Add logging feature to the sanitizer

Author: tgalopin

src/Sanitizer.php

@@ -20,6 +20,7 @@
 use HtmlSanitizer\Extension\Table\TableExtension;
 use HtmlSanitizer\Parser\MastermindsParser;
 use HtmlSanitizer\Parser\ParserInterface;
+use Psr\Log\LoggerInterface;
 
 /**
  * @author Titouan Galopin <galopintitouan@gmail.com>
@@ -43,11 +44,17 @@ class Sanitizer implements SanitizerInterface
      */
     private $parser;
 
-    public function __construct(DomVisitorInterface $domVisitor, int $maxInputLength, ParserInterface $parser = null)
+    /**
+     * @var LoggerInterface|null
+     */
+    private $logger;
+
+    public function __construct(DomVisitorInterface $domVisitor, int $maxInputLength, ParserInterface $parser = null, LoggerInterface $logger = null)
     {
         $this->domVisitor = $domVisitor;
         $this->maxInputLength = $maxInputLength;
         $this->parser = $parser ?: new MastermindsParser();
+        $this->logger = $logger;
     }
 
     /**
@@ -72,6 +79,19 @@ public static function create(array $config): SanitizerInterface
     }
 
     public function sanitize(string $html): string
+    {
+        $sanitized = $this->doSanitize($html);
+
+        if ($this->logger) {
+            $this->logger->debug('Sanitized given input to "{output}".', [
+                'output' => mb_substr($sanitized, 0, 50).(mb_strlen($sanitized) > 50 ? '...' : ''),
+            ]);
+        }
+
+        return $sanitized;
+    }
+
+    private function doSanitize(string $html): string
     {
         // Prevent DOS attack induced by extremely long HTML strings
         if (mb_strlen($html) > $this->maxInputLength) {

src/SanitizerBuilder.php

@@ -12,8 +12,10 @@
 namespace HtmlSanitizer;
 
 use HtmlSanitizer\Extension\ExtensionInterface;
+use HtmlSanitizer\Parser\ParserInterface;
 use HtmlSanitizer\Visitor\ScriptNodeVisitor;
 use HtmlSanitizer\Visitor\StyleNodeVisitor;
+use Psr\Log\LoggerInterface;
 
 /**
  * @author Titouan Galopin <galopintitouan@gmail.com>
@@ -27,11 +29,31 @@ class SanitizerBuilder implements SanitizerBuilderInterface
      */
     private $extensions = [];
 
+    /**
+     * @var ParserInterface|null
+     */
+    private $parser;
+
+    /**
+     * @var LoggerInterface|null
+     */
+    private $logger;
+
     public function registerExtension(ExtensionInterface $extension)
     {
         $this->extensions[$extension->getName()] = $extension;
     }
 
+    public function setParser(?ParserInterface $parser)
+    {
+        $this->parser = $parser;
+    }
+
+    public function setLogger(?LoggerInterface $logger)
+    {
+        $this->logger = $logger;
+    }
+
     public function build(array $config): SanitizerInterface
     {
         $nodeVisitors = [];
@@ -54,6 +76,6 @@ public function build(array $config): SanitizerInterface
         $nodeVisitors['script'] = new ScriptNodeVisitor();
         $nodeVisitors['style'] = new StyleNodeVisitor();
 
-        return new Sanitizer(new DomVisitor($nodeVisitors), $config['max_input_length'] ?? 20000);
+        return new Sanitizer(new DomVisitor($nodeVisitors), $config['max_input_length'] ?? 20000, $this->parser, $this->logger);
     }
 }

tests/LoggedSanitizerTest.php

@@ -0,0 +1,31 @@
+<?php
+
+/*
+ * This file is part of the HTML sanitizer project.
+ *
+ * (c) Titouan Galopin <galopintitouan@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Tests\HtmlSanitizer;
+
+use HtmlSanitizer\SanitizerBuilder;
+use PHPUnit\Framework\TestCase;
+use Psr\Log\LoggerInterface;
+
+class LoggedSanitizerTest extends TestCase
+{
+    public function testLoggedSanitizer()
+    {
+        $logger = $this->createMock(LoggerInterface::class);
+        $logger->expects($this->once())
+            ->method('debug')
+            ->with('Sanitized given input to "{output}".', ['output' => 'Hello']);
+
+        $builder = new SanitizerBuilder();
+        $builder->setLogger($logger);
+        $builder->build([])->sanitize('<div>Hello</div>');
+    }
+}