Merge pull request #5 from Globy-App/3-improve-test-coverage

Added tests to test the Hasher standalone class

Author: Sjustein

.github/workflows/ci.yml

@@ -73,7 +73,7 @@ jobs:
       - name: Run test suite
         run: |
           if [[ ${{ matrix.php-version }} == '8.1' ]]; then
-            composer coverage --min=90 --coverage-clover=coverage.xml
+            composer coverage --min=100 --coverage-clover=coverage.xml
           else
             composer pest
           fi

src/Hasher.php

@@ -138,14 +138,19 @@ protected function traverseInputArray(array $inputArray, array $sensitiveKeys):
     /**
      * Traverse an object and replace all values to be redacted with a hashed version of the value
      *
-     * @param object $object        Object to redact values from
+     * @param object $object            Object to redact values from
      * @param array<array-key, mixed>  $sensitiveKeys Keys for which to hash the value
      *
      * @return object The object with redacted values hashed
      */
     protected function traverseObject(object $object, array $sensitiveKeys): object
     {
         foreach (get_object_vars($object) as $key => $value) {
+            if ($value === null) {
+                // Nothing to hash or process
+                continue;
+            }
+
             // If the value is not an array or an object, hash it if it is a sensitive key
             if (is_scalar($value)) {
                 if (in_array($key, $sensitiveKeys) || array_key_exists($key, $sensitiveKeys)) {

tests/HashSensitiveArrayTest.php

@@ -0,0 +1,86 @@
+<?php
+
+declare(strict_types=1);
+
+namespace HashSensitiveTests;
+
+use GlobyApp\HashSensitive\HashSensitiveProcessor;
+use TypeError;
+
+it('redacts records contexts', function (): void {
+    $processor = new HashSensitiveProcessor($this->simpleExample->getSensitiveKeys());
+
+    $record = $this->getRecord(context: $this->simpleExample->getInput());
+    expect($processor($record)->context)->toBe(['test' => 'c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2']);
+});
+
+it('works without sensitive key subtrees', function (): void {
+    $processor = new HashSensitiveProcessor($this->nestedExample->getSensitiveKeys());
+
+    $record = $this->getRecord(context: $this->nestedExample->getInput());
+    expect($processor($record)->context)->toBe(['test' => 'c413de2c94a3a668b82ae2207da4b6961eeeccaff97623e2143d978610cb4746']);
+});
+
+it('truncates masked characters', function (): void {
+    $processor = new HashSensitiveProcessor($this->simpleExample->getSensitiveKeys(), lengthLimit: 5);
+
+    $record = $this->getRecord(context: $this->simpleExample->getInput());
+    // Only `fooba` should be hashed, the first 5 characters of `foobar`
+    expect($processor($record)->context)->toBe(['test' => '41cbe1a87981490351ccad5346d96da0ac10678670b31fc0ab209aed1b5bc515']);
+});
+
+it('doesn\'t truncate more than the string length', function (): void {
+    $processor = new HashSensitiveProcessor($this->simpleExample->getSensitiveKeys(), lengthLimit: 10);
+
+    $record = $this->getRecord(context: $this->simpleExample->getInput());
+    expect($processor($record)->context)->toBe(['test' => 'c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2']);
+});
+
+it('doesn\'t truncate when length limit is 0', function (): void {
+    $processor = new HashSensitiveProcessor($this->simpleExample->getSensitiveKeys(), lengthLimit: 0);
+
+    $record = $this->getRecord(context: $this->simpleExample->getInput());
+    expect($processor($record)->context)->toBe(['test' => null]);
+});
+
+it('doesn\'t truncate when length limit is not set', function (): void {
+    $processor = new HashSensitiveProcessor($this->simpleExample->getSensitiveKeys(), lengthLimit: null);
+
+    $record = $this->getRecord(context: $this->simpleExample->getInput());
+    expect($processor($record)->context)->toBe(['test' => 'c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2']);
+});
+
+it('redacts nested arrays', function (): void {
+    $processor = new HashSensitiveProcessor($this->nestedRedaction->getSensitiveKeys());
+
+    $record = $this->getRecord(context: $this->nestedRedaction->getInput());
+    expect($processor($record)->context)->toBe(['test' => ['nested' => 'c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2']]);
+});
+
+it('keeps non redacted nested arrays intact', function (): void {
+    $processor = new HashSensitiveProcessor($this->nestedNoHash->getSensitiveKeys());
+
+    $record = $this->getRecord(context: $this->nestedNoHash->getInput());
+    expect($processor($record)->context)->toBe(['test' => ['nested' => 'c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2', 'no_hash' => 'foobar']]);
+});
+
+it('doesn\'t break on null values in input array', function (): void {
+    $processor = new HashSensitiveProcessor($this->nestedNull->getSensitiveKeys());
+
+    $record = $this->getRecord(context: $this->nestedNull->getInput());
+    expect($processor($record)->context)->toBe(['test' => ['nested' => null, 'no_hash' => null, null]]);
+});
+
+it('doesn\'t break on null values in sensitive keys (array)', function (): void {
+    $processor = new HashSensitiveProcessor($this->nestedSensitiveNull->getSensitiveKeys());
+
+    $record = $this->getRecord(context: $this->nestedSensitiveNull->getInput());
+    expect($processor($record)->context)->toBe($this->nestedSensitiveNull->getInput());
+});
+
+it('redacts inside nested arrays', function (): void {
+    $processor = new HashSensitiveProcessor($this->insideNested->getSensitiveKeys());
+
+    $record = $this->getRecord(context: $this->insideNested->getInput());
+    expect($processor($record)->context)->toBe(['test' => ['nested' => 'c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2']]);
+});

tests/HashSensitiveObjectTest.php

@@ -0,0 +1,172 @@
+<?php
+
+declare(strict_types=1);
+
+namespace HashSensitiveTests;
+
+use GlobyApp\HashSensitive\HashSensitiveProcessor;
+use TypeError;
+
+it('redacts nested objects', function (): void {
+    $nested = new \stdClass();
+    $nested->value = 'foobar';
+    $nested->nested = ['value' => 'bazqux'];
+
+    $input = ['test' => ['nested' => $nested]];
+    $sensitive_keys = ['test' => ['nested' => ['value', 'nested' => ['value']]]];
+    $processor = new HashSensitiveProcessor($sensitive_keys);
+
+    $record = $this->getRecord(context: $input);
+
+    expect($processor($record)->context)->toBe(['test' => ['nested' => $nested]])
+        ->and($nested->value)->toBe('c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2')
+        ->and($nested->nested['value'])->toBe('972c5e1203896784a7cf9dd60acd443a1065e19ad5f92e59a9180c185f065c04');
+});
+
+it('works without sensitive key subobjects', function (): void {
+    $nested = new \stdClass();
+    $nested->foobar = "test";
+
+    $obj = new \stdClass();
+    $obj->test = $nested;
+
+    $input = ['obj' => $obj];
+    $sensitive_keys = ['test'];
+    $processor = new HashSensitiveProcessor($sensitive_keys);
+
+    $record = $this->getRecord(context: $input);
+    expect($processor($record)->context)->toBe(['obj' => $obj])
+        ->and($obj->test)->toBe('914dba76d2c953789b8ec73425b85bea1c8298815dd0afc1e4fc6c2d8be69648');
+});
+
+it('keeps non redacted nested objects intact', function (): void {
+    $nested = new \stdClass();
+    $nested->value = 'bazqux';
+    $nested->no_hash = 'foobar';
+
+    $value = new \stdClass();
+    $value->value = 'foobar';
+    $value->nested = $nested;
+
+    $input = ['test' => ['nested' => $value]];
+    $sensitive_keys = ['test' => ['nested' => ['value', 'nested' => ['value']]]];
+    $processor = new HashSensitiveProcessor($sensitive_keys);
+
+    $record = $this->getRecord(context: $input);
+
+    expect($processor($record)->context)->toBe(['test' => ['nested' => $value]])
+        ->and($value->value)->toBe('c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2')
+        ->and($value->nested)->toBe($nested)
+        ->and($nested->value)->toBe('972c5e1203896784a7cf9dd60acd443a1065e19ad5f92e59a9180c185f065c04')
+        ->and($nested->no_hash)->toBe('foobar');
+});
+
+it('doesn\'t break on null values in input object', function (): void {
+    $nested = new \stdClass();
+    $nested->value = null;
+    $nested->no_hash = null;
+
+    $value = new \stdClass();
+    $value->value = 'foobar';
+    $value->nested = $nested;
+
+    $input = ['test' => ['nested' => $value]];
+    $sensitive_keys = ['test' => ['nested' => ['value', 'nested' => ['value']]]];
+    $processor = new HashSensitiveProcessor($sensitive_keys);
+
+    $record = $this->getRecord(context: $input);
+
+    expect($processor($record)->context)->toBe(['test' => ['nested' => $value]])
+        ->and($value->value)->toBe('c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2')
+        ->and($value->nested)->toBe($nested)
+        ->and($nested->value)->toBeNull()
+        ->and($nested->no_hash)->toBeNull();
+});
+
+it('doesn\'t break on null values in sensitive keys (object)', function (): void {
+    $nested = new \stdClass();
+    $nested->value = 'foobar';
+    $nested->nested = ['value' => 'bazqux', 'no_hash' => 'foobar'];
+
+    $input = ['test' => ['nested' => $nested]];
+    $sensitive_keys = ['test' => ['nested' => [null, 'nested' => [null], null], null], null];
+    $processor = new HashSensitiveProcessor($sensitive_keys);
+
+    $record = $this->getRecord(context: $input);
+
+    expect($processor($record)->context)->toBe(['test' => ['nested' => $nested]])
+        ->and($nested->nested['no_hash'])->toBe('foobar');
+});
+
+it('redacts inside nested objects', function (): void {
+    $nested = new \stdClass();
+    $nested->value = 'foobar';
+    $nested->nested = ['value' => 'bazqux'];
+
+    $input = ['test' => ['nested' => $nested]];
+    $sensitive_keys = ['nested' => ['value']];
+    $processor = new HashSensitiveProcessor($sensitive_keys);
+
+    $record = $this->getRecord(context: $input);
+
+    expect($processor($record)->context)->toBe(['test' => ['nested' => $nested]])
+        ->and($nested->value)->toBe('c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2')
+        ->and($nested->nested['value'])->toBe('972c5e1203896784a7cf9dd60acd443a1065e19ad5f92e59a9180c185f065c04');
+});
+
+it('it hashes all instances with exclusiveSubtree false in nested objects', function (): void {
+    $nested = new \stdClass();
+    $nested->to_hash = 'test_value';
+    $nested->test = 'test';
+
+    $value = new \stdClass();
+    $value->test_key = 'test_value';
+    $value->test_subkey = $nested;
+
+    $input = ['nested' => $value];
+    $sensitive_keys = ['test', 'test_subkey' => ['to_hash']];
+    $processor = new HashSensitiveProcessor($sensitive_keys, exclusiveSubtree: false);
+
+    $record = $this->getRecord(context: $input);
+    expect($processor($record)->context)->toBe(['nested' => $value])
+        ->and($value->test_key)->toBe('test_value')
+        ->and($value->test_subkey)->toBe($nested)
+        ->and($nested->to_hash)->toBe('4f7f6a4ae46676d9751fdccdf15ae1e6a200ed0de5653e06390148928c642006')
+        ->and($nested->test)->toBe('9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08');
+});
+
+it('ensures exclusiveSubtree is turned on by default for objects', function (): void {
+    $nested = new \stdClass();
+    $nested->to_hash = 'test_value';
+    $nested->test = 'test';
+
+    $value = new \stdClass();
+    $value->test_key = 'test_value';
+    $value->test_subkey = $nested;
+
+    $input = ['nested' => $value];
+    $sensitive_keys = ['test', 'test_subkey' => ['to_hash']];
+    $processor = new HashSensitiveProcessor($sensitive_keys);
+
+    $record = $this->getRecord(context: $input);
+    expect($processor($record)->context)->toBe(['nested' => $value])
+        ->and($value->test_key)->toBe('test_value')
+        ->and($value->test_subkey)->toBe($nested)
+        ->and($nested->to_hash)->toBe('4f7f6a4ae46676d9751fdccdf15ae1e6a200ed0de5653e06390148928c642006')
+        ->and($nested->test)->toBe('test');
+});
+
+it('preserves empty values in objects', function (): void {
+    $nested = new \stdClass();
+    $nested->test = 'foobar';
+    $nested->optionalKey = '';
+
+    $input = ['nested' => $nested];
+    $sensitive_keys = ['test', 'optionalKey'];
+    $processor = new HashSensitiveProcessor($sensitive_keys);
+
+    $record = $this->getRecord(context: $input);
+    expect($processor($record)->context)->toBe(['nested' => $nested])
+        ->and($nested->test)->toBe('c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2')
+        ->and($nested->optionalKey)->toBeNull();
+});