

Ecodev / felix

Push — master ( 89f24e...8c4dad )

EventCompleter::removeSensitiveData() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like