yupmin/magoo

PHP library to mask (redact) credit card numbers, emails and more.


Keywords
security, email, credit card, obfuscation, mask, redact, Masking, sensitive, Bleep out
License
MIT

Documentation

Pachico\Magoo

Testing

original package pachico/magoo is abandoned. this is for php 7.1,8.0,8.1

Magoo is a PHP library that will mask sensitive data in strings. Built-in masks use regex to find credit card numbers, emails, etc. and will mask only those, leaving the rest of the strings intact. This might be useful, for instance, to log sensitive user input.

You can also mask strings that match your own regex or inject masking class as long as they implement a simple interface.

Multidimensional arrays can also be masked and use it can be used to mask PSR-3 compliant logger libraries, such as Monolog.

Use the issues page to request masks to implement.

Table of contents

Install

Via Composer:

composer require pachico/magoo

Usage

Generic

This is a generic usage of the library.

use Pachico\Magoo\Magoo;

$magoo = new Magoo();
$magoo->pushCreditCardMask()
    ->pushEmailMask()
    ->pushByRegexMask('/(email)+/m');

$mySensitiveString = 'My email is roy@trenneman.com and my credit card is 6011792594656742';

echo $magoo->getMasked($mySensitiveString);

// 'My ***** is ***@trenneman.com and my credit card is ************6742'

Mask credit cards

Credit card mask accepts a custom replacement.

use Pachico\Magoo\Magoo;

$magoo = new Magoo();
$magoo->pushCreditCardMask('路');

$mySensitiveString = 'This is my credit card number: 4111 1111 1111 1111.';

echo $magoo->getMasked($mySensitiveString);

// This is my credit card number: 路路路路路路1111.

Mask emails

Email mask accepts as optional parameters the replacement for local and domain parts.

use Pachico\Magoo\Magoo;

$magoo = new Magoo();
$magoo->pushEmailMask('$', '*');

$mySensitiveString = 'My email is pachicodev@gmail.com but I need privacy.';

echo $magoo->getMasked($mySensitiveString);

// My email is $$$$$$$$$$@********* but I need privacy.

Mask by regex

Regex mask will replace matches with strings that are long as each individual match. It requires a regex and accepts custom replacement.

use Pachico\Magoo\Magoo;

$magoo = new Magoo();
$magoo->pushByRegexMask('(\d+)', '_');

$mySensitiveString = 'My telephone number is 639.639.639. Call me at 19:00!';

echo $magoo->getMasked($mySensitiveString);

// My telephone number is ___.___.___. Call me at __:__!

Reset

You might want to use the same instance of Magoo in your application but not the same masks everytime. You can reset all masks at any time by using the reset() method.

use Pachico\Magoo\Magoo;

$magoo = new Magoo();
$magoo->pushCreditCardMask()->pushByRegexMask('(\d+)', '_');

$mySensitiveString = 'My CC is 4111 1111 1111 1111 and my telephone number is 639.639.639.';

echo $magoo->getMasked($mySensitiveString);

// My CC is ************____ and my telephone number is ___.___.___.

$magoo->reset();

echo $magoo->getMasked($mySensitiveString);

// My CC is 4111 1111 1111 1111 and my telephone number is 639.639.639.

Custom masks

Additionally, you can add your own mask as long as it implements Maskinterface.

use Pachico\Magoo\Magoo;

class FooMask implements \Pachico\Magoo\Mask\MaskInterface
{
    protected $replacement = '*';

    public function __construct(array $params = [])
    {
        if (isset($params['replacement']) && is_string($params['replacement'])) {
            $this->replacement = $params['replacement'];
        }
    }

    public function mask($string)
    {
        return str_replace('foo', $this->replacement, $string);
    }
}
$magoo = new Magoo();
$customMask = new FooMask(['replacement' => 'bar']);
$magoo->pushMask($customMask);

$mySensitiveString = 'It is time to go to the foo.';

echo $magoo->getMasked($mySensitiveString);

// It is time to go to the bar.

Mask arrays

Magoo includes a handy way to mask multidimensional arrays, which can be useful, for instance, for logger contexts.

use Pachico\Magoo\Magoo;
use Pachico\Magoo\MagooArray;

$magoo =new Magoo();
$magoo->pushByRegexMask('(foo)', 'bar');
$magooArray = new MagooArray($magoo);

$mySensitiveArray = [
    'It is time to go to the foo.',
    [
        'It is never too late to go the foo.'
    ],
    new DateTime()
];

$magooArray->getMasked($mySensitiveArray);

will output

Array
(
    [0] => It is time to go to the bar.
    [1] => Array
        (
            [0] => It is never too late to go the bar.
        )

    [2] => DateTime Object
        (
            [date] => 2020-08-21 11:44:33.000000
            [timezone_type] => 3
            [timezone] => UTC
        )

)

##Mask PSR-3 logger You can also use Magoo as a wrapper for PSR-3 compliant loggers. In this example, we use Monolog.

use Pachico\Magoo\Magoo;
use Pachico\Magoo\MagooLogger;
use Monolog\Logger;
use Monolog\Handler\ErrorLogHandler;

$magoo = new Magoo();
$magoo->pushByRegexMask('(foo)', 'bar');

$logger = new Logger('app');
$handler = new ErrorLogHandler();
$logger->pushHandler($handler);
$magooLogger = new MagooLogger($logger, $magoo);

$mySensitiveString = 'It is time to go to the foo.';

$magooLogger->warning($mySensitiveString);

// [2020-08-20 15:54:34] app.WARNING: It is time to go to the bar. [] []

Change log

Please see CHANGELOG for more information what has changed recently.

Testing

$ composer test

Contributing

Please see CONTRIBUTING and CONDUCT for details.

Security

If you discover any security related issues, please email pachicodev@gmail.com instead of using the issue tracker.

Credits

License

The MIT License (MIT). Please see License File for more information.

Help

Please report any bug you might find and/or collaborate with your own masks.