Merge pull request vindi#116 from cedran/master

fix: LOGS - aplicacao de mascara no CVV e no registry_code
bizcommerce · Aug 19, 2024 · 4e23cb6 · 4e23cb6
2 parents fc2091c + 9e02905
commit 4e23cb6
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 5 deletions.
diff --git a/Helper/Api.php b/Helper/Api.php
@@ -270,7 +270,9 @@ private function sanitizeData($data)
             '/"expiration_date":\s*"\d{2}\/\d{2}"/',
             '/"password":\s*".*?"/',
             '/"email":\s*".*?"/',
-            '/"phone":\s*"\d+"/'
+            '/"phone":\s*"\d+"/',
+            '/"card_cvv":\s*"\d+"/',
+            '/"registry_code":\s*"\d+"/'
         ];
 
         $replacements = [
@@ -279,10 +281,11 @@ private function sanitizeData($data)
             '"expiration_date": "**/**"',
             '"password": "********"',
             '"email": "********@****.***"',
-            '"phone": "**********"'
+            '"phone": "**********"',
+            '"card_cvv": "***"',
+            '"registry_code": "************"'
         ];
 
         return preg_replace($patterns, $replacements, $data);
     }
 }
-
diff --git a/Helper/WebhookHandler.php b/Helper/WebhookHandler.php
@@ -133,6 +133,12 @@ private function logApiRequest($endpoint, $method, $requestBody, $description)
         $this->logResource->save($log);
     }
 
+    /**
+     * Sanitize sensitive data from the provided input
+     *
+     * @param string $data
+     * @return string
+     */
     private function sanitizeData($data)
     {
         $patterns = [
@@ -141,7 +147,9 @@ private function sanitizeData($data)
             '/"expiration_date":\s*"\d{2}\/\d{2}"/',
             '/"password":\s*".*?"/',
             '/"email":\s*".*?"/',
-            '/"phone":\s*"\d+"/'
+            '/"phone":\s*"\d+"/',
+            '/"card_cvv":\s*"\d+"/',
+            '/"registry_code":\s*"\d+"/'
         ];
 
         $replacements = [
@@ -150,7 +158,9 @@ private function sanitizeData($data)
             '"expiration_date": "**/**"',
             '"password": "********"',
             '"email": "********@****.***"',
-            '"phone": "**********"'
+            '"phone": "**********"',
+            '"card_cvv": "***"',
+            '"registry_code": "************"'
         ];
 
         return preg_replace($patterns, $replacements, $data);