From 2d3e3b73756e211252512957ab85e72a338475ef Mon Sep 17 00:00:00 2001 From: Christopher Miller Date: Wed, 30 Aug 2023 13:55:53 +0100 Subject: [PATCH] ehancing checks around auth headers --- src/Masking/FieldMasker.php | 12 +++- tests/Masking/FieldMaskerTest.php | 113 ++++++++++++++++++++++++++++++ 2 files changed, 122 insertions(+), 3 deletions(-) diff --git a/src/Masking/FieldMasker.php b/src/Masking/FieldMasker.php index 51de25b..091e2e8 100644 --- a/src/Masking/FieldMasker.php +++ b/src/Masking/FieldMasker.php @@ -50,9 +50,15 @@ public function mask(array $data): array string: $value, ); - $parts[1] = $this->star( - string: $parts[1], - ); + if (count($parts) >= 2) { + for ($i = 1; $i < count($parts); $i++) { + $parts[$i] = $this->star( + string: $parts[$i] + ); + } + } else { + $parts[0] = $this->star($parts[0]); + } $value = implode(' ', $parts); } else { diff --git a/tests/Masking/FieldMaskerTest.php b/tests/Masking/FieldMaskerTest.php index 3124f8f..23151a6 100644 --- a/tests/Masking/FieldMaskerTest.php +++ b/tests/Masking/FieldMaskerTest.php @@ -55,3 +55,116 @@ 'foo' => 'bar', ]); }); + +it('can handle a single Authorization entry', function () { + $masker = new FieldMasker( + fields: ['password', 'api_key', 'cc'], + ); + + expect($masker->mask( + data: [ + 'form' => [ + 'password' => 'password', + 'api_key' => 'test', + ], + 'Authorization' => '123123123123123', + 'X-API-KEY' => '1234-1234-4321', + 'cc' => '1234-1234-1234-1234', + 'foo' => 'bar', + ], + ))->toBeArray()->toEqual([ + 'form' => [ + 'password' => '********', + 'api_key' => '****', + ], + 'Authorization' => '***************', + 'X-API-KEY' => '**************', + 'cc' => '*******************', + 'foo' => 'bar', + ]); +}); + +it('can handle a two Authorization entries', function () { + $masker = new FieldMasker( + fields: ['password', 'api_key', 'cc'], + ); + + expect($masker->mask( + data: [ + 'form' => [ + 'password' => 'password', + 'api_key' => 'test', + ], + 'Authorization' => 'Bearer 123123123123123', + 'X-API-KEY' => '1234-1234-4321', + 'cc' => '1234-1234-1234-1234', + 'foo' => 'bar', + ], + ))->toBeArray()->toEqual([ + 'form' => [ + 'password' => '********', + 'api_key' => '****', + ], + 'Authorization' => 'Bearer ***************', + 'X-API-KEY' => '**************', + 'cc' => '*******************', + 'foo' => 'bar', + ]); +}); + + +it('can handle a multiple Authorization entries', function () { + $masker = new FieldMasker( + fields: ['password', 'api_key', 'cc'], + ); + + expect($masker->mask( + data: [ + 'form' => [ + 'password' => 'password', + 'api_key' => 'test', + ], + 'Authorization' => 'Bearer 123123123123123 123', + 'X-API-KEY' => '1234-1234-4321', + 'cc' => '1234-1234-1234-1234', + 'foo' => 'bar', + ], + ))->toBeArray()->toEqual([ + 'form' => [ + 'password' => '********', + 'api_key' => '****', + ], + 'Authorization' => 'Bearer *************** ***', + 'X-API-KEY' => '**************', + 'cc' => '*******************', + 'foo' => 'bar', + ]); +}); + +it('can handle a malformed Authorization entry', function () { + $masker = new FieldMasker( + fields: ['password', 'api_key', 'cc'], + ); + + expect($masker->mask( + data: [ + 'form' => [ + 'password' => 'password', + 'api_key' => 'test', + ], + 'Authorization' => 'Alien', + 'X-API-KEY' => '1234-1234-4321', + 'cc' => '1234-1234-1234-1234', + 'foo' => 'bar', + ], + ))->toBeArray()->toEqual([ + 'form' => [ + 'password' => '********', + 'api_key' => '****', + ], + 'Authorization' => '*****', + 'X-API-KEY' => '**************', + 'cc' => '*******************', + 'foo' => 'bar', + ]); +});