Skip to content

Missing: Log redaction patterns incomplete for common sensitive data #16

New issue
New issue
Open
Open
Missing: Log redaction patterns incomplete for common sensitive data#16
Labels
lang:phpPHP/Laravel
@Snider

Description

@Snider
Snider
opened on Feb 1, 2026

Description

The LogReaderService has redaction patterns but misses some common sensitive data formats.

Location

  • File: src/Services/LogReaderService.php
  • Lines: 20-55

Issue

Current patterns redact:

  • Stripe keys, GitHub tokens, Bearer tokens
  • AWS credentials, database connection strings
  • Emails, IPs, credit card numbers
  • JWTs, private keys, common env vars

Missing patterns:

  • Slack webhooks (https://hooks.slack.com/services/...)
  • SendGrid API keys (SG.*)
  • Twilio credentials (SK*, AC*)
  • Google API keys (AIza*)
  • Azure connection strings
  • SSH keys in other formats (PuTTY, etc.)
  • Session IDs in URLs
  • Basic auth in URLs (user:pass@host)
  • Phone numbers (potential PII)

Recommendation

Add patterns for:

  1. Common SaaS API keys (Slack, SendGrid, Twilio, Google)
  2. Cloud provider connection strings (Azure, GCP)
  3. Authentication credentials in URLs
  4. Consider making patterns configurable via config file

Severity

Low - Some sensitive data may not be redacted but core patterns exist

Metadata

Metadata

Assignees

No one assigned

    Labels

    lang:phpPHP/Laravel

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions