hides sensitive information by config

config/debugbar.php

@@ -216,6 +216,12 @@
         'route' => [
             'label' => true,  // show complete route on bar
         ],
+        'session' => [
+            'hiddens' => [], // hides sensitive values using array paths
+        ],
+        'symfony_request' => [
+            'hiddens' => [], // hides sensitive values using array paths, example: request_request.password
+        ],
         'logs' => [
             'file' => null,
         ],

src/DataCollector/RequestCollector.php

@@ -5,6 +5,7 @@
 use DebugBar\DataCollector\DataCollector;
 use DebugBar\DataCollector\DataCollectorInterface;
 use DebugBar\DataCollector\Renderable;
+use Illuminate\Support\Arr;
 use Illuminate\Support\Str;
 use Laravel\Telescope\IncomingEntry;
 use Laravel\Telescope\Telescope;
@@ -25,20 +26,29 @@ class RequestCollector extends DataCollector implements DataCollectorInterface,
     protected $session;
     /** @var string|null */
     protected $currentRequestId;
+    /** @var array */
+    protected $hiddens;
 
     /**
      * Create a new SymfonyRequestCollector
      *
      * @param \Symfony\Component\HttpFoundation\Request $request
      * @param \Symfony\Component\HttpFoundation\Response $response
      * @param \Symfony\Component\HttpFoundation\Session\SessionInterface $session
+     * @param string|null $currentRequestId
+     * @param array $hiddens
      */
-    public function __construct($request, $response, $session = null, $currentRequestId = null)
+    public function __construct($request, $response, $session = null, $currentRequestId = null, $hiddens = [])
     {
         $this->request = $request;
         $this->response = $response;
         $this->session = $session;
         $this->currentRequestId = $currentRequestId;
+        $this->hiddens = array_merge($hiddens, [
+            'request_request.password',
+            'request_server.PHP_AUTH_PW',
+            'request_headers.php-auth-pw.0',
+        ]);
     }
 
     /**
@@ -125,22 +135,15 @@ public function collect()
             }
         }
 
-        if (isset($data['request_request']['password'])) {
-            $data['request_request']['password'] = '******';
-        }
-
         if (isset($data['request_headers']['authorization'][0])) {
             $data['request_headers']['authorization'][0] = substr($data['request_headers']['authorization'][0], 0, 12) . '******';
         }
 
-        if (isset($data['request_headers']['php-auth-pw'][0])) {
-            $data['request_headers']['php-auth-pw'][0] = '******';
-        }
-
-        if (isset($data['request_server']['PHP_AUTH_PW'])) {
-            $data['request_server']['PHP_AUTH_PW'] = '******';
+        foreach ($this->hiddens as $key) {
+            if (Arr::has($data, $key)) {
+                Arr::set($data, $key, '******');
+            }
         }
-        ;
 
         foreach ($data as $key => $var) {
             if (!is_string($data[$key])) {

src/DataCollector/SessionCollector.php

@@ -5,31 +5,44 @@
 use DebugBar\DataCollector\DataCollector;
 use DebugBar\DataCollector\DataCollectorInterface;
 use DebugBar\DataCollector\Renderable;
+use Illuminate\Support\Arr;
 
 class SessionCollector extends DataCollector implements DataCollectorInterface, Renderable
 {
     /** @var  \Symfony\Component\HttpFoundation\Session\SessionInterface|\Illuminate\Contracts\Session\Session $session */
     protected $session;
+    /** @var array */
+    protected $hiddens;
 
     /**
      * Create a new SessionCollector
      *
      * @param \Symfony\Component\HttpFoundation\Session\SessionInterface|\Illuminate\Contracts\Session\Session $session
+     * @param array $hiddens
      */
-    public function __construct($session)
+    public function __construct($session, $hiddens = [])
     {
         $this->session = $session;
+        $this->hiddens = $hiddens;
     }
 
     /**
      * {@inheritdoc}
      */
     public function collect()
     {
-        $data = [];
-        foreach ($this->session->all() as $key => $value) {
+        $data = $this->session->all();
+
+        foreach ($this->hiddens as $key) {
+            if (Arr::has($data, $key)) {
+                Arr::set($data, $key, '******');
+            }
+        }
+
+        foreach ($data as $key => $value) {
             $data[$key] = is_string($value) ? $value : $this->formatVar($value);
         }
+
         return $data;
     }
 

src/LaravelDebugbar.php

@@ -710,7 +710,8 @@ public function modifyResponse(Request $request, Response $response)
 
             if ($this->shouldCollect('session') && ! $this->hasCollector('session')) {
                 try {
-                    $this->addCollector(new SessionCollector($sessionManager));
+                    $hiddens = $app['config']->get('debugbar.options.session.hiddens', []);
+                    $this->addCollector(new SessionCollector($sessionManager, $hiddens));
                 } catch (\Exception $e) {
                     $this->addThrowable(
                         new Exception(
@@ -728,7 +729,14 @@ public function modifyResponse(Request $request, Response $response)
         if ($this->shouldCollect('symfony_request', true) && !$this->hasCollector('request')) {
             try {
                 $reqId = $this->getCurrentRequestId();
-                $this->addCollector(new RequestCollector($request, $response, $sessionManager, $reqId));
+                $hiddens = array_merge(
+                    $app['config']->get('debugbar.options.symfony_request.hiddens', []),                    
+                    array_map(
+                        function ($key) { return 'session_attributes.'.$key; },
+                        $app['config']->get('debugbar.options.session.hiddens', [])
+                    )
+                );
+                $this->addCollector(new RequestCollector($request, $response, $sessionManager, $reqId, $hiddens));
             } catch (\Exception $e) {
                 $this->addThrowable(
                     new Exception(