A Laravel package to scrub sensitive information that breaks operational security policies from being leaked on accident or not by developers.

Issue

1. THE ARTISAN COMMAND OFFERED TO CREATE Scrubber Detection Classes DOES NOT WORK CORRECTLY

The artisan command does not scaffold the correct implementation of the interface. it produces a class in the format:

<?php
namespace App\Scrubber\RegexCollection;
use YorCreative\Scrubber\Interfaces\RegexCollectionInterface;

class TrialClass implements RegexCollectionInterface
{
    public function getPattern(): string
    {
        /**
         * @todo
         * @note return a regex pattern to detect a specific piece of sensitive data.
         */
    }

    public function getTestableString(): string
    {
        /**
         * @todo
         * @note return a string that can be used to verify the regex pattern provided.
         */
    }
}

instead of

  <?php
  
  namespace YorCreative\Scrubber\RegexCollection;
  
  use YorCreative\Scrubber\Interfaces\RegexCollectionInterface;
  
  class AuthorizationBasic implements RegexCollectionInterface
  {
      public function getPattern(): string
      {
          return '(?<=basic) [a-zA-Z0-9=:_\+\/-]{5,100}';
      }
  
      public function getTestableString(): string
      {
          return 'basic f9Iu+YwMiJEsQu/vBHlbUNZRkN/ihdB1sNTU';
      }
  
      public function isSecret(): bool
      {
          return false;
      }
  } 

2. ADDING A CUSTOM Scrubber Detection Classes SIMPLY DOES NOT WORK

with the isSecret() method implemented. however that is a non issue i can correct the implementation in my code however it fails to work, infact it seems not to work at all when when there is any file in that folder it creates

App\Scrubber\RegexCollection;

This is despite being used as prescribed and specified in the configuration as shown below, WITH OR WITHOUT THE CHANGES IN CONFIGURATION, the thing does not work in fact it does not even show any logs as long as there is a class in the said folder

3. TOOL ONLY SEEMS TO WORK WITH ITS STOCK 'single' log channel CANNOT WORK WITH papertrail OR ANY OTHER

To mitigate the issue, i deleted and added my customizations directly in the code base in the vendor package and added it to the default RegexCollection ok now the tool is working as i expect however now

The package cannot intercept logs sent over to papertrail and i cannot find a way to handle that. tried to add it as a tap like this in config/logging 'tap' => [ScrubberTap::class], still no success no logs then tried to edit package to add the tap directly like this

$this->app->make('config')->set('logging.channels.papertrail.tap', [
            ScrubberTap::class,
]);

The logs fail to come in and now there seems to be absolutely no hacks that i can do to get past this I really need help.

It seems after the latest update the tool broke, I thought it was not seeing the parts to redact in the logs yet but no. This is with the vanilla configuration. What is going on well is now i can get my logs on any channel and especially, papertrail, Yes this is good: but now it seems that it stopped redacting be it on local ie single channel or papertrail. Mark you this time I even tried to directly fix it to the RegexCollection class as a hack like last time, it seems just not getting invoked in the first place. Please check out on it.

Also am writing a custom reducter This is want to work:

'regex_loader' => [
        '*',
        "CustomRegexReducter", ///tried this not working
        CustomRegexReducter::class, ///tried this still not working
    ], 

This is tried with a very simple regex as last time:

<?php

// namespace App\Scrubber\RegexCollection;

namespace YorCreative\Scrubber\RegexCollection;

use YorCreative\Scrubber\Interfaces\RegexCollectionInterface;

class CustomRegexReducter implements RegexCollectionInterface
{
    public function getPattern(): string
    {
        /**
         * @todo
         * @note return a regex pattern to detect a specific piece of sensitive data.
         */
        return "process";
    }

    public function getTestableString(): string
    {
        /**
         * @todo
         * @note return a string that can be used to verify the regex pattern provided.
         */
        return "process";
    }

    public function isSecret(): bool
    {
        return false;
    }
}

However I suppose it wont work unless the above is resolved.

Trying to debug what could be wrong i added several dd through out the code, maybe you could:

CHECK FOR COVERAGE:

it seems the code is not even reaching this point, that dd("registering") //check above imageis not called on the callback unless am wrong.

Running composer install on my test environment (which does not have the sqlite PHP extension), I get the following error:

$ composer install --no-interaction --prefer-dist --no-scripts -o
Installing dependencies from lock file (including require-dev)
Verifying lock file contents can be installed on current platform.
Your lock file does not contain a compatible set of packages. Please run composer update.

  Problem 1
    - yorcreative/laravel-scrubber is locked to version v2.2.1 and an update of this package was not requested.
    - yorcreative/laravel-scrubber v2.2.1 requires ext-pdo_sqlite * -> it is missing from your system. Install or enable PHP's pdo_sqlite extension.

It seems to me that this is caused by including

"ext-pdo_sqlite": "*",

in composer.json. Please move that to "require-dev"

Config block

• Removed double question marks
• Empty defaults are better than 'change-me' being sent

Usage

• Minor flow changes

Regex Collection & Defining Opt-in

• A link here was pointing to a blob, while it'll always be correct, if the codebase changes, this section would need to be updated anyway.

Secret Manager

• Changed title for "About the Scrubber" to be more descriptive
• Cleaned up sentence flow

Encryption

• Cleaned up minor sentence structure

• Added strategy to load channel taps.
• Added 3 loaders: wildcard, specific and multiple channel tap loaders.
• Added test coverage for tap loader strategy.
• Added "tap_channels" to config with wildcard default.
• Added log channel opt-in information to README

I cannot see my logs when I have this enabled, No error is thrown but application works correctly. I am on Laravel 9. This happens even with default configuration

• Added regex loader strategy w/ test coverage
• Added regex class opt in ability.
• Added RegexCollection class with static strings of all available regex classes.
• Updated readme with opt-in information.

Problem:

By default all regex classes are booted up and used to detect and sanitize content. This is not optimal and an application should be able to opt-in to which regex classes are used.

Expectation

An application should be able to define in the configuration file what classes to boot. If no classes are opted-in, the application will boot all regex classes.