Guessing query strings should err on being conservative

src/DataBuilder.php

@@ -760,29 +760,9 @@ public function scrub(&$data, $replacement = '*')
         }
 
         if (is_array($data)) { // scrub arrays
-
             $data = $this->scrubArray($data, $replacement);
         } elseif (is_string($data)) { // scrub URLs and query strings
-
             $query = parse_url($data, PHP_URL_QUERY);
-
-            /**
-             * String is not a URL but it still might be just a plain
-             * query string in format arg1=val1&arg2=val2
-             */
-            if (!$query) {
-                parse_str($data, $parsed);
-                $parsedValues = array_values($parsed);
-
-                /**
-                 * If we have at least one key/value pair (i.e. a=b) then
-                 * we treat the whole string as a query string.
-                 */
-                if (count(array_filter($parsedValues)) > 0) {
-                    $query = $data;
-                }
-            }
-
             if ($query) {
                 $data = str_replace(
                     $query,
@@ -791,7 +771,6 @@ public function scrub(&$data, $replacement = '*')
                 );
             }
         }
-
         return $data;
     }
 

tests/DataBuilderTest.php

@@ -247,7 +247,7 @@ private function scrubJSONNumbersProvider()
                 array(
                     'sensitive'
                 ),
-                'b=%5B1023%2C1924%5D'
+                'b=[1023,1924]'
             )
         );
     }
@@ -277,7 +277,7 @@ private function scrubRecursiveDataProvider()
                 'non sensitive data 2' => '456',
                 'non sensitive data 3' => '4&56',
                 'non sensitive data 4' => 'a=4&56',
-                'non sensitive data 6' => 'baz&foo=bar',
+                'non sensitive data 6' => '?baz&foo=bar',
                 'sensitive data' => '456',
                 array(
                     'non sensitive data 3' => '789',
@@ -298,8 +298,8 @@ private function scrubRecursiveDataProvider()
                 'non sensitive data 1' => '123',
                 'non sensitive data 2' => '456',
                 'non sensitive data 3' => '4&56',
-                'non sensitive data 4' => 'a=4&56=', // this is a weird edge case
-                'non sensitive data 6' => 'baz=&foo=xxxxxxxx',
+                'non sensitive data 4' => 'a=4&56',
+                'non sensitive data 6' => '?baz=&foo=xxxxxxxx',
                 'sensitive data' => '********',
                 array(
                     'non sensitive data 3' => '789',
@@ -318,7 +318,7 @@ private function scrubFlatStringDataProvider()
     {
         return array(
             // $testData
-            http_build_query(
+            '?' . http_build_query(
                 array(
                     'arg1' => 'val 1',
                     'sensitive' => 'scrubit',
@@ -329,7 +329,7 @@ private function scrubFlatStringDataProvider()
                 'sensitive'
             ),
             // $expected
-            http_build_query(
+            '?' . http_build_query(
                 array(
                     'arg1' => 'val 1',
                     'sensitive' => 'xxxxxxxx',
@@ -343,7 +343,7 @@ private function scrubRecursiveStringDataProvider()
     {
         return array(
             // $testData
-            http_build_query(
+            '?' . http_build_query(
                 array(
                     'arg1' => 'val 1',
                     'sensitive' => 'scrubit',
@@ -357,7 +357,7 @@ private function scrubRecursiveStringDataProvider()
                 'sensitive'
             ),
             // $expected
-            http_build_query(
+            '?' . http_build_query(
                 array(
                     'arg1' => 'val 1',
                     'sensitive' => 'xxxxxxxx',
@@ -380,7 +380,7 @@ private function scrubRecursiveStringRecursiveDataProvider()
                 array(
                     'non sensitive data 3' => '789',
                     'recursive sensitive data' => 'qwe',
-                    'non sensitive data 3' => http_build_query(
+                    'non sensitive data 3' => '?' . http_build_query(
                         array(
                             'arg1' => 'val 1',
                             'sensitive' => 'scrubit',
@@ -407,7 +407,7 @@ private function scrubRecursiveStringRecursiveDataProvider()
                 array(
                     'non sensitive data 3' => '789',
                     'recursive sensitive data' => '********',
-                    'non sensitive data 3' => http_build_query(
+                    'non sensitive data 3' => '?' . http_build_query(
                         array(
                             'arg1' => 'val 1',
                             'sensitive' => 'xxxxxxxx',