Label Scanner

Label scanner module scans webform labels for specific words and sends/displays a report or a notification in the UI if a webform label contains any of the specified words (referred to as *restricted words*).

The site administrator can configure:
* The list of of words to scan for.
* Notification method: either email or message displayed in UI (in the webform edit UI).
* Scanning method (drush, cron, at time of creation/modification of webform component).

This module was implemented to verify that the information collected through webforms respects confidential information policies. It was intended to scan existing webforms and newly created ones and send notifications to inform administrators of webforms which collect confidential data such as credit card number, social insurance number (SIN) or birth date... But this module can be used for other purposes.

For Installation, Configuration and Usage documentation see the README file.

This module is different from other modules which scan or perform validation (such as Restrict Abusive Words) in that it scans the labels and not the text submitted through the form.

Design and Implementation

This section describes the design and code's structure.

The main goals were:

• to provide a clear interface, with coherent classes, were each class has a specific responsibility.
• to be easily extensible.
• write unit testable code.
• decouple the domain logic from Drupal.

LabelScannerDataMapper Class

The LabelScannerDataMapper object is responsible for mapping any settings / configuration data to corresponding objects. For example, users with the 'administer label scanner' permission can configure, through the admin interface, validation settings such as the list of restricted labels. The LabelScannerDataMapper retrieves these settings and creates a validator object. Same applies to the notification settings. LabelScannerDataMapper also creates the LabelScanner object.

LabelScanner Class

The LabelScanner object is responsible, as it's name implies, for scanning a component's labels. Given implementations of a validator and a component, it checks if the component's label is valid. It implements the SplSubject interface to implement the Observer Design Pattern. LabelScanner is the subject, to which notifications can be attached. (Notifications are the observers.)

EmailNotification class

The EmailNotification object is responsible of sending email notifications. It implements the SplObserver (see Observer Design Pattern) and should be attched to the LabelScanner which is the subject.

WebformComponent class

The WebformComponent object implements the ComponentInterface and is responsible for accessing component's data. It is passed to the LabelScanner during validation.
LabelScanner::isValid(ComponentInterface $component)

RestrictedWordValidator class

RestrictedWordValidator class implements the ValidatorInterface and is responsible for performing validation on a string. In our case the string is the Webform label.

To extend module's functionality

To extend the functionality of the module one can:

• add different types of notifications by implementing the SplObserver interface
• add different types of validation by adding a validation class which implements the ValidatorInterface
• scan different types of components by adding a component class which implements the ComponentInterface

Adding different types of notifications, components or validation will also require modifications to the admin UI and to the LabelScannerDataMapper which retrieves configuration settings and instantiates corresponding classes.