MindscapeHQ/raygun4php

Exclusion of sensitive data

Closed this issue · 10 comments

I have a problem. The main Raygun's documentation contains one magic sentence. "Note that when any filters are defined, the Raygun error will no longer contain the raw HTTP data, since there's no effective way to filter it.". In this situation, I wonder how I can encrypt selected sensitive data and transfer the necessary data from rawData? For each registered error I need to know what request flew to my api. However, encryption makes me not able to see it. Is there any way to do this?

Hi @siekanski

You could include the request data in the UserCustomData, this is an associative array that can be sent with the error payload.

This could be set at the top level to be sent with each payload.

For example:

$tags = [];
$customData = [
  "requestUri" => "ENCRYPTED_REQUEST_DATA_HERE"
];

set_error_handler(function ($errno, $errstr, $errfile, $errline) use ($raygunClient, $tags, $customData) {
  $raygunClient->SendError($errno, $errstr, $errfile, $errline, $tags, $customData);
});

Or when a specific exception occurs:

try {
  // ...
} catch (Exception $e) {
  $customData = [
    "requestUri" => "ENCRYPTED_REQUEST_DATA_HERE"
  ];

  $raygunClient->SendException($e, null, $customData);
}

In this case, you would need to ensure that the request data does not contain any PII or other sensitive data. Let me know if this could work for you. You can also contact support directly here if you would like to discuss this further.

Thanks
Sam

Hi @samuel-holt ,

Thank you very much for such a quick and professional response. Your solution is enough for me and is helpful. We can close this topic. :)

Best regards,
siekan

@samuel-holt

I have one more question, but I will write it already here. Are you able to help me with logging in to both the api and the docker? It seems to me that after the implementation of your client, login takes place only on the site, while the docker logs command has stopped recording it.

Thanks
siekan

Hi @siekanski

I've created this PR that has an example docker config. I did run into an issue where the log file was not outputting, which I solved here by changing the owner of the /var/www directory to be www-data. I did also have to create the src/debug.log file before doing the docker-compose build.

Let me know if this is helpful, or contact us here if you want to discuss it in greater detail.

Thanks
Sam

Hi @samuel-holt

Thanks for the reply, however the problem I'm facing is this: errors are being sent to the raygun but there is no exact error message being passed. I know where something happened and what the request was, but I have no information, as is always the case in docker logs, what the exact error message is. I've only got a brief, e. g. Undefinet offset [3]. In dokcer logs in the same situation I have information what is wrong with the parameter and I know exactly what to look for. What's more after plugging the raygun in, as I wrote, the errors go to the raygun application but automatically the logs in the docker stop displaying any message. All I know is that it flew 500 and nothing else. Here is a piece on how to plug in the raygun.

` $transport = new GuzzleAsync($httpClient);
$raygunClient = new RaygunClient($transport);
$raygunClient = RaygunService::filterParams($raygunClient);
$tags = [];
$customData = [
"requestUri" => RaygunService::createRequestUri($request)
];

set_error_handler(function ($errno, $errstr, $errfile, $errline) use ($raygunClient, $tags, $customData) {
    $raygunClient->SendError($errno, $errstr, $errfile, $errline, $tags, $customData);
});

set_exception_handler(function ($exception) use ($raygunClient, $customData) {
    $raygunClient->SendException($exception, null, $customData);
});

register_shutdown_function(function () use ($raygunClient, $tags, $customData) {
    $lastError = error_get_last();

    if ($lastError !== null) {
        [$type, $message, $file, $line] = $lastError;
        $raygunClient->SendError($type, $message, $file, $line, $tags, $customData);
    }
});

register_shutdown_function([$transport, 'wait']);`

I need a way to get the error messages into both the raygun app as well as the docker logs

Hi @siekanski,

Sorry, I misunderstood your previous message. Fortunately, setting up a Docker container helped to solve this. In this case, I would recommend using the PHP error_log function. For example:

set_error_handler(function ($errno, $errstr, $errfile, $errline) use ($raygunClient, $tags, $customData) {
    $raygunClient->SendError($errno, $errstr, $errfile, $errline, $tags, $customData);
    error_log("[RAYGUN_CAPTURED_ERROR] {$errstr}", $errno, $errfile);
});

I can now see the following logged in my docker log:

web_1  | [Wed Apr 28 04:14:54.265646 2021] [php7:notice] [pid 18] [client 127.0.0.1:46664] [RAYGUN_CAPTURED_ERROR] Undefined index: time
web_1  | [Wed Apr 28 04:14:54.266654 2021] [php7:notice] [pid 18] [client 127.0.0.1:46664] [RAYGUN_CAPTURED_ERROR] Undefined index: distance

Thanks,
Sam

@samuel-holt @siekanski Has this been resolved? Or is there still some issue here?

we can close it