I am using the Yii2 framework and need to find a way to protect sensitive data that is going to the log files.
Consider the following log dump
$_POST = [
'_csrf' => 'VzVDNC03aXk9BAhOYEMPPzkDG2BvQwELDwZuV2VzUDUjTSJuRl4FCQ=='
'CreditCardForm' => [
'card_number' => '4111111111111111'
'exp_month' => '02'
'exp_year' => '16'
'cardholder_name' => 'Jane Doe'
'agreement' => '1'
]
]
I would like to modify the behavior of \yii\log\Target.getContextMessage() in a portable way without touching the framework files so that the first 12 digits of the credit card number are masked.
My current thought is to alter $_POST global after making a copy of the values into the model that does the processing.
Any other suggestions?
In web/index.php I added the following
global $SAFE_POST;
if(is_array($_POST)) {
$SAFE_POST = $_POST;
array_walk_recursive($SAFE_POST,function(&$value,$key) {
if($key == 'card_number' && is_string($value)) {
if(strlen($value) <= 4)
$value = str_repeat('X',strlen($value));
else
$value = str_repeat('X',strlen($value)-4).substr($value,-4);
}
});
}
Then I configured my LogTarget to use the new global.
log' => [
'traceLevel' => YII_DEBUG ? 3 : 0,
'targets' => [
[
'class' => 'yii\log\FileTarget',
'levels' => ['error', 'warning', 'info'],
'logVars' => ['_GET', 'SAFE_POST', '_FILES', '_COOKIE', '_SESSION', '_SERVER']
],
],
],