Skip to content

Commit

Permalink
fix: LOG - refatoracao nas expressoes regulares
Browse files Browse the repository at this point in the history
  • Loading branch information
@devbizcommerce
devbizcommerce committed Aug 21, 2024
1 parent d52271b commit 702f9a3
Show file tree
Hide file tree
Showing 3 changed files with 68 additions and 76 deletions.
58 changes: 17 additions & 41 deletions Helper/Api.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,12 +100,14 @@ public function request($endpoint, $method = 'POST', $data = [], $dataToLog = nu
$requestId = number_format(microtime(true), 2, '', '');
$dataToLog = null !== $dataToLog ? json_encode($dataToLog) : $requestBody;

$sanitizedDataToLog = $this->helperData->sanitizeData($dataToLog);

$this->logger->info(__(sprintf(
'[Request #%s]: New Api Request.\n%s %s\n%s',
$requestId,
$method,
$url,
$dataToLog
$sanitizedDataToLog
)));

$ch = curl_init();
Expand Down Expand Up @@ -137,8 +139,9 @@ public function request($endpoint, $method = 'POST', $data = [], $dataToLog = nu
$body = substr($response, curl_getinfo($ch, CURLINFO_HEADER_SIZE));

if (curl_errno($ch) || $response === false) {
$sanitizedResponse = $this->helperData->sanitizeData(print_r($response, true));
$this->logger->error(
__(sprintf('[Request #%s]: Error while executing request!\n%s', $requestId, print_r($response, true)))
__(sprintf('[Request #%s]: Error while executing request!\n%s', $requestId, $sanitizedResponse))
);
curl_close($ch);
$this->logApiRequest($endpoint, $method, $requestBody, $response, $statusCode, 'Error while executing request');
Expand All @@ -149,14 +152,17 @@ public function request($endpoint, $method = 'POST', $data = [], $dataToLog = nu

$status = "HTTP Status: $statusCode";

$this->logger->info(__(sprintf('[Request #%s]: New API Answer.\n%s\n%s', $requestId, $status, $body)));
$sanitizedBody = $this->helperData->sanitizeData($body);

$this->logger->info(__(sprintf('[Request #%s]: New API Answer.\n%s\n%s', $requestId, $status, $sanitizedBody)));
$responseBody = json_decode($body, true);

if (!$responseBody) {
$sanitizedBody = $this->helperData->sanitizeData(print_r($body, true));
$this->logger->info(__(sprintf(
'[Request #%s]: Error while recovering request body! %s',
$requestId,
print_r($body, true)
$sanitizedBody
)));

$this->logApiRequest($endpoint, $method, $requestBody, $response, $statusCode, 'Error while recovering request body');
Expand Down Expand Up @@ -199,9 +205,11 @@ private function checkResponse($response, $endpoint)
foreach ($response['errors'] as $error) {
$message = $this->getErrorMessage($error, $endpoint);

$this->messageManager->addErrorMessage($message);
$sanitizedMessage = $this->helperData->sanitizeData($message);

$this->lastError = $message;
$this->messageManager->addErrorMessage($sanitizedMessage);

$this->lastError = $sanitizedMessage;
}

return false;
Expand Down Expand Up @@ -241,8 +249,8 @@ private function getErrorMessage($error, $endpoint)
*/
private function logApiRequest($endpoint, $method, $requestBody, $responseBody, $statusCode, $description)
{
$sanitizedRequestBody = $this->sanitizeData($requestBody);
$sanitizedResponseBody = $this->sanitizeData($responseBody);
$sanitizedRequestBody = $this->helperData->sanitizeData($requestBody);
$sanitizedResponseBody = $this->helperData->sanitizeData($responseBody);

$log = $this->logFactory->create();
$log->setData([
Expand All @@ -255,37 +263,5 @@ private function logApiRequest($endpoint, $method, $requestBody, $responseBody,
]);
$this->logResource->save($log);
}

/**
* Sanitize sensitive data in the log entries
*
* @param string $data
* @return string
*/
private function sanitizeData($data)
{
$patterns = [
'/"card_number":\s*"\d+"/',
'/"cvv":\s*"\d+"/',
'/"expiration_date":\s*"\d{2}\/\d{2}"/',
'/"password":\s*".*?"/',
'/"email":\s*".*?"/',
'/"phone":\s*"\d+"/',
'/"card_cvv":\s*"\d+"/',
'/"registry_code":\s*"\d+"/'
];

$replacements = [
'"card_number": "**** **** **** ****"',
'"cvv": "***"',
'"expiration_date": "**/**"',
'"password": "********"',
'"email": "********@****.***"',
'"phone": "**********"',
'"card_cvv": "***"',
'"registry_code": "************"'
];

return preg_replace($patterns, $replacements, $data);
}
}

45 changes: 45 additions & 0 deletions Helper/Data.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -200,4 +200,49 @@ public function isSubscriptionOrder(Order $order)

return false;
}

/**
* Sanitize sensitive data in the log entries
*
* @param string $data
* @return string
*/
public function sanitizeData($data)
{
$patterns = [
'/"card_number":\s*"\d+"/',
'/"cvv":\s*"\d+"/',
'/"expiration_date":\s*"\d{2}\/\d{2}"/',
'/"password":\s*".*?"/',
'/"email":\s*".*?"/',
'/"phone":\s*"\d+"/',
'/"card_cvv":\s*"\d+"/',
'/"registry_code[_\d]*":\s*"\d[\d.\/\\\\-]*"/',
'/"holder_name":\s*".*?"/',
'/"street":\s*".*?"/',
'/"number":\s*".*?"/',
'/"zipcode":\s*"\d+"/',
'/"token":\s*".*?"/',
'/"gateway_token":\s*".*?"/'
];

$replacements = [
'"card_number": "**** **** **** ****"',
'"cvv": "***"',
'"expiration_date": "**/**"',
'"password": "********"',
'"email": "********@****.***"',
'"phone": "**********"',
'"card_cvv": "***"',
'"registry_code$1": "************"',
'"holder_name": "********"',
'"street": "********"',
'"number": "***"',
'"zipcode": "*****-***"',
'"token": "************"',
'"gateway_token": "************"'
];

return preg_replace($patterns, $replacements, $data);
}
}
41 changes: 6 additions & 35 deletions Helper/WebhookHandler.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ class WebhookHandler
private $subscription;
private $logFactory;
private $logResource;
private $helperData;

public function __construct(
RemoteAddress $remoteAddress,
Expand All @@ -37,7 +38,8 @@ public function __construct(
BillCanceled $billCanceled,
Subscription $subscription,
LogFactory $logFactory,
LogResource $logResource
LogResource $logResource,
Data $helperData
) {
$this->remoteAddress = $remoteAddress;
$this->logger = $logger;
Expand All @@ -48,6 +50,7 @@ public function __construct(
$this->subscription = $subscription;
$this->logFactory = $logFactory;
$this->logResource = $logResource;
$this->helperData = $helperData;
}

public function getRemoteIp()
Expand Down Expand Up @@ -124,45 +127,13 @@ private function logApiRequest($endpoint, $method, $requestBody, $description)
$log->setData([
'endpoint' => $endpoint,
'method' => $method,
'request_body' => $this->sanitizeData($requestBody),
'request_body' => $this->helperData->sanitizeData($requestBody),
'response_body' => null,
'status_code' => 200,
'description' => $description,
'origin' => 'webhook'
]);
$this->logResource->save($log);
}

/**
* Sanitize sensitive data from the provided input
*
* @param string $data
* @return string
*/
private function sanitizeData($data)
{
$patterns = [
'/"card_number":\s*"\d+"/',
'/"cvv":\s*"\d+"/',
'/"expiration_date":\s*"\d{2}\/\d{2}"/',
'/"password":\s*".*?"/',
'/"email":\s*".*?"/',
'/"phone":\s*"\d+"/',
'/"card_cvv":\s*"\d+"/',
'/"registry_code":\s*"\d+"/'
];

$replacements = [
'"card_number": "**** **** **** ****"',
'"cvv": "***"',
'"expiration_date": "**/**"',
'"password": "********"',
'"email": "********@****.***"',
'"phone": "**********"',
'"card_cvv": "***"',
'"registry_code": "************"'
];

return preg_replace($patterns, $replacements, $data);
}
}

0 comments on commit 702f9a3

Please sign in to comment.