*/ private const array SENSITIVE_KEY_PATTERNS = [ '/password/i', '/secret/i', '/token/i', '/client[_-]?secret/i', '/private[_-]?key/i', '/shared[_-]?secret/i', '/preshared/i', '/certificate/i', ]; /** * @param array $payload * @return array */ public function redactPayload(array $payload): array { return $this->redactValue($payload); } /** * @param array>|null $assignments * @return array>|null */ public function redactAssignments(?array $assignments): ?array { if ($assignments === null) { return null; } $redacted = $this->redactValue($assignments); return is_array($redacted) ? $redacted : $assignments; } /** * @param array>|null $scopeTags * @return array>|null */ public function redactScopeTags(?array $scopeTags): ?array { if ($scopeTags === null) { return null; } $redacted = $this->redactValue($scopeTags); return is_array($redacted) ? $redacted : $scopeTags; } private function isSensitiveKey(string $key): bool { foreach (self::SENSITIVE_KEY_PATTERNS as $pattern) { if (preg_match($pattern, $key) === 1) { return true; } } return false; } private function redactValue(mixed $value): mixed { if (! is_array($value)) { return $value; } $redacted = []; foreach ($value as $key => $item) { if (is_string($key) && $this->isSensitiveKey($key)) { $redacted[$key] = self::REDACTED; continue; } $redacted[$key] = $this->redactValue($item); } return $redacted; } }