Hide sensitive information by config

config/debugbar.php

@@ -216,6 +216,12 @@
         'route' => [
             'label' => true,  // show complete route on bar
         ],
+        'session' => [
+            'hiddens' => [], // hides sensitive values using array paths
+        ],
+        'symfony_request' => [
+            'hiddens' => [], // hides sensitive values using array paths, example: request_request.password
+        ],
         'logs' => [
             'file' => null,
         ],

src/DataCollector/RequestCollector.php

@@ -5,6 +5,7 @@
 use DebugBar\DataCollector\DataCollector;
 use DebugBar\DataCollector\DataCollectorInterface;
 use DebugBar\DataCollector\Renderable;
+use Illuminate\Support\Arr;
 use Illuminate\Support\Str;
 use Laravel\Telescope\IncomingEntry;
 use Laravel\Telescope\Telescope;
@@ -25,20 +26,29 @@ class RequestCollector extends DataCollector implements DataCollectorInterface,
     protected $session;
     /** @var string|null */
     protected $currentRequestId;
+    /** @var array */
+    protected $hiddens;
 
     /**
      * Create a new SymfonyRequestCollector
      *
      * @param \Symfony\Component\HttpFoundation\Request $request
      * @param \Symfony\Component\HttpFoundation\Response $response
      * @param \Symfony\Component\HttpFoundation\Session\SessionInterface $session
+     * @param string|null $currentRequestId
+     * @param array $hiddens
      */
-    public function __construct($request, $response, $session = null, $currentRequestId = null)
+    public function __construct($request, $response, $session = null, $currentRequestId = null, $hiddens = [])
     {
         $this->request = $request;
         $this->response = $response;
         $this->session = $session;
         $this->currentRequestId = $currentRequestId;
+        $this->hiddens = array_merge($hiddens, [
+            'request_request.password',
+            'request_server.PHP_AUTH_PW',
+            'request_headers.php-auth-pw.0',
+        ]);
     }
 
     /**
@@ -108,11 +118,7 @@ public function collect()
         ];
 
         if ($this->session) {
-            $sessionAttributes = [];
-            foreach ($this->session->all() as $key => $value) {
-                $sessionAttributes[$key] = $value;
-            }
-            $data['session_attributes'] = $sessionAttributes;
+            $data['session_attributes'] = $this->session->all();
         }
 
         foreach ($data['request_server'] as $key => $value) {
@@ -125,22 +131,15 @@ public function collect()
             }
         }
 
-        if (isset($data['request_request']['password'])) {
-            $data['request_request']['password'] = '******';
-        }
-
         if (isset($data['request_headers']['authorization'][0])) {
             $data['request_headers']['authorization'][0] = substr($data['request_headers']['authorization'][0], 0, 12) . '******';
         }
 
-        if (isset($data['request_headers']['php-auth-pw'][0])) {
-            $data['request_headers']['php-auth-pw'][0] = '******';
-        }
-
-        if (isset($data['request_server']['PHP_AUTH_PW'])) {
-            $data['request_server']['PHP_AUTH_PW'] = '******';
+        foreach ($this->hiddens as $key) {
+            if (Arr::has($data, $key)) {
+                Arr::set($data, $key, '******');
+            }
         }
-        ;
 
         foreach ($data as $key => $var) {
             if (!is_string($data[$key])) {

src/DataCollector/SessionCollector.php

@@ -5,31 +5,44 @@
 use DebugBar\DataCollector\DataCollector;
 use DebugBar\DataCollector\DataCollectorInterface;
 use DebugBar\DataCollector\Renderable;
+use Illuminate\Support\Arr;
 
 class SessionCollector extends DataCollector implements DataCollectorInterface, Renderable
 {
     /** @var  \Symfony\Component\HttpFoundation\Session\SessionInterface|\Illuminate\Contracts\Session\Session $session */
     protected $session;
+    /** @var array */
+    protected $hiddens;
 
     /**
      * Create a new SessionCollector
      *
      * @param \Symfony\Component\HttpFoundation\Session\SessionInterface|\Illuminate\Contracts\Session\Session $session
+     * @param array $hiddens
      */
-    public function __construct($session)
+    public function __construct($session, $hiddens = [])
     {
         $this->session = $session;
+        $this->hiddens = $hiddens;
     }
 
     /**
      * {@inheritdoc}
      */
     public function collect()
     {
-        $data = [];
-        foreach ($this->session->all() as $key => $value) {
+        $data = $this->session->all();
+
+        foreach ($this->hiddens as $key) {
+            if (Arr::has($data, $key)) {
+                Arr::set($data, $key, '******');
+            }
+        }
+
+        foreach ($data as $key => $value) {
             $data[$key] = is_string($value) ? $value : $this->formatVar($value);
         }
+
         return $data;
     }
 

src/LaravelDebugbar.php

@@ -701,6 +701,7 @@ public function modifyResponse(Request $request, Response $response)
             }
         }
 
+        $sessionHiddens = $app['config']->get('debugbar.options.session.hiddens', []);
         if ($this->app->bound(SessionManager::class)) {
 
             /** @var \Illuminate\Session\SessionManager $sessionManager */
@@ -710,7 +711,7 @@ public function modifyResponse(Request $request, Response $response)
 
             if ($this->shouldCollect('session') && ! $this->hasCollector('session')) {
                 try {
-                    $this->addCollector(new SessionCollector($sessionManager));
+                    $this->addCollector(new SessionCollector($sessionManager, $sessionHiddens));
                 } catch (\Exception $e) {
                     $this->addThrowable(
                         new Exception(
@@ -725,10 +726,14 @@ public function modifyResponse(Request $request, Response $response)
             $sessionManager = null;
         }
 
+        $requestHiddens = array_merge(
+            $app['config']->get('debugbar.options.symfony_request.hiddens', []),
+            array_map(fn ($key) => 'session_attributes.' . $key, $sessionHiddens)
+        );
         if ($this->shouldCollect('symfony_request', true) && !$this->hasCollector('request')) {
             try {
                 $reqId = $this->getCurrentRequestId();
-                $this->addCollector(new RequestCollector($request, $response, $sessionManager, $reqId));
+                $this->addCollector(new RequestCollector($request, $response, $sessionManager, $reqId, $requestHiddens));
             } catch (\Exception $e) {
                 $this->addThrowable(
                     new Exception(
@@ -742,7 +747,7 @@ public function modifyResponse(Request $request, Response $response)
 
         if ($app['config']->get('debugbar.clockwork') && ! $this->hasCollector('clockwork')) {
             try {
-                $this->addCollector(new ClockworkCollector($request, $response, $sessionManager));
+                $this->addCollector(new ClockworkCollector($request, $response, $sessionManager, $requestHiddens));
             } catch (\Exception $e) {
                 $this->addThrowable(
                     new Exception(

src/Support/Clockwork/ClockworkCollector.php

@@ -5,6 +5,7 @@
 use DebugBar\DataCollector\DataCollector;
 use DebugBar\DataCollector\DataCollectorInterface;
 use DebugBar\DataCollector\Renderable;
+use Illuminate\Support\Arr;
 use Symfony\Component\HttpFoundation\Response;
 
 /**
@@ -20,19 +21,28 @@ class ClockworkCollector extends DataCollector implements DataCollectorInterface
     protected $response;
     /** @var  \Symfony\Component\HttpFoundation\Session\SessionInterface $session */
     protected $session;
+    /** @var array */
+    protected $hiddens;
 
     /**
      * Create a new SymfonyRequestCollector
      *
      * @param \Symfony\Component\HttpFoundation\Request $request
      * @param \Symfony\Component\HttpFoundation\Request $response
      * @param \Symfony\Component\HttpFoundation\Session\SessionInterface $session
+     * @param array $hiddens
      */
-    public function __construct($request, $response, $session = null)
+    public function __construct($request, $response, $session = null, $hiddens = [])
     {
         $this->request = $request;
         $this->response = $response;
         $this->session = $session;
+        $this->hiddens = array_merge($hiddens, [
+            'request_request.password',
+            'request_request.PHP_AUTH_PW',
+            'request_request.php-auth-pw',
+            'request_headers.php-auth-pw.0',
+        ]);
     }
 
     /**
@@ -70,19 +80,27 @@ public function collect()
         ];
 
         if ($this->session) {
-            $sessionAttributes = [];
-            foreach ($this->session->all() as $key => $value) {
-                $sessionAttributes[$key] = $value;
-            }
-            $data['sessionData'] = $sessionAttributes;
+            $data['sessionData'] = $this->session->all();
         }
 
-        if (isset($data['postData']['php-auth-pw'])) {
-            $data['postData']['php-auth-pw'] = '******';
+        if (isset($data['headers']['authorization'][0])) {
+            $data['headers']['authorization'][0] = substr($data['headers']['authorization'][0], 0, 12) . '******';
         }
 
-        if (isset($data['postData']['PHP_AUTH_PW'])) {
-            $data['postData']['PHP_AUTH_PW'] = '******';
+        $keyAlias = [
+            'request_query' => 'getData',
+            'request_request' => 'postData',
+            'request_headers' => 'headers',
+            'request_cookies' => 'cookies',
+            'session_attributes' => 'sessionData',
+        ];
+        foreach ($this->hiddens as $key) {
+            $key = explode('.', $key);
+            $key[0] = $keyAlias[$key[0]] ?? $key[0];
+            $key = implode('.', $key);
+            if (Arr::has($data, $key)) {
+                Arr::set($data, $key, '******');
+            }
         }
 
         return $data;